ClojureWest 2013: Day Two Notes

Winning the War on Javascript: Bodil Stokke

  • catnip: beginners clojure editor in browser
  • originally used coffeescript because cljs was immature and hard to work with js objects
  • currently working on converting catnip to cljs
  • error: another clojurescript testing framework, built around asynchronous testing

PuppetDB: Sneaking Clojure into SysAdmins' Toolkits: Deepak Giridharaghopal

  • ops has a lot of entropy: spooky action at  distance: devs or admins logging in to one of many servers and mucking around without telling you
  • lack of predictability ruins automation and abstraction
  • problems with previous software in Ruby: not fast, only one core, mutable state everywhere, runtime compatibility a problem
  • solution: puppetdb in clojure for storing and querying data about systems
  • used CQRS: command query responsibility separation -> use different model to update then to read info
  • send commands to a /command endpoint, which queues the command for parsing and processing
  • build command processing functions as multi-methods switching off of the command and version sent
  • can also turn on live repl, to connect to running code and hack
  • queries have their own AST-based syntax; sent as json, built as vector tree
  • can ship the whole thing as a single uberjar, with built-in db, etc

Securing Clojure Web Services & Apps with Friend: Chas Emerick

  • authentication & authorization (who are you? what are you allowed to do?)
  • options: spring-security (java, not recommended), sandbar, ring-basic-authentication, clj-oauth2
  • most common: roll your own
  • wrote friend to have a common auth framework
  • uses ad-hoc hierarchies for roles
  • add workflows to specify how to authenticate a request that doesn't have authentication yet
  • friend-demo.herokuapp.com for multiple demos with source code
  • recommend using b-crypt over sha

FRP in ClojureScript with Javelin: Alan Dipert

  • event stream: sequence of values over time
  • behavior: function that updates according to changing values from event stream
  • reactive evaluation: holds off on evaluating until all values are available
  • similar to spreadsheet formula evaluation (!)
  • FRP maintains evaluation order despite lack of all values at once
  • current FRP in clojurescript: FlapJax
  • javelin: abstract spreadsheet library for reactive programming with values
  • everything contained in the "cell" macro
  • web app has single state at any point in time, contained in the "stem cell"
  • everything in app either in stem cell or derived from it

SQL and core.logic Killed my ORM: Craig Brozefsky

  • uses clojure for analysis engine looking for possible malware actions
  • core.logic engine takes observations and creates IOCs (indications of compromise) + html
  • observations: wrapper around core.logic's defrel
  • IOCs: severity + confidence, explanation, suggested remediation
  • the reasoned schemer: handed out to all their analysts to explain logic programming to them so they can use the system

Macros: Why, When and How: Gary Fredericks

  • macro: special function that takes form as argument and returns a form
  • run at compile time
  • can always be replaced by its expansion
  • when writing macros, helps to know what you want it to expand to
  • use macroexpand-1 to find out when it's going to return
  • cannot pass macro to higher-order function (not composable at runtime)
  • macros can make code harder to read; person reading code has to be familiar with macro expansion to really know what your code is doing
  • tolerated usage: defining things, wrapping code execution, delaying execution, capturing code, DSLs, compile-time optimizations (hiccup produces as much html as possible at compile time)
  • avoiding macros: get more familiar with higher-order function usage and paradigms
  • writing tolerable macros: use helper functions, naming conventions, no side effects
  • syntax-quote (backtick): like quote on steroids, gives you multiple benefits when used in a macro
Ron Toland @mindbat