EuroClojure 2017 - Part one

This year, I was one of the lucky winners of an opportunity grant for EuroClojure. I had high expectations going in, and these were met.

EuroClojure differs from some other tech conferences. It wasn’t only about tech talks; it was about networking, socialising, and involving people in the tech world.

Because of the greater focus on socialising, the organisers of EuroClojure put a lot of effort into making people feel comfortable at home and creating a friendly environment. Alongside the usual ‘unsessions’, they organised a social breakfast on the first day for solo attendees who wanted to meet new people, needed a guide or just felt a bit lost.

I went there alone, but I never really felt alone. Wherever I went, no matter what I was doing, someone was always coming up to me for a quick chat, whether about the conference or Italian food. I also noticed that there were a lot of women, or at least more than I remember from the previous EuroClojure.

EuroClojure took place in Berlin, which is a great city (although make sure you carry cash with you since cards aren’t widely accepted). The venue itself was a huge cinema, so you could sit in a comfortable chair with a cupholder and still see and hear perfectly.

Overall, it was a great experience, despite the A/C breaking on the first day.

Before I get too deep into this post, I want to make it clear that I won’t be discussing all the talks at the conference. This is for a variety of reasons, but the biggest is that I’m a junior developer, so there are a lot of things I don’t know and some technical talks were definitely out of my range.

I found so many of the talks interesting and useful, so instead of covering everything in one post, I’m going to start with the most exciting talks for me — the ones that taught me something new and were beginner friendly — before moving onto some more technical (but equally interesting) talks and real life experiences in later posts.

If you’re interested in all of the talks, you can find the full list videos here.

Clojure tools for Symbolic Artificial Intelligence

Author: Saul Johnson - Summary - Video - Papers and presentation

This talk was about a library that the speakers built for AI applications written in Clojure.

It started by explaining a common theme: taking a start state and moving your application to a goal state. For example, let’s say that you need to move a box from the bottom of a pile to the top of another pile. Your application knows that first, it needs to move all the boxes on top. Mind blowing!

But how does the application know that? That’s where their library comes into play. The breadth-first search takes the start state, the goal state and a transformation function. This function will receive the start state and return a sequence of successor states. By iterating through the states, I can reach my final state. For more detail on how this works, they provided some free materials.

Interesting — but I’m not going to use AI the next time I have to move home, unfortunately. So what’s a real world application for this?

We can instruct our application, giving it rules to follow so it can then make inferences. So if I teach my application that a grandmother is the mother of a mother or a father and I then tell it that Angela is my mom and Sarah is her mother, it can understand that Sarah is my grandmother. And so I can tell Siri/Cortana to remind me that tomorrow is my grandmother’s birthday without even having to use my granny’s name. Amazing, isn’t it?

Simple AND secure?

Author: Joy Clark - Summary - Video - Webapp example

In my opinion, this was a really beginner-friendly talk. It started with a nice introduction about ring and compojure to build a simple application — cool. Never thought it could be so easy to run an app with some ‘ready to cook’ libraries.

But what’s the point of building an app if it can be crashed by an unauthorised user in under five minutes? That’s where things get more interesting. A nice list of good practices and useful libraries come to help you to protect your app:

XSS - Cross-site scripting
One of the first things to do is to validate the user’s input so your app always receives something expected. It doesn’t really like surprises, especially if they’re harmful.
But what happens if someone is able to go through your validation and send a potentially dangerous script? It could be run by the client and blow up everything. But don’t worry, you only need to escape the output and translate it into HTML code. Enlive, Selmer and Hoplon are some examples of libraries that let you easily escape your output by default.

CSRF - Cross-site request forgery
These things are pretty cool but aren’t always enough. You need to protect both the client and the server sides of your app. To do that, you have to recognise the sender of a request in order to allow only applications that you really trust. Ring anti-forgery helps you by sending a secret token to the server which will block any other request.
Also, a good practice to keep a database safe from someone else’s input is to parameterise your queries in order to avoid the injection of a Bobby table.

Authentication and Authorisation
Last but not least, you have to protect your users alongside your application. What are the sections of my app accessible to everyone? Which ones are accessible only by registered users? And what happens if someone tries to access the edit profile page of a different user? That’s where Buddy comes into play. Buddy is a library that lets you create a set of rules for each route, defining which ones require authorisation and which ones require authentication.

Finally: always use HTTPS to secure your APIs!

These were just the talks I found useful from a beginner’s point of view, but I’ll be writing follow-ups on more technical talks. In the meantime, you might find it useful to watch the videos linked here and explore the other talks I haven’t mentioned yet in this blog.