MeshU Workshops: Toronto, May 17th

MeshU: May 17th, 2010 - Toronto, Canada

MeshU – short for “Mesh University” – takes place on Monday, May 17th at the MaRS Collaboration Centre (101 College Street, just east of University). It’s a series of workshops for web designers, developers and “suits” that takes place the day before the Mesh Conference (“Canada’s Web Conference”) and will feature 12 workshops divided into “Design”, “Development” and “Management” streams delivered by people with real-world startup/tech business experience.

I’ll be there, as both an attendee furiously taking notes (which I’ll post here) as well as a representative of Microsoft Canada and Silverlight, who are MeshU’s event partners.

Keynote: Bill Buxton

Keynote: Bill Buxton

Bill Buxton, Principal Researcher at Microsoft Research, human-computer interaction guru extraordinaire and fellow alumnus of Crazy Go Nuts University, will deliver the morning keynote. Every presentation I’ve ever seen him do has always inspired me and given me at least three new ideas, and I expect that this one will be no different. He’s an intelligent, engaging and interesting speaker – don’t miss your chance to see him live!

MeshU Sessions

Here are the MeshU sessions:

Registering for MeshU

Alas, the $49.00 student tickets for MeshU are sold out. Here’s what remain:

  • Regular tickets: CAD$289.00 each
  • “Friends of MeshU” sponsorship: CAD$1000 each – with this, you get:
    • 1 regular ticket
    • 1 student ticket
    • Your logo on the MeshU site and at the event
  • “Really Good Friends of MeshU” sponsorship: CAD$2000 each — with this, you get:
    • 2 regular tickets
    • 2 student tickets
    • Your logo on the MeshU site and at the event
    • A table at the event

To register for MeshU, go to the MeshU registration page.

This article also appears in Canadian Developer Connection.


My Interview at MeshU

No tech workshop is complete without a little goofing around on an accordion, and I certainly didn’t want the MeshU day of workshops (which preceded the Mesh Conference) to be incomplete. I did a quick interview with Anita Kuno in which I performed a classic computer programmer song parody and promoted The Empire, which you can see in the video below:


My Afternoon at MeshU

This article also appears in Canadian Developer Connection.

I caught the afternoon sessions of MeshU, the day of workshops that precedes the Mesh Conference. MeshU had three tracks – Design, Development and Management – and I chose to attend the sessions in the Development track.

Leigh Honeywell at her presentation at MeshU

Leigh Honeywell on Writing Secure Software

First up was HackLabTO cofounder Leigh Honeywell, (pictured on the right) whose presentation was titled Break It to Make It: Writing (More) Secure Software. She works at the MessageLabs subsidiary of Symantec, which makes security products for email systems, and before that, she worked as an independent security consultant. Simply put, security is both her job and her hobby.

Leigh provided an informative and entertaining summary of the most common security vulnerabilities in applications and the recommended best practices for writing secure apps. Here’s a photo of her slide showing OWASP’s ten principles that you should follow in order to write secure applications:

"10 Principles" slide from Leigh Honeywell's security presentation at MeshU 2009

The ten principles are:

    1. Minimize attack surface area
    2. Establish secure defaults
    3. Least privilege
    4. Defense in depth
    5. Fail securely
    6. Don’t trust services
    7. Separation of duties
    8. Avoid security through obscurity
    9. Keep security simple
    10. Fix security issues correctly

She also covered what OWASP considers to be the current top ten vulnerabilities:

    1. Cross-site scripting
    2. Injection flaws
    3. Malicious file execution
    4. Insecure direct object references
    5. Cross-site request forgeries
    6. Information leakage / improper error handling
    7. Broken authentication and improper error handling
    8. Insecure cryptographic storage
    9. Insecure communciations
    10. Failure to restrict URL access


At the end of her presentation, Leigh listed a couple of books that she considered to be valuable security references. One of them was Writing Secure Code, Second Edition, written by Michael Howard and Steve Lipner and published by Microsoft Press.

This was a surprise to many people in the audience, the majority of whom were not building apps on Microsoft technologies and generally (and often mistakenly) think of the term “Microsoft” being synonymous with “insecure”. A number of people chatted with me after the presentation and it seemed like this was one of many things from Microsoft that caught them by surprise, along with other unexpected things including the MS-PL license, CodePlex and the Open Source Lab, the new emphasis on standards and interoperability…and hey, even taking on “unlikely” evangelists such as David Crow and me.

Here’s her slide deck:

Pete Forde Does the iPhone Dance

Next was Pete Forde, one of people behind the development shop Unspace and the RubyFringe and FutureRuby conferences. He started his presentation, Is That an iPhone in Your Pocket, or are You Just Happy to See Me?, with a Napoleon Dynamite-esque dance number set to the tune of Start the Riot by Atari Teenage Riot. Here’s the video of the dance that Leigh Honeywell shot:

And here’s the video that I shot:

Pete’s presentation covered the options that developers have when building iPhone apps. For the curious, here’s the deck he used:

The one thing that he wanted you to take away from his presentation is, in his own words:

Consider iPhone web applications and side-stepping the iTunes Application Store (and their 30% gross cut) completely.

The one thing that I took away from the presentation (in addition to the one above) was that it’s not all smiles and sunshine in iPhone development land. Yes, the iPhone provides an excellent user experience and the App Store has been a hit with the customers and many developers. However, a good chunk of Pete’s presentation was about how some of the biggest obstacles for iPhone developers come from Apple itself; I’ve heard that there were similar grumblings at an iPhone developer meetup that took place later in the week. I think that there are some things that Windows Mobile developers (and the Windows Mobile team at Microsoft) can learn from these obstacles, and I’m going to write about them in a later article.

Chris Wanstrath and the Story of GitHub

Chris Wanstrath The final presentation of the afternoon, Building a Business with Open Source, was given by Chris Wanstrath of GitHub, a hosting service for software repositories created with the Git distributed version control system. There are a number of open source projects hosted on GitHub, including one you might not expect: Microsoft’s very own IronRuby.

Chris explained that GitHub was an answer to a problem that he and his friends had: they were working on a number of open source projects, so many that managing them was “beginning to wear them down”. GitHub was created as a solution to that problem: it took care of the tedious parts of source code management so that they could focus on their code.

Although GitHub hosts a number of open source projects and uses Git, which is open source, it is not open source. Chris explained that managing an open source project takes up more time that he or the others on the team have. “Ironically,” he said, “starting GitHub has given me less time to work on open source.” After hinting at his dissatisfaction with the GNU General Public License, an audience member asked "Does the GPL cause you nightmares?"

“Yes,” he replied, after which he endorsed his preferred open source license. “MIT license all the way,” he said.

Octocat, GitHub's mascot To promote GitHub, they took an approach that was closer in spirit to evangelism than standard marketing. “Companies still believe in old-school advertising, and they also think that what works offline works online,” he said. So they rely on the standard offline methods of promoting their wares: advertisements and marketing campaigns. In the online world, people trust their peers, so they opted for an approach that he called “guerilla marketing”: instead of spending money on ads, they spent money to hang out with developers, buy them beer and pizza and provide “a human face” to GitHub. He summed up the approach with a good one-liner: “Who knew that actually spending time with your customers would be good for business?" A great point, especially in today’s word-of-mouth-y, interconnected world.


Mesh Conference (April 7 – 8) and MeshU (April 6)


The schedule for the 2009 Mesh Conference, “the little Canadian web conference that could”, has been posted. Mesh takes place on April 7th and 8th at the MaRS Collaboration Centre in downtown Toronto and is preceded by MeshU workshop event on April 6th.

Friends of mine who’ll be presenting at MeshU include:

There are a number of presentations by other folks at MeshU – go look at the schedule to see which ones appeal to you.

As for Mesh itself, there will be keynotes over its two days by the following people:

A few people I know will be doing presentations at Mesh:

For more details, see the Mesh schedule.

Registration for Mesh costs CAD$492.50; registration for MeshU costs CAD$289.00.