Wednesday, August 18, 2021
We had a dream. To have continuously releasable code, and to provide functionality in more than one language without too much effort.
But in the past (like many before us), we didn’t always succeed. Our Open Source codebase is available on two platforms, Java & .NET and it wasn’t an easy task to keep them always in sync and buildable. In the old days we did this manually, risking broken develop branches in both codebases and this meant getting a .NET release out could take a month (or more). There had to be a better way…
In this talk we’ll share how we overcame these hurdles; and how we transitioned from a manually tested and ported codebase to an automated system, where develop is always green!
Our automated system is not final yet. It’s continuously being improved, and we still have many ideas… We’ll share some of these such as the introduction of build agents in the cloud. This would enable us to run tests on different platforms and configurations almost effortlessly.
Guided by a timeline, we’ll go through step by step how we achieved this by introducing different tooling, some in-house and some external. The main part of our talk will be about our Merge Pipeline (trademark pending) based on Jenkins, which forms the backbone of our fully-fledged automated system.
We’ll share its internal details and explain how it handles the different steps that are needed to get a Java branch merged, and automatically ported into the Java and .NET develop branches.
It’s designed in such a way that as little as possible time is wasted by running steps in parallel, keeping track of what was, or was not run already. Code that does not pass Sonar will not make it into develop. Functional tests are in a separate repository but go together with the code they are testing.
We firmly believe that others would benefit from learning the steps we took along the way, and how simple tooling can be used to introduce a merge pipeline to help the development process at any company.
With the increasing complexity of modern applications, continuous profiling methods and tools are gaining popularity among the Developer and Engineering communities. In this session, we cover what continuous profiling entails and why you should implement a profiler into your tech stack (if you haven’t done so already). We’ll then bring theory to practice and demonstrate a real-life scenario using gProfiler, a free open-source continuous profiling tool.
Some of you might have faced this situation. A critical bug made it through to production and when it explodes on social media, your paying customers start abandoning your mobile app. You feel like the sky is falling! Too late, you discover that this bug reached production because an internal user failed to report it.
When application performance and stability can make or break your business, how can you prevent critical bugs from reaching your end-users? This is where a well-thought mobile app beta testing strategy can help.
During this presentation, mobile automation expert Wim Selles will share best practices for how to prevent bugs from going unreported. You will learn how you can optimize mobile beta testing so your teams can deliver better mobile apps, faster.
Attendees will take away:
- How to find the right audience to beta test your mobile apps
- The reasons why internal/external beta users don’t report bugs
- How to encourage your beta testing audience to report bugs
- How to get the most value out of the bug reports generated
New tools like Github CoPilot use AI to help you write better code. Developer Workflow Optimization tools use AI to streamline the rest of your dev pipeline - reviews, ticket tracking, status updates and meetings.
In this session you’ll learn how Developer Workflow Optimization (DWO) tools surface data to help you make informed decisions about what you’re building and shipping as well as automate menial tasks you perform 10-50 times a day.
Here’s examples we’ll cover in the talk:
You have 20 minutes until your next meeting. DWO suggests a code review you can complete in 15 minutes.
You’re assigned 5 pull requests. DWO tells you which reviews to prioritize based on the urgency and importance of the projects they’re related to.
You’re fixing an urgent bug and quickly pushing it into production. DWO automatically opens a ticket and tracks its state.
You’re issuing a pull request. DWO estimates the CI and PR review time based on availability to help you plan what’s next.
Join us and see how to improve developer and team productivity, cut idle time, decrease cognitive overhead and maximize situational awareness with Developer Workflow Optimization.
OPEN TALK: Observability at Scale: Using AWS Services to Monitor the Performance of Your Microservices
Detecting and diagnosing performance issues in microservices can be difficult due to the distributed and decoupled nature of microservice-based architecture. While it is important to have metrics on the individual components, it may be necessary to follow the progress of a request as it travels across multiple service boundaries in order to identify problems. In this session, we will explore how AWS provides native monitoring, logging, alarming, and dashboards with Amazon CloudWatch and tracing through AWS X-Ray and OpenTelemetry to provide the 3 pillars (Metric, Logs & Traces) of an overall observability solution.
As organizations move to DevOps, the demand for faster software releases increases the chances of vulnerable code making its way into production. The good news is that coding errors leading to vulnerabilities are extremely preventable when on-demand, interactive secure coding lessons are readily available. This presentation will explain how modern AppSec awareness and training can bridge the gap between an organization’s secure software initiatives and the lack of secure coding best practices.
Join this session to learn:
• The secure coding challenges organizations face
• Developers as well as organizations are asking for an AppSec Awareness Program or Solution
• See how Checkmarx can help with an AppSec Awareness program (Demo)
Cloud security in most dev environments is broken. With ever-changing environments, engineers focused on features, and DevOps enabling incredible agility, traditional cloud security can't keep up. Even with a security resource at hand, the chance of catching each bad Terraform default or hidden * in a wide-open IAM policy is near impossible across endless cloud services. In this session, we'll show how (with very little effort) you can adopt DevSecOps with the right training, tools, processes and strategy. You’ll get practical advice and tactical tips to start implementing IaC security scanning and fixing security issues right away.
For a long time Java Messaging Service has been the API to handle messaging systems in the Java World, and now the messaging ecosystem is moving to the next generation of streaming services like Apache Pulsar.
Why? Because Pulsar is free, Open Source, Cloud Native and it comes with cool new features that are not well supported by traditional JMS vendors.
In this session you will learn how to use Pulsar in a JakartaEE Web Application deployed on Apache TomEE via the JMS/EJB API, without installing any additional components to your cluster.
Remote work is a major paradigm shift that comes with unique challenges and big opportunities. As a “Virtual First” company, Dropbox is betting on the future of remote work. Join us for a chat with Allison Vendt, Head of Virtual First, People & Culture at Dropbox, to dig into what it takes to create a virtual first work culture and empower virtual first employees.
Conversation Intelligence (CI) APIs enables to build applications that go beyond basic speech to text, creating a new array of sophisticated AI-driven experiences and functionalities. Basic speech recognition is designed to recognize or respond to explicit words and phrases, while conversation intelligence is capable of contextual comprehension of any human conversations to effectively extract key insights, identify user intent, surface actionable insights, detect sentiment, and more. Conversation Intelligence has given a rise to a new generation of AI driven applications and platforms across various verticals such as revenue intelligence, tele-health, call centers and customer support, collaboration and productivity platforms and more…
Join our session to learn more about Conversation Intelligence, creating new app experiences with it, and how to do so with APIs.
With very little preparation, society was forced to move online as social distancing and shutdown mandates were implemented in an attempt to slow the spread of COVID-19. Numerous parts of our lives that we were accustomed to doing in the physical world are now done virtually—changing the way we work, learn, and interact. As a result, we all developed an increased reliance on mobile applications.
Using Black Duck® Binary Analysis, Synopsys set out to analyze the security of the most popular Android applications in categories experiencing significant growth throughout the pandemic. Join this session to learn:
• Which apps were analyzed and the analysis methods used
• Noteworthy security findings
• What the findings mean for app developers and consumers alike
To truly scale application security testing, developers need to maintain their role in the security process beyond SCA and SAST, continuing the automation you are already achieving and rely less on manual testing.
Traditional DAST scanners are a blocker to this automation. They are hard to use, impossible to integrate, not developer friendly and produce too many false positives. This results in crippling human bottlenecks that stifle CI/CD, whether it's the need for security to constantly tweak scanners or the drain of manually validating vulnerabilities.
Either way, technical and security debt is compounded, resulting in insecure product hitting production. Change is needed, and fast.
In this session with Bar Hofesh, CTO and Co-Founder at NeuraLegion, you will discover:
1. Key features that your dev-first DAST needs to enable developers to take ownership of security
2. How you can detect, prioritise and remediate security issues early, automated in the pipeline
3. Insights into reducing the noise of false alerts to remove your manual bottlenecks to shift left
4. Steps you can take to achieve security testing automation as part of your CI/CD, to test your applications and APIs.
Thursday, August 19, 2021
OPEN TALK: Add Natural Language Understanding Capabilities to a Browser App in Minutes with the expert.ai NL API
Ready to get a little hands-on experience working with natural language capabilities? In this session, Antonio Linari, Head of Product Innovation for expert.ai, will provide a coding lesson to develop a Chrome plug-in that uses Natural Language Understanding (NLU) to sift through bookmarked pages more effectively. Save your favorite pages and let the expert.ai NL API analyze the content and automatically generate tags for faster retrieval. No URLs or content will be collected on the server side so that your bookmarks’ list will remain private.
This exercise will help build your understanding of natural language technology, while showing you how easy it is to leverage the expert.ai NL API in the development of web plugins.
Modern environments such as Kubernetes and serverless, have made it easy to manage and scale microservices but observability into these environments is still a challenge for DevOps. In this session, we will describe how to use request flows to build intuition about your architecture and build resilient applications. We will also dive into correlating metrics, events, & logs using distributed tracing, and creating alerts for anomalies detected in your environments.
Boosted by the pandemic, the level of digitalization in document workflows took a steep rise over the last year. While most professionals welcome this evolution, there are important factors to consider to make your digitalization efforts worthwhile, such as the processing performance of document-based operations, and the price of data storage locally or within the cloud.
With PDF being the preferred format for digital documents, a performant and automated solution for optimizing PDFs in high volumes should be at the very heart of your digitalization strategy.
With pdfOptimizer, the latest add-on for the iText 7 PDF library, iText offers an efficient solution to this challenge. In this webinar Cal Reynolds, Pre-Sales Engineer at iText and pdfOptimizer product expert, will
- Show you different ways to compress PDFs without loss of visual quality
- Quantify what these optimizations can save you in time and money
- Guide you through how pdfOptimizer can easily synergize with your document workflows to expedite processes, such as digital signing.
- Answer all your questions in a live Q & A session.
OPEN TALK: Let’s Play Tag: DevSecOps Edition! Automated IaC Resource Tagging Strategy for Security Policy Enrichment
Through GitOps practices, automated security checks, and Infrastructure as Code (IaC) strategic tagging automation, we can begin to build pre-flight and runtime policy-as-code to ensure that misconfigured and insecure resource definitions are caught prior to deployment. When resource misconfiguration or drift is discovered at runtime, a consistent tagging strategy allows resources to be traced back to the appropriate commit. This reveals a best fix location and author to vastly reduce MTTR. To show how this all works, we'll use a combination of open source solutions: Checkov (IaC Policy and Scanning) + Yor (IaC Tag and Trace)
Mobile apps are increasingly the main channel for customer-companies interactions in almost all industries. By 2025, the vast majority of internet users will access the web primarily via their smart devices. So it's no surprise that bad actors are broadening their attacks, targeting smartphones to steal IP, confidential data, or, in general, to tamper with mobile apps for personal benefit.
From mobile application shielding to security testing during the software development cycle through monitoring apps once in market, you'll learn how a comprehensive approach to mobile application security makes your apps and your business more resilient to security threats.
In early 2019, Chris decided to start a messaging and streaming SaaS business. He knew he wanted to build on open source technologies. Apache Kafka is the most popular open source technology in this space and would have been the easy answer. Instead, he decided to build using the lesser known alternative, Apache Pulsar.
In this talk, Chris will go over the key reasons why he felt (and still feels) that Apache Pulsar was the ideal choice for a message streaming SaaS platform. He will discuss the key architectural advantages of Pulsar over Kafka, including how Pulsar uses the open-source Apache BookKeeper project to its advantage. I will contrast and compare the open-source feature sets of Pulsar and Kafka. He will also discuss why running Apache Pulsar in Kubernetes simplifies operations and enables me to build a multi-tenant, elastic SaaS service.
In this session, we'll talk about how we built the world's first Jetpack Compose Chat SDK, what challenges we met along the way and why put so much trust into a technology that only recently became stable.
We'll talk about the API design and what decisions we've made to allow for both default behavior and UI and a rich set of customization options.