GraphQL

# Tech choices
## Baking risk reduction in

---

### All the buzzwords!

* Agile/Iterative development
* User/Human-centered Design
* Devops
* Continuous Delivery

But there is a common thread that runs through them...
---

## User/Human-centered Design

>Evaluating designs with users and improving them based on their feedback provides an effective means of minimizing the risk of a system not meeting user or organizational needs <cite>ISO 9241-210:2010</cite>

---

## Agile/Iterative development

>Iteration should be used to progressively eliminate uncertainty during the development of interactive systems. Iteration implies that descriptions, specifications and prototypes are revised and refined when new information is obtained in order to minimize the risk of the system under development failing to meet user requirements. <cite>ISO 9241-210:2010</cite>

---

## Continuous Delivery

---

## Devops

>Lowering risk of change with tools and culture<cite>John Allspaw</cite>

---

### Process tools to reduce project risk
* User/Human-centered Design
* Agile/Iterative development
* Devops
* Continuous Delivery

### Technological tools to reduce risk
* React
* GraphQL
* Kubernetes/Docker/Istio
* ...

---

---

---

# .ten[![react logo](images/react_logo.svg)]

---

## Why React?

* Lets us build highly interactive _applications_ on the "Open Web Platform"
* New model for safely generating web User Interface (UI)

---

---

---
class: center, middle

### We changed the tools so that they safely handle inputs by default

---
class: middle, center
background-image: url(images/graphql-values.png)

# .ten[![GraphQL logo](images/graphql_logo.svg)]

---

# GraphQL

* Mobile first for API development
* Single round trip data fetching
* Best of breed input validation
* Supports automation and observability
* Implementations in C#/.NET, Java, JavaScript, PHP, Python, Ruby...

---

---

class: middle, center, codebg
background-image: url(images/rest-vs-graphql-output.png)

---

# .ten[![js logo](images/npm-logo.svg)]

---

### npm package manager

* main package manager for the JavaScript ecosystem
* vulnerability scanning by default every time a dependency is installed, worldwide

---

```bash
$ npm install graphql
+ graphql@14.1.1
added 2 packages from 1 contributor and audited 402 packages in 3.521s
found 0 vulnerabilities

```
---

# .ten[![js logo](images/js_logo.svg)]

---

# JavaScript

* One language across the stack: APIs, desktop apps, mobile apps
* Injection protection is part of the language

---

---

class: middle, center, codebg
background-image: url(images/injection-protection.png)

---

### Tagged Template literals in the wild: node-mssql

```javascript
const sql = require('mssql')
async () => {
	await sql.connect('mssql://username:password@localhost/database')
	const result = await sql.query`select * from mytable where id = ${value}`
	console.dir(result)
}
```

---

### Tagged Template literals in the wild: arangojs

```javascript
import { Database, aql } from "arangojs"
const db = new Database()
(async () => {
  const now = Date.now()
  const cursor = await db.query(aql`RETURN ${now}`)
  const result = await cursor.next()
  console.log(result)
})()

```

---

# .ten[![k8s logo](images/kubernetes-logo.svg)]

---

# Why Kubernetes?

* A single skillset across monoliths, microservices, VM's, serverless & containers
* Minimize cloud vendor lock-in
* Combines with Istio and Docker to create robust, scalable, observable systems

---

---

## Final thoughts

* No silver bullets: If this wasn't hard it would be fixed already.
* There are new tools that have learned from the past. Find them! Use them!
* When risk reduction is built into both tools & process, safety and speed are not in opposition.