Friday, June 25, 2021
How to build a great, cloud native, monolith
You can think about the granularity, try to fix the consistency with sagas,
evaluate various communication protocols, think about partial failures or ...just ignore the CAP and ship a nice monolith, save time and take vacations.
In this session, I would create the smallest possible Java monolith (actually a microlith) from scratch, discuss the design choices, tradeoffs and patterns.
At the end, I will discuss the killer use cases for microservices and how to break the microlith into several nanoliths.
Questions are highly appreciated!
`Huh?` to `Aha!`: A Refactoring Story
"Entropy is the price of a Structure". But sometimes, the price turns too high to pay. Is your codebase turning untestable, unreadable, and unmaintainable? Does your costs to add new features aren't meeting the ROIs. It's time to ask your manager to fund Refactoring!
In this demo-driven talk, using a real-world service, we shall identity some common reasons for a codebase to rot and how to weed them out using principles from Clean Architecture and Functional Programming, along with achieving 95% test coverage and ~50% reduction in Cognitive complexity (https://www.sonarsource.com/docs/CognitiveComplexity.pdf).
Audience & Take-aways
This applies to software developers at all levels. I use Java to demonstrate the code snippets, but this talk is about Software Design and Testing and is agnostic of programming language. The major take-aways for the audience are:
- Pragmatically apply the principles of Clean-Architecture and Functional programming in real-world refactoring.
- How to completely eliminate Exceptions from your code using ADTs (Algebraic Data Types).
- How to replace Shared Global mutable state on your Shared Code with Data Transformations.
- How separating out What-to-do from How-to-do can bring in a lot of flexibility to your code-base.
- How following all of the above organically boost your Testability without falling into any anti-patterns of testing.
Let's talk about Complexity and how to objectively measure the reduction we brought with our refactoring.
Live hacking: Breaking into your Java web app
In this session, we will demonstrate how common vulnerabilities in the Java ecosystem are exploited on a daily base by live hacking real-world application libraries. All the examples used are commonly known exploits, some more famous than others, such as Apache Struts and Spring break remote code execution vulnerabilities. By exploiting them and showing you how you can be attacked, before showing you how to protect yourself, you will have a better understanding of why and how security focus and DevSecOps is essential for every developer.
Functional Kotlin with Arrow
What is a monad? Do I need a Ph.D. to write in a functional style? How do I do that in Kotlin? And other questions that you were afraid to ask.
In this talk, we'll walk through Arrow Core, the functional companion to the Kotlin standard library. We'll cover both the concepts that every software engineer may add to their project right now and more advanced structures, starting from the non-empty list, going over Validated, and Either followed by monad comprehension.
Introduction to JHipster
Have you heard of the open-source application generator called JHipster? JHipster spins up a Spring Boot application with a modern javascript front-end in minutes. You get to decide what kind of database you want, what javascript framework (i.e. Angular, React, Vue), security, and various other aspects. After generating entities, full CRUD screens are generated in your chosen javascript framework. I'll describe how it works and give a short demo. The generated application is a pure Spring Boot application without custom files and is production-ready. The latest version even supports reactive programming! JHipster can be used to start a new project or even just to help you learn how a modern web application is built.
The Hacker's Guide to JWT Security
JSON Web Token (JWT) is an open standard for creating tokens that assert some number of claims like a logged in user and his/her roles. JWT is widely used in modern applications as a stateless authentication mechanism. Therefore, it is important to understand JWT security risks, especially when broken authentication is among the most prominent security vulnerabilities according to the OWASP Top 10 list.
This talk guides you through various security risks of JWT, including confidentiality problems, vulnerabilities in algorithms and libraries, token cracking, token sidejacking, and more. In live demos, you’ll learn how to hijack a user account exploiting common security vulnerabilities on the client-side, on the server-side, and in transport. You’ll also find out about common mistakes and vulnerabilities along with the best practices related to the implementation of JWT authentication and the usage of available JWT libraries.
Disco API - OpenJDK distributions as a service
At foojay.io we've spent some time creating a little api that should help you to discover builds of OpenJDK from different distributions in a general way. In this session, I will give a short introduction to what the Disco API is and how it can help you find the JDK/JRE of your choice. At the moment Disco can help you getting builds from the following distributions: AdoptOpenJDK, Corretto, Dragonwell, GraalVM CE8 and CE11, Liberica, Liberica Native, Mandrel, Microsoft, OJDK Build, OpenLogic, Oracle, Oracle OpenJDK, RedHat, SAP Machine, Trava and Zulu. I will show examples on how to use the API and about tools that already use the API like sdkman, NetBeans etc..
Modularization: The Foundation of Microservices and Monoliths
Dividing a huge system into modules is the only way to develop large systems. After Microservices became popular, people realized that the structure of a system is very important. Some took these ideas and applied them to monoliths. The basic concept of modularization is not new, however. These talks show the fundamental concepts and how they apply to microservices and monoliths alike. Because the architecture and the split into modules are so very important, the talk, therefore, shows basic concepts and prerequisites for successful projects.
Cloud-Native Application Development with MicroProfile
Ever wondered what is a Cloud-Native Application? Is it a microservice or a monolith? oh, it must be made for Cloud? Ever wondered how to develop a Cloud-Native Application? Come to this session to find out about what makes an application Cloud-Native and then learn how to build a Cloud-Native Application using the latest MicroProfile technologies (MicroProfile 4.0) such as Config, Fault Tolerance, Rest Client, JWT, Metrics, etc. This session finishes with a live demo on developing Cloud-Native applications using MicroProfile 4.0 running on Open Liberty and deploying them on k8s.
Replicating production on your laptop using the magic of containers
This will include a short introductory presentation on what test containers are, how they differ from other types of testing, and why they’re useful, as well as showing a live demo of how to use tools like MicroShed testing to enable this.
New trends in software development with Spring Boot and Spring Cloud
Kubernetes has become a de facto standard in cloud-native software development. Because Spring 🖤 K8s, we have added significant features that make Spring work even better in the Kubernetes environment. The GraalVM project has introduced native images that allow running Java apps in milliseconds with minimal memory footprint. Because Spring 🖤 native images, we have our own Spring Native project that lets you run Spring Boot apps blazingly fast with low memory consumption. Regardless of how you’re running your applications, production observability is a necessity to debug business problems and latency issues. Because Spring 🖤 observability, we help you add metrics to your processes with Micrometer and visualize latency thanks to distributed tracing with Spring Cloud Sleuth & Tanzu Observability.
In this presentation, we will show you how to do all of that with Spring & Spring Cloud.
Getting Reactive with Relational Databases and R2DBC
Not too long ago, a reactive variant of the JDBC API was released, known as Reactive Relational Database Connectivity (R2DBC). While R2DBC started as an experiment to enable the integration of SQL databases into systems that use reactive programming models, it now specifies a robust specification that can be implemented to manage data in a fully-reactive and completely non-blocking fashion.
In this session, we’ll briefly go over the fundamentals that make R2DBC so powerful. Then we’ll take a pragmatic look at the recently released R2DBC driver from MariaDB to shed some light on how you can take advantage of crucial concepts, like event-driven behavior and back pressure, that enable fully-reactive, non-blocking interactions with relational databases.
Code, Community, Consistency: the 3 C's of Career Growth
Like software development, career growth is a continuous process, that gets improved and adjusted as the requirements around us change. But how to not get lost? How can you make sure you are always improving, and not following dead ends? This interactive discussion will show how you can use the 3 Cs to build and run your own personal career growth process. Get clarity on how to constantly evolve your career, without guesswork and without feeling overwhelmed.
Saturday, June 26, 2021
My Experiences as a Beginner of OpenJDK contributor
Most developers have wanted to contribute to the OSSs that they have used in their daily work. But it is a challenge for everyone, especially the product that is big and famous like OpenJDK. I used to be the same. It's scary to send code that I write by myself to such a big community. Additionally, I'm not a native English speaker, so it's hard to explain my code in English. However, last year I send several patches to OpenJDK at last. They weren't elegant or cool. I made some mistakes in them, but people in the OpenJDK community properly pointed out those mistakes. When my patches were finally merged, I got fulfillment that I've never felt before. In this session, I will talk about how to start to contribute to OpenJDK and my experiences. Even if you aren't an experienced java developer, you can contribute. In addition, the OpenJDK repository moved to GitHub and changed the development method to pull request based one. It is easier to contribute than before. After this session, you will be able to start contributions!
Demystifying the Java Flight Recorder API
This session primarily aims at providing details about how to go about using the Java Flight Recorder API. It also explains the reasons to use the JFR API over the conventional Java Logging API by highlighting the key differences between them.
AN INTRODUCTION TO CREATING CLI APPLICATIONS USING PICOCLI
picoCLI is a small library that can be used to create JVM based command line interface applications.
Within 30 minutes, we’ll look at how to setup a project, create a small application and package it for others to use.
picoCLI is nice for several reasons : CLIs are a great way to automate some commands we run every day. And because it supports Java and Kotlin, we can keep using our main language of choice rather than having to dive into bash or node. Finally, pico applications can be turned into native images using GraalVM, which allows for a nice end-user experience.
This talk is a third introduction to the topic, a third live-coding in the IDE, and a third best practices when creating CLI applications, especially in Java or Kotlin.
By the end of this talk, you’ll have a basic knowledge of what picoCLI can do, how to set it up, and should have ideas of use cases to run it with!
Running Java Applications inside Kubernetes with Nested Container Architecture
Kubernetes enables possibilities to develop cloud-native microservices or decompose traditional applications making them more technologically advanced with the help of containers. Currently, most of the Kubernetes solutions are offered on top of VMs and there is room for further improvements. Implementing nested architecture of application containers running inside system containers opens additional flexibility of resource allocation and management, accelerates provisioning of the clusters and pods, as well as cuts the overall costs. During this session, we’ll review the possibilities of running a Java-based application inside the Kubernetes cluster with nested container architecture, what configurations should be taken into account, and how to overcome the barriers on the way to more efficient Kubernetes hosting.
Custom IDE inspections for effective testing
When writing tests from scratch or especially when migrating them from one JVM language to another (or even framework), the modern IDEs (especially IntelliJ IDEA) are very handy, as there are a lot of inspections out of the box. The thing is, sometimes, they are not enough or not suggesting idiomatic replacements.
In this talk, we are going to cover the following:
- Definition of idiomatic pattern of a library/framework/language
- Usage of structural search and replace in IntelliJ IDEA
- Creating inspections using structural search and replace
- Sharing your inspections with everyone
Examples will be demonstrated in Kotlin
Duke: Star Trek with Java 16 Code Challenges
Duke needs your help in navigating through the Delta Quadrant. Join us on this incredible journey visiting new features of the JDK 16 system as well as the best features of previous versions of Java. During this journey, you can improve your craft as an engineer. These short challenges will keep your katas going at warp speed! Solve the puzzles to learn the full power of the Java language. Apply the techniques, and develop concise code where bugs will have a hard time hiding. Come to this session to boldly go where no Duke has gone before!
Supersonic Subatomic Apache Camel
In this talk, we will discover how the joy of developing with Quarkus (https://quarkus.io/) can be applied to Apache Camel (https://camel.apache.org/). We will see how easy it is to develop and deploy supersonic integration connectors with Java that startup in just a few milliseconds.
Apache Camel is an integration framework and the most active project of the Apache Software Foundation (https://www.apache.org/). With more than 350 different connectors, it is the best tool to create decoupled and easy to maintain software architectures.
The Camel Quarkus(https://camel.apache.org/camel-quarkus/latest/) project, is the Apache Camel's subproject that brings the integration capabilities of Apache Camel, and its components into the Quarkus ecosystem.
Exploring Stateful Microservices built with Open Source Java in Kubernetes
How does one choose to architect a system that has a Microservice / REST API endpoints? There are many solutions out there. Some are better than others. Should state be held in a server side component, or externally? Generally, we are told this is not a good practice for a Cloud-Native system, when the 12-factor guidelines seem to be all about stateless containers, but is it? It’s unclear and this confusion may lead to poor technology stack choices that are impossible or extremely hard to change later on as your system evolves in terms of demand and performance.
While stateless systems are easier to work with, the reality is that we live in a stateful world, so we have to handle the state of data accordingly to ensure data integrity beyond securing it.
We will examine and demonstrate the fundamentals of a Cloud Native system with Stateful Microservices that’s built with Open Liberty in Kubernetes:
- Microservices/REST API – Options to use when running your apps in the JVM
- Concurrency – how to take advantage of multi-core CPUs and clustered distributed systems
- Stateful vs Stateless - while stateless apps are easier to implement, the bulk of the apps in production are stateful which involve a higher level of complexity and risk, especially when data would need to travel across multiple machines and network boundaries
- Deployment – how about containerization and orchestration using Kubernetes?
Pump up your productivity with Continuous Testing
We break production all the time. To avoid it, we created automated tests. But when our test suite grows, the feedback loop suffers again. What if we could have immediate feedback pointing to the tests that we're breaking with every single and minor change in our code? Meet Continuous Testing. We had the joy of practicing Continous Testing in the Java world about ten years ago, but this joy has been lost for one reason or another. Yet, with Quarkus, the joy of Continuous Testing is back!
Micro services for the next Billion
The food wastage in India is 70 tonnes per year, and there is mismanagement at several layers. Approximately 20-30% of the wastage happens in the last mile, between wholesale traders, and retail mom-and-pop stores. Is there something we can do about food wastage?
This was the problem statement I attempted to solve as a first engineering hire at a startup. Our customers were 12.8 million retail owners that deal in FMCG (Fast-moving consumer goods, such as food grains, tooth paste, etc.). The goal was to develop a platform for retail traders (mom and pop shop owners / small and medium business owners) to buy FMCG products from wholesale traders using an Android app.
We were attacking a deeply entrenched business practice to help solve a societal goal. For a section of the population which is not very well versed with smartphones and technology, the user experience had to be designed from the ground up to be multilingual, fungible, unstructured, and relevant. In this talk, I cover how we went about iterating the solution from a simple SMS based system to a full fledged app backed by micro-services. Having a micro-service architecture provided us the agility to experiment and iterate quickly, and we were able to push out changes much faster, and help solve wastage problems even sooner.
I will discuss the several problems we faced in this segment with regards to unstructured data, and how our data models had to adapt. We used cloud services extensively, so I will also cover how different pieces came together in a cogent form to build a better experience for our customers.
How to Build Megaservices - High Throughput Microservices
Oh, now what? Another technobabble name - megaservice! What is a megaservice?
A megaservice is a microservice that is capable of processing up to one million logical operations per second. In this context, the service prefix indicates the expected maximum sustained per second logical operation throughput.
In this talk, we will look at the more common deca-service (tens of LOPS), hecto-service (hundreds of LOPS), and kilo-service (thousands of LOPS) implementation techniques. We examine some of the common performance bottlenecks and look at methods to push services to higher throughput levels.
I'll share our experiences with a demo microservice application that we are using to push the cloud service providers to their limits. The demo application is composed of two Akka CQRS microservices. The app provides an interactive world map UI that visualizes IoT devices' distribution spread across the planet. With the click of the mouse, we generate thousands, tens of thousands, even millions of IoT devices and observe how various databases and cloud systems react when push to the limit.
All of the application code is built using OSS such as Akka, Java, JavaScript, and Kubernetes. The demo app is available for you to use as a learning tool for building your megaservices.