We will start with a welcome and conference introduction by Sebastian Meyen, the conference chair.
Followed by Daniel's keynote:
Some codebases are nicer to work with than others. This is true for applications, services, libraries, frameworks, even programming languages themselves. Is this a purely personal choice or are there universal characteristics of software that can make code a joy to work with?
Daniel has been thinking about this for a long time, especially since he poked a stick at the SOLID principlesfor fun a few years ago and people came after him with pitchforks. His recent post about why he feels SOLIDis outdated ended up on the front page of Hacker News!
Now he has codified his thoughts into his own pithy five-letter acronym, CUPID: Composable, Unix philosophy, Predictable, Idiomatic, Do main-based. Why these characteristics, what do they mean, and why should you care? Can they improve your coding experience or is this just more programmer navel-gazing?
You’ve picked a database solution for your current application needs, but how are you going to support the scale and feature set your future application will require? As the lines continue to blur between the roles of technology teams, the campaign of “moving to the cloud” comes up, but often this just shifts the issue, not solve it.
In this talk we will discuss tales from the field, in the hope of raising awareness of common pitfalls when rolling out a NoSQL database, or migrating to one. Using Couchbase to help applications deliver new features quicker, and tackle issues with both keeping a database alive and keeping that data in sync across platforms.
Learn how Couchbase can scale and help provide the features your current and future application requires
Utilise Kubernetes to speed up the dev-test-release cycle
Using N1QL to lower your time spent developing and debugging queries in a niche DML
The talk will demonstrate how to migrate an application from JUnit 4 to JUnit 5 by taking advantage of the nice possibilities provided by this last version of JUnit: new annotations, classes and methods, nested tests, nicely display of running the tests and other features. We'll analyze the new JUnit 5 modular architecture and migrate a project from JUnit 4 to JUnit 5, emphasizing the new capabilities (including tagged and repeated tests, replacing rules, and the new approach for parameterized tests) and how to benefit from them.
Ever wondered what a Cloud Native Application is? Is it a microservice or a monolith? Oh, it must be made for Cloud? Ever wondered how to develop a Cloud-Native Application? Come to this session to find out about making an application Cloud-Native and then learn how to build a Cloud-Native Application using the latest MicroProfile technologies (MicroProfile 4.0) such as Config, Fault Tolerance, Rest Client, JWT, Metrics etc. This session finishes with a live demo on developing Cloud-Native applications using MicroProfile 4.0 running on Open Liberty and deploying them on k8s.
We went from a single monolith to a set of microservices that are small, lightweight, and easy to implement. Microservices enable reusability, make it easier to change and scale apps on demand but they also introduce new problems. How do microservices interact with each other toward a common goal? How do you figure out what went wrong when a business process composed of several microservices fails? Should there be a central orchestrator controlling all interactions between services or should each service work independently, in a loosely coupled way, and only interact through shared events? In this talk, we’ll explore the Choreography vs Orchestration question and see demos of some of the tools that can help.
No matter exactly what type of software you are building, at least a few terms starting with the word "event" must have tried to invade your professional space. "Event-driven" has already evolved to the level of a magical buzzword in IT marketing and sales activities. But the tech terms list is much longer. It includes "event streaming", "event storming", "event sourcing", "event store", "event modeling", "event notification", "event-carried state transfer", ... Getting dizzy already? Don't worry. Many developers feel this way.
This talk is an “event-dizziness” cure. It'll walk you through the entire "event land" and explain what's what. It’ll discuss the origins, intention, and applicability of each term. So the next time you face the "event-driven" label, you can ask the right questions and make educated choices.
At a previous JAX event I talked about effective cloud native Java developer workflow. Two years later and many new developer technologies have come and gone, but I still hear daily from cloud developers about the pain and friction associated with building, debugging, and deploying to the cloud. In this talk I'll share my latest learning on how to bring the fun and productivity back into delivering Kubernetes-based software.
Join this talk to:
Learn why the core tenets of continuous delivery -- speed and safety -- must be considered in all parts of the cloud native SDLC
Explore how cloud native coding benefits from thinking separately about the inner development loop, continuous integration, continuous deployment, observability, and analysis
Understand how cloud native best practices and tooling fit together. Learn about artifact syncing (e.g. Skaffold), dev environment bridging (e.g. Telepresence), GitOps (e.g. Argo), and observability-focused monitoring (e.g. Prometheus, Jaeger)
Explore the importance of cultivating an effective cloud platform and associated team of experts
Walk away with an overview of tools that can help you develop and debug effectively when using Kubernetes
Did you know your equals method can contain bugs, even if you generated it with your IDE? As the creator of EqualsVerifier, I have seen the good, the bad, and the ugly. I will show you how to recognise potential bugs in equals(), and why you should care about them. You will see how to craft an ironclad equals method. You will also see how to test your equals method and gain 100% coverage with a single line of test code using EqualsVerifier, because testing equals shouldn’t have to take pages of code.
You're constantly learning new tools and technologies. That's important since this is the foundation of progress. But what about the old (probably still valid) ideas behind new developments? Especially when it comes to test automation, I noticed that newcomers often accept existing procedures, copy them and question them too little. So I prepared this talk to share some of the old ideas. We'll consider the following questions: How do I structure my tests? How do I make my tests readable, understandable and maintainable? How do I test something that isn't there yet? And how does all of this support easy design refactorings? We'll see basic, pragmatic, good practices – and of course we'll borrow some ideas from TDD, Clean Code and even a little bit from Domain Driven Design. Testing professionals won't discover much new. But if you're unsure about writing tests, you'll get tried and tested suggestions. For tests that support our team and our software development – and not just fulfil some test coverage metric. The session will be mostly live coding, with only a few introductory slides. We'll cover unit tests in Java, but the underlying ideas can easily be transferred to other test types and programming languages.
The business demanded rapid innovation. Software development and IT figured out how to provide it. But now we have a whole host of new problems. In the resulting world of cloud-native apps, microservices, and API-driven applications, what we came to rely on for keeping it all running and secure is no longer enough.
In this new fog, we are basically “flying blind”. Modern applications are extremely hard to secure and protect as they are complex and continuously changing. Our visibility of what we have, how it is behaving, and how it is being used (and abused) has diminished tremendously. So how do we begin to see through the fog once again?
In this session you’ll learn: ● Why are we flying blind ● 4 key areas to focus on to stop flying blind ● A way to get started quickly (for free!)
We must never devalue people in the process of delivering a technical solution. Building a strong engineering culture can be a daunting, but very rewarding undertaking and requires all members of a team to develop leadership skills as they navigate a very dynamic and evolving industry.
In this talk, we will discuss 8 tactical tips for cultivating an amazing dev culture that attendees can implement on their teams immediately, regardless of their titles!
So you’ve made the enlightened choice to use Kafka in your architecture, and you know you need to provision your cluster using infrastructure as code (IAC), but why stop at just provisioning brokers?
In this talk we will explore the available options to make deploying your Kafka-based applications more repeatable, resilient and observable. We’ll look at specific examples and techniques for applying IAC to the following areas :
Topic and partition creation
I’ll also share some lessons I’ve learned related to tooling, monitoring and backup management. And finally we’ll look at some resilience do’s and don’ts with some specific examples of where these tools have helped, and where their absence has hindered.
This talk tells the story of a recent real life project I did together with 4 development teams. Learn how we adopted the textbook practices, patterns and principles of Continuous Delivery and applied them to an existing monolithic application. I’ll discuss what worked well & what didn’t, and how we dealt with the messy reality of failing pipelines, flaky tests and brittle infrastructure. Find out how we transitioned from mostly manual, bi-weekly, error-prone releases to 30 automated deployments per day, while significantly reducing overhead and increasing quality.
We have been building software systems for over sixty years, and they continue to grow in size and complexity. Not only do we have legacy mainframe systems, but systems in object-oriented programming languages have grown so rapidly and uncontrollably over the last twenty years that many of them have become large obscure tangles as well. All this legacy code drives up development costs and makes us reluctant to touch these old software systems. Is this inevitable? Or is there also good legacy? And what can we do to get our Legacy in good shape and keep it that way?
Samman is a method for people who want to make a difference and improve the way software is built. The focus is specifically on technical practices and how people write code, and it's the best way I know to help software developers to adopt practices like TDD and Refactoring. A Samman technical coach divides their time between several software development teams and there are two main parts to the method: Learning Hour and Ensemble Working.
In the learning hour the coach uses exercises and active learning techniques to teach the theory and practice of skills like Test-Driven Development and Refactoring. In two-hour Ensemble sessions the whole team collaborates together with the coach in applying agile development techniques in their usual production codebase. The expected outcome after several coaching blocks is that the teams work more effectively and consistently with agile techniques even after the coach has moved on. I published a book about the Samman method in January 2021; the foreword is written by Kent Beck. This presentation is a summary of the main points of the book. My main aim is to encourage others to improve the way they do technical agile coaching.
Don't go to this talk! Your coworkers will not be happy when you come back to work tomorrow and start applying the things you'll learn here. You'll do a lot of damage. Mutating immutable objects is never a good idea. You shouldn't be bypassing the constructor when you instantiate an object. You certainly don't need to add constants to your enums at runtime. And don't even think about including Java 8 code in your Java 7 codebase. Truly, nothing good will come from attending this talk.
As a Java developer, you often feel right at home in your universe. But now, Python is becoming more and more popular, and it's worth taking a look at it. In this session, we want to compare Java and Python. To make this entertaining and fun, we will use small programming challenges. We will compare solutions in the areas of numbers, strings, data structures, algorithms, and recursion, such as:
Prime numbers and the sieve of Eratosthenes
Flood Fill (even with patterns)
Quick Sort (finally understand it)
Besides, we'll see how Pytest and JUnit do in formulating readable tests.
In today’s technology driven world it is becoming more commonplace to work with teams we don’t see face to face every day, month, or sometimes ever. Add to this the fast pace companies are seeking, and trying to find a suitable work / life balance; the potential for relationships within remote teams to become overly transactional is very high.In this talk Kristy shares her experiences of working with remote teams over the past 15 years. She will discuss the importance of making true connections with stakeholders and colleagues, irrespective of where you or they are located.
How emotional intelligence, specifically empathy, can enhance working relationships
Ideas on how you could build rapport
The importance and the impact of the technology you use
Are movies purely entertainment, or can you learn from them in a fun way? I loved the Star Wars saga as a kid, and my work experience in network and application security has made me enjoy the movies even more. R2D2 mining information, Han Solo getting past a protective shield with old authentication codes, or the Rebellion abusing a single point of failure – besides the space adventure, I see stories of human (and droid) error and bad design choices that happen in real life too, with the software of our digital systems that we rely on more and more.
In this talk, we'll dive into security design flaws and vulnerabilities in Star Wars, see why they could also happen to you, and find out how we can fix these issues.
You will learn hacker techniques, common security vulnerabilities and secure design thinking, and even a social engineering Jedi mind trick or two. You can apply these takeaways in securing your software with technical solutions and processes. The ideas also apply in testing the defenses of a system with penetration testing or red teaming.
Microservices deliver simple solutions to complex problems and are vogue within the developer community. As is event-driven architecture, which is a system of loosely coupled microservices that exchange information between each other through the production and consumption of events. By implementing event-driven architectures, it is possible to build a resilient microservice-based architecture that is truly decoupled, giving increased agility and flexibility. Many developers now consider event-driven architecture as best practice for microservices implementations. This new approach coincides with an increasing desire from business for real time data – producers and consumers demand faster experiences. But…problems exist. When you expose event streams to millions of consumers the assumptions made for traditional APIs don’t hold true. Developing real-time APIs means rethinking latency, scalability, security, and publication from the ground up. This talk will discuss lessons learnt while helping companies deploy real-time APIs in an event-driven microservices environment, it will cover:
The realities of the Internet, and how to address the challenges at the transport, protocol, and application layers
What caching looks like in a push-oriented world, and how it drives efficiencies
How to prevent your data model from impacting security and latency
Why basic Pub/Sub is not sufficient for today's event-driven applications.
Agile is everywhere and everybody is doing agile — and this mostly means: SCRUM. But SCRUM is not the answer of every problem. In this talk we will discuss which agile techniques, ideas and management will work for special teams. We will discuss team, technical and organizational issues. The goal is to have ideas and semi-solutions for the individualization of an agile solution.
In this session, we will demonstrate how common vulnerabilities in the Java ecosystem are exploited on a daily base by live hacking real-world application libraries. All the examples used are commonly known exploits, some more famous than others, such as Apache Struts and Spring Break Remote Code Execution Vulnerabilities. By exploiting them and showing how you can be attacked, before showing you how to protect yourself, you will have a better understanding of why and how a security focus and DevSecOps is essential for every developer.
During the past couple of years I’ve implemented or have witnessed implementations of several key patterns of event-driven messaging designs on top of Kafka that have facilitated creating a robust distributed microservices system at Wix that can easily handle increasing traffic and storage needs with many different use-cases. In this talk I will share these patterns with you, including:
Consume and Project (data decoupling)
End-to-end Events (Kafka+websockets)
In memory KV stores (consume and query with 0-latency)
Everyone is talking about how Project Loom will make concurrency child's play. Instead of reactive or asynchronous systems, we make a gazillion virtual threads. This should be simpler, but it also has dangers. For example, what happens if one task takes longer than expected? Or if it blocks forever? How can we force a task to stop? Has Project Loom made the ordinary ConcurrentHashMap slower?
In this talk, we will show a brief introduction to Project Loom. We then look at how we can prepare our code bases so that the migration to Loom is easier. We show how long-running tasks impact the liveness of our system. We look at what type of code we will need to refactor so that it is ready when Loom lands.
Legacy systems are everywhere. They are difficult to deal with and everybody wants to avoid or replace them. Replacing or rewriting is usually not realistic in the short term and the end result is fire-fighting and slow productivity when dealing with them.
This session targets developers or leaders who are responsible for systems in production. Main focus is Java/JVM systems but other technologies can apply the strategies discussed here. Following topics will be discussed:
How to decide where to start, getting most of the results with the minimum effort.
What does fast mean for different people?
APMs and profilers, which metrics to look for?
Branching strategies for incremental improvements.
Minimizing the fear of deployment: how to recover quickly from mistakes.
Reducing latency of database transactions under high throughput.
Multithreading: when to do it, and how to do it easily.
Flamegraphs as a secret weapon for bottleneck discovery.
Users access applications on PCs and mobile devices today. There are two obvious ways to build front-ends for these devices: Web applications and native applications. Cross-platform UI toolkits combine advantages from both approaches. Examples are Google’s Flutter, JavaFX, Facebook’s React Native, and Microsoft's Xamarin. Important web application frameworks are Google's Angular, JSF, Facebook's React, Thymeleaf, Vaadin, and Vue.js.
I will look at all these toolkits from the perspective of a Java developer and suggest which one to use in three common scenarios: New web application, new native iOS & Android apps, and what to do on the desktop when we have a web application. Based on my experiences using Google's Flutter for native mobile apps in my SaaS start-up, I will highlight what's good about Flutter and what's not.
Please find the slides & videos for my talk, additional information, and links to get you started & provide feedback at: https://bpf.li/jax
Monolith or Microservices? With Http4k and Quarkus.io we can have both!
There are many advantages in splitting up applications into small, atomic, independently (and continuously) deployed services. But there are also some costs.
In this talk, I want to illustrate how using a functional approach with Http4k helps to reduce some of these costs.
September saw the release of JDK 17, the next long-term support release. Java developers are now being provided with more new features at a faster pace than at any time in its over quarter-century history. Many of these new features provide exciting new language level changes, as well as useful new APIs. In this session, we’ll explore in detail what these changes are and how best to use them (as well as advice on when not to use them). We’ll also explain the significance of preview features and incubator modules. We’ll cover the following new language features:
Local variable type inference (JDK 10)
Switch expressions (JDK 12)
Text blocks (JDK 13)
Records (JDK 14)
Pattern matching for instanceof (JDK 14)
Sealed classes and changes to Records (JDK 15)
For each recent JDK, we’ll also highlight the most useful additions to the core class libraries. At the end of this session, you’ll be all set to write modern Java code!
When production issues happen, two things make them hard to deal with - people have to context switch, and we have to diagnose before we can fix. I want to suggest a paradoxical way of improving response times and reducing downtime, by increasing the number of issues which we scramble to fix, and by removing formal and informal restrictions on how much time should be spent on them.TDD encourages us to write the minimal test that fails, and then write the minimal code which makes the test pass. Let's observe the behavior of our production 'machine' until we discover the smallest error or warning and then do something simple to mitigate it. Let's replace support rotas by 'support queues', where the next person takes the first issue and works it to completion. Let's continuously add observability until we can answer even obscure questions about the working system. And let's get used to 'quiet watching' of the system so that we can discover anomalous behavior long before we experience failures.
Web applications are facing imminent threat these days with hackers trying to get into applications and stealing user data. In order to protect our applications, we need to defend ourselves by making our applications more secure. By using the Spring Security framework, we can use industry standard defense mechanisms to protect web applications from various issues. We will learn some of the basic principles of application security and then dive deep into how Spring Security Framework can help us achieve our goals.
Every microservice in production must be secured. In order to ensure this, there is a significant additional effort compared to a monolithic system due to the high number of services. If the operation then still takes place in a public cloud, neither the communication within the infrastructure of the cloud provider nor the connection via the Internet may be unencrypted. In addition, corresponding authorization checks must take place in each individual service. This session shows how easy and effortless it is to implement security measures with a service mesh tool like Istio. With a few small Istio rules, all communication in the service mesh is secured with mutual TLS (mTLS). Basic checks of service-to-service communication and end-user authorization using JWT can also be delegated to Istio. The extended authorization checks within a Java service are illustrated using the MicroProfile specifications.
While most people are still using Java 8 from seven years ago, new versions of the language are being released every six months! The latest versions provide an abundance of new features such as functional programming capabilities, switch expressions, local variable type inference, additions to the Stream API, new factory methods for Collections, text blocks and much more. This talk will introduce my favorite new features since Java 8, provide practical examples of how these features can be used, and offer recommended practices and gotchas when using these features.
Introduction of new features in the latest releases of Java
Examples of how the features can be used
Recommendations on good practices when using these features
In the age of DevOps, we're all expected to be 'Engineers'. We can all turn our hand to anything, from writing code, to configuring containers, to diagnosing build pipeline failures, we're expected to be able to do it all. Is that the right way to go? What happened to the fundamental principle of Division of Labour? Is it not better to be a Master of one rather than a jack of all?
In this talk, we will revisit base principles of production and ask if we are applying them correctly to software development. Is it really reasonable to expect everybody to be able to do everything and expect great quality products to come out at the end? How can we apply Division of Labour to an industry dominated by DevOps? Can the two principles work together or are they mutually exclusive? We will explore how we can ensure that our teams have the all-round skills required for DevOps style delivery while still maintaining expert specialist knowledge in all the right areas. It is important that team members can turn their hand to a variety of tasks, but we need to remember that engineering is about specialism and expertise.
Development is either building features or building reliability. Operations is entirely about reliability. Do you know about Reliability Engineering practices? Reliability Engineering covers performance, resiliency, coding patterns, failure modes, types of tests, best practices, incident management, and more. In this talk I'll cover what you need to know about Reliability Engineering so you can apply these practices to your systems and make them to the next level