Scott McAllister
Principal Developer Advocate at ngrok
Seattle, Washington, United States
Actions
Scott McAllister is a Developer Advocate for ngrok. He has been building web applications in several industries for over a decade. Now he's helping others learn about a wide range of web and infrastructure technologies. When he's not coding, writing or speaking he enjoys long walks with his wife, skipping rocks with his kids, and is happy whenever Real Salt Lake, Seattle Sounders FC, Manchester City, St. Louis Cardinals, Seattle Mariners, Chicago Bulls, Seattle Storm, Seattle Seahawks, Seattle Reign FC, St. Louis Blues, Seattle Kraken, Barcelona, Fiorentina, Borussia Dortmund or Mainz 05 can manage a win.
Links
Area of Expertise
Topics
What the Heck is HTTP?
You see it on the front of URLs. You know that it's important to APIs. When you write applications that are connecting to services on other machines you're using it. So you're likely using it in everything you build. But, what the heck is HTTP, really?
In this talk, we'll dive into the mechanics of HTTP starting from requests & responses, diving into nouns & verbs, and going deep into the mechanics of how authentication works over the protocol. Come join us as we learn all about something that most of us use everyday.
Simple Ways to Make Webhook Security Better
Webhooks are a simple and powerful way for services to notify each other that something interesting has happened. So much so that it became the most popular mechanism for communicating events. While webhooks give us power and flexibility, they rely heavily on the listener to enforce security. In this session, we will learn the most common, interesting, and challenging patterns across 100+ webhook implementations, and learn some simple ways to make webhook security better (for providers and consumers).
Configure Ingress and OAuth with ngrok
There can be a lot of moving pieces when providing ingress to your cluster. From SSL, to load balancing, to DNS you could be dealing with several controllers that depend on one another to deal with outside traffic. ngrok can help wrangle the complexity of ingress, decouple your ingress settings from the environment your application is running, and even go beyond traditional ingress and allow you to embed OAuth for your cluster right in your ingress configuration. In this workshop we’ll utilize the ngrok ingress controller for Kubernetes to configure ingress to a cluster with multiple paths and implement OAuth for one of the services.
Building Ingress in Kubernetes and Consul with ngrok
Consul and Kubernetes provide a scalable and highly resilient platform for microservices. ngrok provides a secure and robust ingress platform that handles external connections to your cluster and offers middleware functionality that includes things like OAuth in your ingress configurations.
At first glance, ingress is an easy concept: you route traffic from the wider world into your cluster. As you layer on SSL and load balancing, the principles stay the same and everything works with minimal thought and effort. But as your infrastructure grows, your clusters grow, the interactions get more complex, and your security requirements explode.
In this session, I’ll walk you through how we designed and built an Ingress Controller and have converted our clusters to use it in production to support millions of requests. It wasn’t easy but running it as an open source effort from the start encouraged our team and customers to review, explore, and consider situations outside our original plans.
Building Ingress - From Concept to Connection
At first glance, ingress is an easy concept: you route traffic from the wider world into your cluster. As you layer on SSL and load balancing, the principles stay the same and everything works with minimal thought and effort. But as your infrastructure grows, your clusters grow, the interactions get more complex, and your security requirements explode. In this session, I’ll walk you through how we designed and built an Ingress Controller and have converted our clusters to use it in production to support millions of requests. It wasn’t easy but running it as an open source effort from the start encouraged our team and customers to review, explore, and consider situations outside our original plans.
Modules, Loops and More: How to Scale with Terraform
Terraform has become vital to your team's workflow for managing your infrastructure. However, as your infrastructure has grown your code has become more complex, needlessly messy, and harder to manage.
In this talk, we explore ways to simplify your infrastructure code even while you add more resources to your infrastructure. We'll dive into advanced features in Terraform such as modules, workspaces, for_loops, and data sources to build reusable, scalable infrastructure. By the end of this talk, you will be able to recognize these features, know when to use them, and how to implement them to scale your Terraform code in a clean, reliable, and efficient way.
Client-side OAuth with PKCE
The OAuth standard has been around for a while, but traditionally it has required a back-end server to hold a client secret, well, secret. Until now! By supporting Proof Key for Code Exchange, or PKCE, OAuth flows can now be accomplished entirely in the client--and still be secure. In this talk we begin the standard three-legged flow that utilizes the traditional client secret and then introduce the PKCE technique that relies on a code challenge instead. By the time you leave, you will understand how to implement it in your client applications and the benefits for doing so.
Reduce System Fragility with Terraform
As infrastructure stacks grow increasingly more complex and involve an ever-growing number of services and systems there are a lot of opportunities for error and misconfiguration. To provide more system stability teams have looked to abstract configuration to its own layer of code. This concept of configuring infrastructure as code is gaining traction throughout the industry for a variety of reasons. It's fast, consistent, reduces errors, self-documentation, and did I mention it's fast? Tools such as Terraform from HashiCorp have emerged as one of the leading ways to declaratively configure technology stacks.
In this talk you'll gain an understanding of the benefits of Infrastructure as Code in general, and of using Terraform specifically. You'll be introduced to how Terraform works, what the code looks like, and how to get started.
The Software Engineer's Guide to Public APIs
You're comfortable working out of a code base. You've solved technical challenges before! But what happens when you have to reach for an API based tool? For many highly-technical engineers, public APIs are out of sight and out of mind. In this talk, we'll cover a range of mechanisms, from OAuth to Webhooks, that you're likely to encounter when building with a public API. You'll leave with a newfound understanding and appreciation of public APIs, ready to go forth and connect all of the things!
Built-In Testing in Go is More Than Just Passable
Testing is vital to any software project. Automated tests help improve confidence in code changes as you increase project velocity. Finding the right tools and libraries can be an arduous process. And, in most languages, adding testing means adding a pile of new dependencies to the project. But, have you ever tried the tools built right into the language? One of the beauty's of the Go programming language is built with productivity in mind. The creators of the language have included many tools that make developers productive--including a robust testing framework. Come see how easy it is to get started with Go's testing library and see many of the features that will keep you using it in all your projects.
Building Command-Line Applications with OAuth in Node
Node provided a way to bring JavaScript out of the browser and on to server and desktop. In addition to building web applications, now you can build command line interface applications using JavaScript! Come explore some tools and libraries that will help you in your development, and even learn how to complete an OAuth flow from the command line.
Flexbox + CSS Grid = Awesome!
The traditional 'box' layout model was designed to layout documents, not apps. Many hours have been lost endlessly tinkering with the positioning of HTML elements, but the joy at achieving perfect alignment is short-lived. Everything looks great until the page is loaded on a mobile device, and it looks like you threw things on a page from across the room. There's a better way!
In this talk I will teach you about the flexbox layout model and CSS grid. We will cover these concepts at a high level, discuss why they are a better approach, and I will show you how to use them effectively. Used in tandem, these widely supported techniques can make your pages responsive, more accessible, and easier to build.
Scott McAllister
Principal Developer Advocate at ngrok
Seattle, Washington, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top