Geek Meet Stockholm

January 16, 2013

This was one of the things I’ve looked forward to (As I’ve stated earlier) with Stockholm. Meeting people that work within the same industry as I do and are equally enthusiastic and passionate about coding as I am.
I’m not going to lie, being Finnish, I, even though I don’t always seem like it, generally don’t like mixing in to a social event. Not that I hate people, but more that I usually feel a bit awkward and misplaced in these kind of gatherings. So needless to say I was a bit nervous about the event, I didn’t really feel like going there alone, and thankfully, I didn’t need to. A few other of my colleagues were also going so I joined in with Esbjörn Eriksson and headed over to Valtech‘s office at around 6 PM.


My first reaction was that it was pretty cool how Valtech’s office look like, but the feeling quickly changed as more people came. About 15 minutes after our arrival there were so many people there that the place was fully cramped, and the air quality was below my threshold. A quick trip outside for fresh air and a smoke solved most of the problems.

Instead of me trying to explain what geek meet is about, I’ll just quote one of the organizers;

Geek Meet is a meet-up of web developers and other people interested in the web scene, and it’s taking place in the wonderful city of Stockholm in Sweden. It is completely free to attend, and the idea is to get a blog type friendly ambience, but in real life.

Each time there will be one or several guest speakers and discussions about certain topics. This will be accompanied by free food and drinks for your pleasure!

Robert Nyman, on the topic of geek meet

Main event, speaker John Wilander

The speaker on this event was John Wilander, and the his presentation was going to be largely about (client side) security. The presentation was split into two segments, the first segment he went through the usual suspects when discussing javascript security flaws, XSS, CSRF and clickjacking. He had some really interesting concepts and a few twists in his demos which are available at He also showed different ways to protect oneself against these attacks, and this is where I found a new trick that I wasn’t aware of, the Content Security Policy (or CSP for short) which is a request-header that the server can send which will tell the browser not to render any inline javascript and to not load any resources from foreign domains (unless these domains are stated in the request-header). This does not only invalidate most, if not all xss attacks, but it will also force the developer to write cleaner code.

After the first part we had a short break where we got pizza and more beer.

Lots of pizza

The second part of the talk concentrated more on new elements and functions that have become available through HTML5. For instance CORS, Sandboxed iframes, postMessage and so forth.

All in all I’m really happy I went. It was better than I expected and hopefully I’ll get to go next time the event is held.

They also broadcast and record the complete event for future references. So go watch the stream! (It’s in Swedish though).