Xamarin Evolve 16 – Conference Day 1

Day 1 of the Xamarin Evolve 2016 conference is a wrap! It was a full day for me… It started at 6:15am for the Mini-Hack 5k run, organised by Craig Dunn. A bunch of Evolve attendees went for a leisurely run in the area, thereby unlocking the first Evolve Mini-Hack.

Keynote

After a refreshing shower and some breakfast, it was finally time for the keynote. The one impression I had after this keynote is: Xamarin is on fire! The keynote was huge. A big stage, an enormous screen and 1700+ excited people in the room anticipating what Xamarin would be announcing.

I made a sketch note out of my personal highlights:

FullSizeRender 10

A lot of topics were covered. I want to share the ones that stood out to me:

open.xamarin.com
The Xamarin team has been working hard to release the Xamarin platform and its surrounding frameworks as Open Source Software on Github. This morning it was released to the public. You can find it via open.xamarin.com, or directly on GitHub. This must be a breakthrough moment for Miguel! Congratulations to the whole team for this achievement, and thank you for being such strong believers in OSS.

FullSizeRender 11

It made sense that Xamarin was closed source when it was their bread & butter. But now at Microsoft, with their fresh new attitude towards open source, it’s great to see Xamarin added to that array of OSS products and frameworks.

FullSizeRender 13

Xamarin Studio 6 Release Candidate
The Release Candidate for the latest version of Xamarin Studio is available now in the Beta channel. This is a very nice release, which features a Dark Theme, a complete visual overhaul to fit with the UX guidelines for OS X El Capitan and built-in Roslyn support. I’ve been working with the preview version on and off and it has matured a lot. I really like the new polished look and the more stable code editor thanks to Roslyn. One of the most notable changes is the Broken State Support, so that IntelliSense doesn’t blow up if there’s a syntax error a few lines above.

iOS Simulator for Windows
The new iOS Simulator was already presented briefly in the //build/ keynote by Miguel. However today Miguel showed how pen pressure input on a Surface Pro running the simulator is passed through to the iOS Simulator which runs on a Mac somewhere in the network.

Xamarin.Forms
The cross platform UI framework, Xamarin.Forms, is becoming more and more mature. This update brings support for so-called DataPages: a ready built and styled set of views that you can feed Azure Mobile Services data or local storage of JSON data. This is a higher level abstraction that lets you set up data driven pages very quickly, but I’m not sure how suited this is for production scenario’s. There is no MVVM in play – at least not for the developer, maybe behind the scenes – to tweak the behaviour. And you know me when it comes to abstractions… 🙂

A feature I did like *a lot* is the ability to drop in a native UI control directly into a Forms layout hierarchy. It’s called Xamarin.Forms Native Embedding. So you can now add a native Floating Action Button to your Android app without the hassle of writing a Renderer, etc.

And then…

The Xamarin Forms Previewer is a built in player for your Xamarin.Forms markup code that gives you Gorilla Player like direct feedback inside Xamarin Studio while you’re editing your pages. This is so awesome, because it speeds up the development cycle tremendously! Definitely one of my favourite announcements from the keynote and Nina Vyedin did a great job presenting it.

Xamarin Workbooks
Miguel already talked about Xamarin Workbooks at //build/ and he showed us how the tool is progressing. Workbooks is a fantastic tool for teaching and communicating about code. My pal Marco already alluded to this in his blog: it’s a nice visual way to teach children to code for example. I’ve been doing some classes for the Dutch “hour of code” initiative called CodeUur.nl and I’m thinking about using Workbooks as a tool for that. In any case, it’s clear from the keynote that Workbooks is Miguel’s favourite project at the moment. And rightfully so.

HockeyApp, Insights and Test Cloud Live!
After the Microsoft acquisition, the mobile DevOps toolset at Microsoft is pretty complete. As became clear in the Keynote, Xamarin Insights will merge into HockeyApp to become a compelling tool for deploying and monitoring apps. Donovan Brown from Microsoft came on to rub some DevOps on all of this and walked us through those tools.

The keynote ended with a sweet “one more thing” moment: the announcement of Test Cloud Live. Wow! Ever had your app crash on some obscure device and had a hard time tracking down that bug? Well, now you can attach your debugger to that device in the Xamarin Test Cloud and start debugging your app! Mind blown!

giphy

Bear in mind that you’re debugging over a network connection to a device that sits in the Xamarin Test Cloud device center in Denmark, and the technology is early preview, but this is so promising!

I was amazed by all the announcements, especially how fast Xamarin was able to open source all of their stuff and release the new goodies.

Breakout sessions

For the breakout sessions, I mainly looked for sessions that were not so much technical, but more inspirational to get some nice new ideas.

Contextual CommunicationBrent Schooley
Brent is from Twilio, who are experts in communication technology, but he did a great job not making this talk about Twilio. Instead, I found this an inspiring talk about improving and modernising business communication.

FullSizeRender 7

The main 4 tenets he highlighted are that communications should be:

  • Contextual: what do you already know about the user/customer? Context matters to make communication more personal and …
  • Streamlined: if you can leverage context, you can get down to the point quickly and make conversations as short as possible
  • Secure: again, if you leverage context and what you already know about a user, you don’t have to communicate that information again every time. This saves you from exposing security or privacy sensitive information.
  • Medium of Choice: the customer must be able to choose his/her medium of choice. So an app cannot be the only option. Some people prefer to call or use chat.

Brent demonstrated this with an inspiring demo-app where he started a call from inside a fictitious airline app, and had information (context) exchanged automatically into the app during the conversation to get through a transaction in a streamlined manner. He then used TouchID to verify the customer’s identity to finalize the transaction (secure).

He also covered the new “Bots” trend. With Microsoft’s new Bot Framework and Cognitive Services, we can build interesting things to make these conversations as contextual, streamlined and secure as possible and reuse that across different media. It remains to be seen if 2016 will indeed be the year of the Bot.

I really enjoyed Brent’s talk; he definitely made me think about interesting use cases to improve communications by looking beyond “an app for one single process”. This is what I will focus on at Xpirit for our Mobile strategy.

Clicking on the Real World with iBeacon – Jim Bob Bennett
Similar to the previous session, this session also worked as an inspirator for me to look beyond that one app on the device that your user interacts with. iBeacons are a great way to make the physical world your interface. For example: as I walk into a Starbucks, using iBeacon, they can recognise that I’m entering the shop and know which coffee they have to make so I can walk right up to the counter and pick up my double espresso and pay with my credit card linked to my Starbucks account. Cool. Jim Bob showed how to do this with the iOS CoreLocation API’s.

Unfortunately I had to leave the iBeacon session early, to be in time for my DevOps discussion panel at the Mobile Leaders Summit.

The Future of Connected Devices with Philips hue – Eric Shapiro, Sait Izmit, Mike James
To be honest, I was a bit disappointed with this session, as it was mainly a product placement session for Philips hue, driven by videos instead of much substance. The interesting part for me was Mike’s part in this case, where he showed how to develop against the hue bulb using the Q42.HueApi SDK.

FullSizeRender 6

Adventures in PerformanceMark Probst
This session was a deep dive on the way Xamarin does their performance benchmarking. It was a little bit different than I had expected, but interesting and entertaining nonetheless. I really appreciated Xamarin’s transparency: Mark spoke about some of the challenges they had in the Garbage Collector and the experimental ways they are trying to improve performance and bringing down GC pauses. Really some clever stuff!

FullSizeRender 14.jpg

No big lessons here, except appreciation of Xamarin’s transparency and respect for the smart guys working on the Mono runtime.

Xamarin Party!

In the evening, we celebrated Xamarin Evolve 16 at the Wizarding World of Harry Potter theme park. We took all the rides, including the crazy intense roller coaster and the big splash over in Jurassic Park. The food and the vibe were awesome!

I didn’t get to take many pictures, but there’s a lot of that going around on the #XamarinEvolve Twitter feed.

I’ll leave you with some inevitable food pics and some from the party 🙂

Dumplings #food #xamarinevolve

A post shared by Roy Cornelissen (@roycornelissen) on

Golden Snitch popsicles #food #xamarinevolve

A post shared by Roy Cornelissen (@roycornelissen) on

Jurassic Park! #XamarinEvolve

A post shared by Roy Cornelissen (@roycornelissen) on

T-Rex #xamarinevolve

A post shared by Roy Cornelissen (@roycornelissen) on

Advertisements

Xamarin Evolve 16 – Training Day 2

Time flies! The second day of training at Xamarin Evolve is over already and I just came back from the awesome opening party in the Darwin Lounge.

The main conference starts tomorrow. I’m honored to be on stage with some industry giants at the Evolve Mobile Leaders Summit track in a panel discussion about The Unique Challenges of Mobile DevOps. But that’s tomorrow!

About today: before the training, the day started at 6:15am (!) with a 5k test run with for the first Mini-Hack tomorrow morning. I spot an orange Xpirit T-shirt 🙂

The training part was another intense day from 9am-6pm, but it was a good day. I’d say the content of today was a bit better and deeper than what we learned yesterday, at least for me personally. We covered three major topics:

Securing local data
This part was all about dealing with data locally on the device, especially sensitive data in terms of privacy and security. We had a look at what the Xamarin.Auth component has to offer for local storage of sensitive data. This component (you can find it on GitHub and on Nuget) uses the platform specific facilities for storing data in a secure container, i.e. the KeyChain on iOS and a secure KeyStore inside the app’s sandbox on Android.

Be sure to get the latest 1.3.0 version of the Xamarin.Auth component though, as this is a bait-and-switch PCL library that also offers support for the Windows platform, whereas the older 1.2.x version doesn’t.

warning-stamp.png

There’s one caveat with the Xamarin.Auth component though… The KeyStore file on Android is locked with a hard coded password. The Android app in one of my previous projects was actually flagged in a security audit because they extracted the Xamarin.Auth DLL, decompiled it and found the hard coded key. Pretty iffy, because this means that the KeyStore data in every app that uses this library can be easily opened and read by extracting the file from the sandbox and using the key that’s publicly available on GitHub!

I made a pull request about 2 years ago that fixes this problem, at least in a way that you can provide your own key. But somehow Xamarin didn’t get around to merge it yet, so the vulnerability was still there, also in the 1.3.x version. The funny thing was that as we were doing the training, one of the Xamarin developers was actively working on this component. We pulled him into the training, explained the problem and he immediately went to work to see if he could merge my fix. How awesome!

FullSizeRender 4.jpg
How awesome is this: Xamarin Developer DNA… everyone could add their own string, picking the pegs that fit with their preference. The result is this awesome, unique “Xamarin DNA” sequence. A work of art!

The other part of this chapter was about the awesome PCL.Crypto component. This component is also a bait-and-switch PCL library, which means that the PCL portion contains nothing more than the API definitions for your shared code to compile against (the bait), but uses the actual device specific implementation at runtime (the switch). This means that PCL.Crypto can use the platform specific crypto API’s developed by Google, Apple and Microsoft themselves instead of relying on its own security implementation. Much the same as the Xamarin.Auth component solves its local storage issues. For developers familiar with the WinRT crypt API’s for example, there is a special WinRTCrypto API that you can program against, but PCL.Crypto will map this to the underlying native API’s. Pretty clever. For example: a method for encrypting some data could look like this:

public static byte[] Encrypt (byte[] plainText, byte[] keyMaterial)
{
  var provider = WinRTCrypto.SymmetricKeyAlgorithmProvider
    .OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7);

  var key = provider.CreateSymmetricKey(keyMaterial);
  var IV = WinRTCrypto.CryptographicBuffer.GenerateRandom(16);
  var cipher = WinRTCrypto.CryptographicEngine.Encrypt(key, plainText, IV);

  var cipherText = new byte[IV.Length + cipher.Length];
  IV.CopyTo(cipherText, 0);
  cipher.CopyTo(cipherText, IV.Length);

  return cipherText;
}

PCL.Crypto can be used quite easily in combination with Xamarin.Auth to encrypt or hash data before storing it. At least as long as your app is using the not-so-secure version of Xamarin.Auth – with the hard coded key – using something like PCL.Crypto to secure the values that go into the secure storage is a real necessity! But it’s good practice to do it anyway.

OAuth
Next we went into OAuth for authorizing access to an API from a mobile app. OAuth in itself is a pretty broad topic and enough to fill tens of blogposts. One of the important points here is that for mobile apps, basically there are only two OAuth flows that are really usable:

Screen Shot 2016-04-26 at 22.50.26

The Implicit flow or the Authorization Code flow. The other flows aren’t really suitable for mobile apps (or browser apps involving JavaScript code), since this means that there will be client secrets hidden inside the app, and they involve dealing with a user’s password in the app itself instead of handing that off to an Identity Provider. The Client Credentials flow is typically used for service-to-service communication, usually on behalf of the user.

Xamarin.Auth provides some nice API’s to easily initiate a login sequence, using a web view that follows all the redirects that are part of the OAuth flow, to obtain an access token (or authorization code).

Memory Management Issues
The most interesting part of today was about diagnosing and dealing with Memory Management Issues. I actually learned a lot about how both the Xamarin.iOS and Xamarin.Android frameworks work in terms of memory allocation. It’s important to understand that in both cases, you are always dealing with native objects, managed peers and a binding layer in between, provided by Xamarin. At least, for those objects that are actual native platform classes.

Under the hood, there are some intricacies to be aware of. For example: in order for iOS’s reference counting mechanism to work, you have to be very careful to release references to native objects, for example by making sure to always unsubscribe from event handlers. For Android, it’s important to realise that you’re working with two Garbage Collectors: the Mono one and the one in the Android Java VM. There are a lot of details, but there is some nice guidance up on the Xamarin Developer site about this [iOS] [Android].

You can prevent a lot of memory issues by following a couple of important guidelines. Also the Xamarin Profiler is a great tool for diagnosing possible memory leaks.

Lots of excitement for the opening of the Darwin Lounge at #XamarinEvolve

A post shared by Roy Cornelissen (@roycornelissen) on

 

Darwin Lounge
As for the (other) fun part of Evolve: the Darwin Lounge was opened this evening, accompanied by a huge buffet and a nice range of tasting stands for artisanal chocolate, local beers and hipster coffee 🙂 This tweet sums up how I felt this evening:

It’s no secret that I’m an avid foodie, so suffice to say that I was in seventh heaven when it comes to the food that was served here. This means that you have to sit through my Instagram food porn pictures now:

Excellent chocolate. The Phillipines one is a clear winner #food #XamarinEvolve

A post shared by Roy Cornelissen (@roycornelissen) on

 

I expected to visit a mobile dev conference but instead I've come into food discovery heaven. #XamarinEvolve #coffee

A post shared by Roy Cornelissen (@roycornelissen) on

 

Great hipster pour-over coffee at #XamarinEvolve

A post shared by Roy Cornelissen (@roycornelissen) on

 

Hmm, macarons #XamarinEvolve #food

A post shared by Roy Cornelissen (@roycornelissen) on

 

Beer tasting at #XamarinEvolve. Local beer from Orlando Brewery. Good stuff.

A post shared by Roy Cornelissen (@roycornelissen) on

 

 

So… Xamarin sure knows how to throw a party 🙂 Of course, the Darwin Lounge at Evolve is mainly about cool geek stuff and tech inspiration. There’s lots of that going on as well. Lots of IoT stuff, drones flying around, etcetera. Check out the Twitter timeline for #XamarinEvolve for a great impression of the fun things out there.

IMG_0946
Great buzz and lots of hacking going on in the Darwin Lounge
IMG_0944
These robot spiders are pretty creepy!
IMG_0943
LEGO Mindstorms, totally cool! Their official iPad app for programming the Mindstorms robot was built with Xamarin

Be sure to tune into the Evolve keynote tomorrow at 9am EST. Rumours are that it’ll be spectacular! 😉