Sneak Preview of Devoxx.be 2022 talks

2022: A GitOps Odyssey

We all remember our very first Kubernetes cluster, right? Carefully installing all kinds of awesome things!

Prometheus, Grafana, Loki you know the drill! Maybe even installing some more exotic stuff, external-dns, cert-manager and so on!

It's an awesome feeling installing all these components and just watching all the pods pop up granting you endless possibilities!

However, we should make sure cluster configuration stays fun, even at scale. That's the mission of this session!

Using GitOps as the foundation we will tackle scaling cluster configuration whilst also keeping an eye out for topics like multi-tenancy and being cloud agnostic.

7 tools to help you secure your Kubernetes cluster

Over the last few years Kubernetes has become the leading solution to orchestrate containers. 

Unfortunately, its internal complexity and its various moving parts lead to many security concerns.

Workloads deployed on the cluster can also lead to security problems if security best practices are not followed.

This talk will focus on 7 useful tools to help you secure your Kubernetes cluster and its workloads.

A 1.5MB Java Container App? Yes you can!

Containers are increasing the way Java applications are packaged and deployed. There are lots of qualities desirable in a containerized application like fast startup and low memory and CPU requirements, but size and security are also important considerations. Moving big container images around a network will increase the time it takes to start up a new K8s pod or launch a container, and "just enough operating system" container images with reduced attack surface area are also preferable. So what’s the smallest possible Java container image? In this session we’ll demonstrate how to build containerized Java applications small as a mere 1.5MB! Using GraalVM Native Image ahead-of-time compilation and static linking with musl libc we can shrink down and strip out all the unnecessary bits that bloat a typical Java apps and deploy them in lightweight and security focused container images like Alpine and distroless–even scratch!

Access your brain with an API

In the beginning, we had the keyboard, the mouse, and the joystick. Then came gyroscopes, voice recognition, and more. There are multiple ways to interact with a machine; but could we someday be able to capture the frequencies emitted by our brain, process them, and make them available as an API? Deploy a pod on a cluster just by thinking about it?

A California startup has released a brain helmet that can capture our brain's electrical activity and has made available an SDK that allows you to create applications and services with this new form of interface: the brain.

After a quick explanation of how our brain works, we will see in the form of mini demos how the SDK works and the perspectives it opens up—for accessibility in particular.

Agile Agency - Trusting People to Get Things Done

We all understand development deadlines - though our responses to them vary wildly - plan, grasp, deny, avoid. Love them or hate them development deadlines are a fact of life in software - if we don't deliver then the technical core of growth is not functioning and growth - personal, team, corporate - cannot occur.

In this talk I explore how working to deadlines can be either a virtuous cycle where everyone takes responsibility and things happen naturally - or a deadly cycle where each step requires maintenance, failure involves finger-pointing and the effort to achieve anything at all astronomical. The difference? Giving staff agency and expecting them to act on it.

Ahead Of Time and Native in Spring Boot 3.0

Ahead Of Time and Native is a major topic for the upcoming Spring major releases. With this talk, you’ll get a complete tour of the AOT efforts and a glimpse at Spring Boot 3.0.

After a successful experimental phase with the Spring Native project, the Spring team is bringing Ahead Of Time (AOT) support to Spring. The goal here is to enable GraalVM native use cases and improve JVM efficiency.

During this talk, Stéphane and Brian will discuss the state of the AOT theme in the latest milestones of Spring Framework 6.0 and Spring Boot 3.0:

• The design of the AOT engine
• How this new infrastructure can be used by libraries
• What to expect as an application developer

A Java developer Journey into Apache Cassandra™

Apache Cassandra™ is a distributed NoSQL distributed database deployed extensively at web giants like Apple, Netflix or Uber.

During this deep-dive session, we will give you everything you need to master this technology: from architecture to data modeling, from drivers to best practices. Through practical labs requiring no installation, we will browse and run applications implemented with Spring Boot, Quarkus, and Micronaut in order to see how Apache Cassandra™ can be used in modern java applications. Take home 3 working projects at home.

Akka Streams for the Brave

Akka Streams is one of the most powerful libraries for streaming computation. In this talk, we'll learn how we can leverage the expressiveness of the Akka Streams DSL to write in 20 lines what other engineers take 2000 to even think about it.

We’ll cover the principles of Reactive Streams and show, in live code, how they work with Akka Streams. We will start by discussing what Akka Streams is made of, how components are tied together and how they function, and how we can design complex graphs of components with its concise and powerful DSL. At the end we will finish up with a recursive stream generating interesting values by itself.

A new hope for 2023? - what developers must learn next

Over the last 10 years we’ve seen cybercrime accelerate beyond all comprehension, We’ve seen the growing and relentless impact it has on our society and our economies. It’s taken a long time for the world to act but finally we’re coming together to resist this uniquely 21st century evil.

At the heart of the resistance are developers. Whatever role you have, whatever programming language or software you use - the battle is at your door.

In this session we’ll brief you on the state of the situation and what you can do to be more prepared: we’ll look at the bad guys and how they operate, we’ll examine recent legal and government responses and, most importantly, how the software industry is working together to create the tools, frameworks and education needed to help us all become the developers we need to be.

An Introduction To Residuality Theory

Residuality theory is a revolutionary new theory of software design that aims to make it easier to design software systems for complex business environments. Residuality theory models software systems as interconnected residues - an alternative to component and process modeling that uses applied complexity science to make managing uncertainty a fundamental part of the design process.

Apache Maven BoF

A lot of things are moving in Maven’s world. In this BoF, we welcome everybody involved with Maven to discuss. It doesn't matter if you're a user, a contributor or a committer, just join us.

A postgres-compatible DB on Kubernetes: YugabyteDB

Let’s install YugabyteDB, an open-source PostgreSQL compatible database on Kubernetes. And explain the reasons for it: distribute data to many active nodes, sharded and replicated, in sync, to the region’s data centers for high availability, or geo-distributed to reduce latency for worldwide users. Today, this is possible with distributed SQL databases, bringing powerful SQL and ACID features to the same scalability as the NoSQL datastores.

Apps modernization strategy: a light at the end of the tunnel

Think of that one legacy service in production. Well, you've just been asked to add new functionalities to it. You can already predict the pain in this modernization:

• code changes are ineffective and error-prone, and rewriting may ask for insane amounts of work; 
• you can't move it to cloud environments due to high predictable costs; 
• if creating new services, you must overcome the challenges of handling data in distributed systems (e.g., dual-write, eventual consistency, distributed transactions) 

Luckily, you can join this talk and see the way out! 

In this session, we'll explore a modernization strategy with the outbox pattern. Event-driven technologies and cloud adoption boosts this architecture's solution through enterprise data integration patterns - consequently opening new possibilities for your use cases deliveries.

Let's run through an actual implementation to learn how change data capture (CDC) allows extending apps by immersing them - with zero code changes - within a cloud-based event-driven microservice architecture. This CDC on steroids relies on cloud-native technologies like Kafka, Kafka Streams, Quarkus, Camel, and OpenShift.

Best of all: You can leave this session with extra architectural knowledge, a complete architectural technical guide, a step-by-step guide to trying the solution and getting your hands dirty, and finally, feeling confident to apply it in your context when needed. 

It's time to gear up and extend your existing tech stack!

Architecture Katas : Improve your system architecture design skills in a funny way !

How to learn architecture ? How to improve in this field ? How do we recognize a good or a bad architecture ?

There are plenty of books and training sessions about this subject. The best thing is to practice!

In the same way as coding dojos, I will present to you architecture katas. There are created by Ted Neward (http://blogs.tedneward.com/). His idea came from the following observation :

"So how are we supposed to get great architects, if they only get the chance to architect fewer than a half-dozen times in their career?"

One solution to this issue could be to practice regularly on several topics to gain experience.

After a brief introduction of how to start designing an architecture, I will present architecture katas, and the conduct.

To conclude, after this first try I will present the benefits I had benefited.

Artificial Intelligence: You Are Here

2022 has brought about an explosion in the world of artificial intelligence. Some have described the current AI trajectory as a shift more profound than the discovery of fire, or the birth of the internet. Google's Transformer architecture—introduced just a few years ago—has permanently changed the landscape, giving rise to hundreds of new AI models around the world, from Abu Dhabi to Switzerland.

The capabilities of these models are only limited by human imagination, as they generate new code, conceptualize images from scratch, write books, control robots, and much more. Discover the latest models and frameworks beyond GPT-3, from Meta NLLB to Google Pathways.

See popular AI applications and use cases. And understand what all of this means for the future of artificial general intelligence, and you.

Attracting and retaining women in tech: going beyond the trend !

Women are underrepresented in the digital realm. Today, they represent only 28 to 30% of employees, all professions combined.

What happened in this professional sector, however dominated by women during its genesis? Would women no longer feel in their place or not?

Some disturbing findings:

• higher education leading to digital technology is invested in by men;
• recruitment advertisements are not, as a rule, thought and written for women;
• tech teams don't think about the deep needs of women or diversity;
• women do not feel heard.

Even if women communicate, it seems that we do not listen to them.

And what are the results? Migration to corollary professions, brown-out, disembodiment in the team, resignations, creation of FemTech.

On a diverse spectrum, they lead the creation of safe places as a room of community expression.

So, if you want to promote diversity beyond the trend, and you have understood that the helping women in tech is a breach in solving the issue of diversity and inclusion, take part in my talk!

Belgian JVM Lovers Unite: The User Groups need you!

It’s crystal clear that the JVM-world is better place when we build, learn and discover things together. User Groups are great places to connect with other JVM lovers, share knowledge and have some nerdy fun… but they are nothing without you!

We invite everyone with an interest in the JVM community experience in Belgium to an open discussion on the present and future of JVM related User Groups. You don't have to be a community leader or Java Champion to contribute, everyone is welcome to share their amazing ideas, hopeful wishes and daring dreams!

User Groups are a valuable part of our ecosystem and they get even better when we work together. So now it's time to unite and make Belgium an even better place for JVM-lovers!

Blinking a LED with JBang and Pi4J on a Raspberry Pi in 15 minutes

Ever wanted to experiment with electronic components combined with software? With Java, a Raspberry Pi, and Pi4J you can!

In this short session, we will go from zero to hero and control a LED with a single class to interact with a LED (and more?) that is connected to one of the magic pins of a Raspberry Pi.

By using JBang we don't even need to install Java, Maven, or any other tool. JBang and a text editor are all we need to create an application that can interact with the GPIO (General Purpose Input/Output) pins of the Raspberry Pi to control components, read states, handle events, etc.

Blockchain, NFT and smart contracts for my (Java) application

Within the last years distributed ledger technologies like Blockchain and Hashgraph have become more and more a part of our modern world. By the success of Bitcoin the interest in such technologies has grown rapidly and buzzwords like Non-Fungible Token (NFT), Web 3.0, and Cryptocurrency are used wherever possible. But in the developer community not all people like this hype, and distributed ledger technologies often are seen as buzzwords for managers or outright scams. Unfortunately some questionable use cases for NFTs has been pushed by the media and most people think NFT is synonymous with speculative assets like bored apes!

In this session we will show use cases of distributed ledger technologies that go beyond cryptocurrency or speculative PNGs. Public services have been established that let you use the real benefits of distributed ledger technologies in enterprise applications without implementing a custom blockchain network. Whether you want to transfer assets that represent physical goods or need to handle immutable recording with a fast ordering public ledger. All this can be achieved by using open services that are based on leading and public distributed ledgers like Hedera or Ethereum. In several Java examples we will present real world use cases that use open services of public distributed ledger networks. You will see that the usage of such services not only externalize complex workflows but also help to make your application way more sustainable and secure.

Bootiful Multi-Model Applications with Redis Stack

Redis Stack provides a seamless and straightforward way to use different data models and functionality from Redis, including a document store, a graph database, a time series data database, probabilistic data structures, and a full-text search engine. In this session, I will walk you thru the building of a Spring Boot application that uses a hybrid model with Redis OM Spring. Redis OM Spring provides a robust repository and custom object-mapping abstractions built on the powerful Spring Data Redis (SDR) framework to tap into all the modules of Redis Stack.

Bringing legacy codebases to Android

Java has a long and rich history filled with projects and codebases. That history and ecosystem has been augmented by multiple technologies and vendors, but more importantly, a mobile platform. Bringing existing codebases and libraries to Android is not an effortless task; especially if one was to do it later rather than sooner.

In this talk we'll go over our efforts to bring a Java SDK to Android, highlighting some of the expected (and unexpected) pitfalls and hurdles you might encounter. We'll also cover solutions, hacks, and dead ends, so you'll know what to do and what not to do.

Browser security and HTTP Headers : Attacks and protections in action !

HTTP security headers play a critical role in securing browsers from numerous attacks : CSRF, XSS and more recently XS-Leaks to name a few. We can mitigate them if we leverage headers like CSP, HSTS, COxP or even CORS.

In these session, I'll demonstrate how easy it is to exploit client-side vulnerabilities and talk about the HTTP Headers that could mitigate them and better secure our browsers.

So let's play ! 😈😇

Build a modern Java Serverless Quarkus Application

This workshop will guide developers to build a modern, efficient, elegant and sustainable serverless application from scratch to manage personal expenses / banking account using Quarkus, AWS Lambda, CDK and other Cloud services for CI/CD, observability and optional AI/ML integration features.

If you are a Java EE developer looking forward to update your knowledge about modern Java this is the right workshop for you and in you will have a complete reference application backend with the most used Java technologies for cloud native applications and serverless that you can replicate and adapt it to your new Java projects.

Build and deploy cloud native Java microservices on Kubernetes with Istio service mesh

Istio is one of the most popular services mesh solutions available these days. In this deep dive session, let us see how to build and deploy Java microservices to the cloud using Istio, Kubernetes, JHipster, and Spring Cloud.

Istio moves the responsibility of service discovery, load balancing, circuit breaking, monitoring, etc from the application to the platform(Kubernetes) thus letting the developers focus on the business code. But setting it up could be a daunting task for beginners and pros alike. In this session, we will take a deep dive into how Istio works and will learn how to use different features of istio, like load balancing, canary deployments, A/B testing, and so on.

What you will learn:

• What is a service mesh, how does Istio work, and what features does it offer
• How to build Java microservices quickly using JHipster
• How to add Istio support to your Java microservices
• Setup Istio on a Kubernetes installation (for example on Google Cloud)
• Setup observability and monitoring for the Kubernetes + Istio cluster
• Deploy microservices to Kubernetes
• How to use different Istio features like load balancing, canary deployments, A/B testing, routing, and traffic splits
• Security options for Java + Spring + Istio

Build Better, Deploy Faster: Spring Boot + Spring Cloud in the Cloud for frictionless Kubernetes-based Microservices

In this session, you'll learn how to leverage proven patterns & open source software to rapidly build a robust portfolio of microservices that provide a solid foundation for your dynamic and growing microservice architecture, then learn how to make the cloud do it for you so you can focus on your customers' needs. This session addresses vital points such as:

+ Configuration services

+ Microservice registration and discovery

+ Features for system resilience

+ Intelligent routing

+ Secure secret keeping

And more, depending on time available

The presenter will demonstrate how to develop, deploy, and manage microservices with tools employed by industry leaders to build resilient, scalable, & available systems using Spring Cloud and Azure, but all concepts and constructs shown apply to various frameworks and cloud platforms.

Building ML workflows with Java, Python & Apache Beam

Apache Beam is an open-source, unified programming model for batch and streaming data processing pipelines that provides a variety of language SDKs such as Python, Java, Go, and more. This enables the creation of multi-language pipelines where each step can be implemented in the most suitable language. This enables collaboration between teams with different language preferences, and across domains with different default languages, such as Java for data processing and Python for ML modeling.

In this talk we'll look at the Apache Beam framework and how to use it to orchestrate batch and streaming ML workflows with Python and Java components.

Building multi-screen experiences for the mobile web

You've probably seen these new smartphones with foldable screens, like the Samsung Galaxy Fold, or with two screens like the Surface Duo. They're already on the market, so it's up to you to update and rethink your web apps for these devices! But how? Where to start? Fortunately, the web is constantly evolving and has already started adapting for these new devices, thanks to new APIs.

In this talk, we'll explore why and how leveraging multiple screens can help you create new user experiences for your web apps, by diving into new and experimental web features. We'll also have a look at how we can adapt existing apps for these new devices while trying to avoid dealing with the quirkiness of these new CSS and JavaScript primitives.

Building Reusable Server Components in React 18

React 18 just launched earlier this year, with a feature React developers have been looking forward to for a long time: Server Components. In this workshop, you’ll learn the basics of what React Server Components are, how to effectively build and use them, while focusing on one of the major advantages of React: Reusability through components. Join Addison and Will from Miro to see how you can get ahead of the curve and start building reusable server components for your next project.

Building Smart Devices using Java on the Raspberry Pi - An intro to Pi4J.

A Raspberry Pi is a full Linux PC with a small form factor and a low price of between 6 and 95€. And of course, you can run Java on it. The same kind of JVM applications you know, love, and use on heavy machines can also be used on the Raspberry Pi. "Write once, run everywhere"? Ah yes, that's the promise of Java! But this small board has some additional possibilities you will not find on that fancy server you are running somewhere in the cloud.

Do you need a touch-screen device to interact with your home automation or a machine? JavaFX, the new Raspberry Pi Zero 2 W (15€), and a touchscreen are the perfect and affordable combo to provide the perfect solution. Yes, with its low price but high specifications, Raspberry Pi is opening whole new worlds.

And on top of that, all Raspberry Pis have those 40 magical pins to connect an unlimited choice of electronic components. Measuring temperatures and distances, toggling LEDs and relays, controlling the content on a LED matrix or LCD display, playing the Star Wars tune on a buzzer,... the only limit is your imagination! In this talk, we'll take a look at the current state of Pi4J (www.pi4j.com) and dive into the code of a few of these example use-cases. Let's experiment with Java on a CrowPi - a Raspberry Pi-based laptop - to read values from sensors and control other electronic components, and show the values on a JavaFX dashboard.

Caching beyond simple put and gets

First things first: when there is caching in the talk title, the famous quote from Phil Karlton must follow. So let's get this one out of the way: there are only two hard things in Computer Science - cache invalidation and naming things.

Yes, caching is hard. It looks simple at first glance, which leads to a simplistic design and implementation. The application starts slowing down: introduce some caches. Simple library, simply put, a few gets, simple invalidation logic (or maybe not). Fast forward, and we end up with even worse bottlenecks. Instead of fixing an issue, we've just covered it with yet another layer of mud: stalled data (already invalid) in services which cannot be scaled out (different data lands on different nodes) and traded latency and read-access time for risk of actually losing the data (eventual writes).

We obviously can do better! In this talk, we will walk through different use-cases (as cache design depends on the use-case) which might require caching. We will look at how caching can be designed and effectively implemented. For the sake of time and fast feedback look, the examples will run on top of Hazelcast managed service.

CI/CD pipeline that enables Moore’s law and and propels the world to the future

Lithography drives semiconductor world and out moderns way of life. Noone can imagine his/hers life without: computer, smartphone, YouTube, smartwatch, etc. At the same time everyone expects that every year all those electronics miracles will become more powerful, bring even more features, get smaller (ideally invisible). ASML lithography scanners (Twinscans) are used to produce 85% of all chips (CPUs, RAM, SSDs, NAND, bluetooth, sensors, etc) made on silicon.

ASML scanners have multiple computers inside with multiple operating systems, running software stack of >50 mil lines of code on multiple languages from C till Python and Julia. Those scanners are able to position silicon wafers with nanometer accuracy and several G of acceleration. To create, improve, and maintain the huge sw stack ASML has >1000 engineers, spread across multiple continents, timezones, cultural backgrounds.

This talk will give insights on how sw integration is organized/implemented at ASML:

• Automated developer delivery pipeline to main archive
• Every day new version is created and tested (fully automatically)
• Late bug detection (after integration) and automatic removal of bad deliveries
• Utilizing power of Google cloud for testing
• Utilizing power of Microsoft Azure/ InfluxDB/Grafana to enable 24/7 monitoring with alerts for "non self recoverable" disasters
• Wide landscape of multiple services that all have to work together to enable 24/7 integration/ build/install/testing/test results analysis

Also interesting (and quite unique) aspect of : "Lithography scanner lifetime >30 years, and customer wants to get new sw features/have support" will be explored. Not many companies in the whole world have such constrains.

Clean Code with Records, Sealed Classes and Pattern Matching

The releases of the JDK 17 to 19 bring interesting features in the Java language: sealed types, pattern matching for switch (as a preview feature). Along with the introduction of records, the implementation of pattern matching in the Java language begins to take shape. The JDK 19 brings even more with Record pattern matching (as a preview feature), that further simplifies your code. In this presentation we show you how records are working, how you can use them to make your code much more readable, and how you can leverage sealed types and switch expressions to improve the modularity of your application. You will see pattern matching in action on real examples, how it will change the way you write Java code, and what you can expect on this topic in the future. It is mostly a live coding presentation, with some slides when the code shown cannot be executed.

Cloud-native for beginners: Istio 0 to 60

Experience the Istio service mesh through hands-on exercises. In this tutorial, you’ll get up to speed with the most popular and most-used service mesh in production - Istio.

We’ll explain what a service mesh is and what makes it work (hint: it’s Envoy!). After the brief theoretical introduction, we’ll jump into practice, where you’ll learn how to install Istio, route traffic between different service versions, configure mutual TLS, and use observability tools such as Grafana, Kiali, and Zipkin.

By the end of this workshop, you’ll understand how Istio works and how to use Istio’s custom resource definitions to bend the mesh to fit your scenarios.

Co-creating with UX and Software

What would happen if we would bring design, front end, back end etc. all together? How could we improve the user-flows by thinking of alternative, non-happy flows? What would happen to the performance and therefore the user-experience when back end is already involved before the finalised wireframes are handed over?! 

That's all nice and dandy. But we do need to deal with some concerns like:

-           Knowledge gap: How can the different disciplines with their specialty understand each other and come to conclusions?

-           Shared responsibilities: Where do start and where do they end?

-           Efficiency: What would it do to the efficiency of the team when they get different tasks?

In this session we’ll dive in together;

- seeing what the pro's and con's are of a multidisciplinaire way of working,

- what tips and tricks can be exchanged,

- and what kind of tools can help in smoothing out the concerns that arise

Code Your First Video Game AI

Have you ever wondered what it’s like to create an artificial intelligence for a video game?

In this workshop, you will learn and apply the main techniques used in the game industry to implement smart agents, such as the minimax algorithm or finite-state machines. There will also be a challenge where your AI can compete against others, and participants can win small prizes!

You can follow the workshop in almost any language, but Java/C++/Python/JavaScript are recommended.

Confessions of a Rusty Java developer

Rust has been picking up momentum over the last few years. It started with being more prevalent in system programming or when targeting WebAssembly. But now in the meantime it has a vibrant ecosystem for asynchronous server-side programming, whether REST API, gRPC and other… Let’s you safely share code across other languages. Not to mention, the most loved programming language on Stack Overflow!

But why? What does it bring to the table that you might care about? Java addresses many of your current needs, so why even bother? The language is constantly evolving, such as with records, sealed classes and pattern matching…

In this session we will go through how Rust is different from Java and what it means. This will be a gentle introduction to a language that can be scary at times, because of its compiler error messages, showcasing some of its incredibly powerful features. We’ll see how these enable the use of development patterns when using common data-structures, such as a Map or a List. We’ll also look into the toolchain and all the new target platforms that become available when writing Rust.

Rust is here to stay… and so is Java. Yet there is lot to learn from looking into the approaches Rust took, that will benefit you as a Java developer with its features to come. And how you can get your Rust code to run on a microcontroller, where a JVM would not run…

Connexion: API-first for all

Connexion is a Python API-first framework that automagically handles HTTP requests based on an OpenAPI specification (~Swagger spec) of your API. Connexion starts from the API contract, maps the endpoints to your Python functions, and provides features such as security, serialization & validation, all automatically configured based on the contract. This makes it unique, as many tools generate the specification based on your code instead. You can describe your REST API in as much detail as you want and Connexion guarantees that it will work as you specified. Connexion was originally developed by Zalando and recently released to the community. Previously, Connexion was built on top of Flask, but as of version 3.0, it works with almost any Python API framework by leveraging the standard ASGI interface.

In this talk we'll discuss:

• API-first as a development practice
• The Connexion framework and features
• ASGI middleware based architecture

Container Queries: The next step towards a truly modular CSS

Modular, componentized frameworks and libraries are more popular than ever, but currently screen size is the only dimensional constraint to which a web design can adapt to. Luckily for us, great things are a foot.

Container Queries, which allow you to style elements based on their ancestors dimensions, a feature requested by many since the advent of component-based front-end architectures met the principles of responsive webdesign, is finally in active development.

In this talk, Maarten will explain what Container Queries are and show you how each component can adapt its design to the dimensions of its container. Join us on our journey towards a more modular CSS.

Copilot to Cover: Why AI can’t replace developers with robots, but can make life better

In this session we’ll compare some of the key AI-based coding tools and look at the different ways they could change the way you work.

AI-augmented coding is here. Products like GitHub Copilot are already making the lives of Java developers easier by streamlining some of the most tedious, repetitive parts of their work. More, like AWS CodeWhisperer, are on the horizon.

But Java developers won’t be replaced by Skynet just yet. Though they’ve got great potential, GPT (transformer)-based auto-complete tools have clear limitations. What’s more, they’re not the only game in town. Tools like Google’s Alphacode and Diffblue Cover show how AI can be used in different ways to help development teams to work faster, be more productive and spend more time on interesting problems.

Join this session to learn:

• About different approaches to AI-augmented software development
• Why all approaches aren’t equal, and some pros and cons of each
• How AI can already transform mundane, but vital, tasks like unit testing for Java devs

Creating innovation portfolios in a leading European IT Solutions and Services Group

The presentation gives an overview on how innovation portfolios can be created using Netcompany-Intrasoft’s state-of-the-art Research and Innovation Development department, with the experience gained through its multi-sector collaborative research project portfolio. At Netcompany-Intrasoft, we recognize that the capability to drive innovation successfully within the market is a crucial competitive advantage. Innovation is key to shape the technological landscape in Europe and lay the ground for economic growth and social welfare.

Research at Netcompany-Intrasoft is conducted by internal research and development experts, in conjunction with prestigious Universities and Research Institutions, and acclaimed industrial partners that ensure the articulation of emerging ICT trends into innovative and exploitable research outcomes. As a result, we offer an interdisciplinary centre of competence on the effects, use and applications of ICT in our targeted markets with a medium to long-term agenda.

Product lifecycles are becoming shorter and shorter. Customisation/adaptation to client specific solutions are offering new niche market chances competing with mass market solutions. This is especially true for software solutions that are penetrating all possible markets from automotive to health and food. Marketplaces for example move from pure product selling to product selling combined with product specific IT services (i.e. maintenance). In such new business models ad-hoc multi stakeholder collaboration are build, where the IT solution provider is from another company and ad-hoc business models are created within the marketplaces

Cucumber tests: legends and reality

Writing tests, a required activity not always that fun. So, when some framework seem to enable writing them in natural langage, easily and quickly, user's (and manager's) expectations are skyrocketing !

But what is it really about ?

Das Boot: Diving into Debugging Spring Boot Applications

Spring Boot streamlines Java and Kotlin development with its developer-first focus. By simplifying dependency management and deployment, providing unmatched autoconfiguration capabilities, and leveraging convention over configuration at every opportunity, developers can focus nearly all of their efforts on designing, developing, and delivering amazing software. This is the happy path, and it is wide.

Good developers write good code, but great developers can diagnose the inevitable issues that arise in complex software systems. When your code takes the road less traveled, how can you quickly identify, isolate, and resolve the problem, not the symptoms? How can you move from good to great?

In this session, the presenter will take you on a live-coding adventure(TM) into the hidden passageways of your Spring Boot application. Topics covered may include (but are not limited to) the following, depending upon time available:

• Application startup, including autoconfiguration steps/process
• Bean initialization and configuration
• Debugging local apps via IDE
• Remote debugging container applications
• Tracing distributed apps
• Debugging reactive code

Come to this session to get a deeper understanding of your Spring Boot apps and level up your debugging skills!

Data At Scale - 10 pitfalls holding you back bringing value from data at scale

Rare are the companies that don't exploit their data today, but also rare are those that have succeeded in scaling up its use and putting data at the heart of their activity.

We are now entering the era of Data At Scale: the first successes of data projects and products are arriving and lessons have been learned from the mistakes made. The wish is now to go to the next level: promote the launch of tens or hundreds of data use cases in parallel. In other words : being Data Centric.

Except that this next level is a path strewn with pitfalls, it is a profound change that must be carried out, both organizationally, technologically and methodologically speaking.

In this talk, we'll present you 10 pitfalls to avoid in order to make this scaling up a success. From strategic organization to team sizing and good data product development practices, each component will have its share of potential errors. You may recognize yourself in some, and be able to anticipate and be proactive for others.

Let's find out !

Database Hacking 101: Building fast bulk import in Java + C

QuestDB is an open source time-series database with a focus on performance, written mostly in JAVA. The engineers at QuestDB use every trick in the bag to make sure their Time Series Database is as fast as possible. They recently explored how to speed up their CSV file imports, and ended up making extensive use of io_uring.

In this talk, Vlad Ilyushchenko (Co-Founder & CTO at QuestDB, and performance geek) will explain how they use io_uring to speed up CSV imports, why they use it at QuestDB and how much gain you can expect when adopting it. Lastly, Vlad will present benchmarks with io_uring as well as some of the implementation details.

Debugging distributed systems

Nowadays, most software projects are distributed systems: components are located on different networked computers which communicate and coordinate their actions by passing messages. Debugging distributed systems is not easy. When two components don’t play nice together, the cause could be virtually anything: software, DNS, routing, firewalls, proxies, load balancers, TLS.. and more!

In this talk, I’ll share my experience with debugging distributed systems. We’ll look at typical issues and share ways to debug those issues and find their root causes. We’ll dive into networking, infrastructure, logging/tracing/metrics, testing, remote debugging and more. I’ll share lots of examples and war stories along the way. After this talk, you’ll have practical knowledge on how and where to get started with debugging distributed systems yourself!

Deserialization exploits in Java: why should I care?

Hackers refer to deserialization in Java as “the gift that keeps on giving”. But what is actually the problem? In most cases, it is not even your own code that creates this security vulnerability. This problem is also not restricted to Java’s custom serialization framework. When deserializing JSON, XML, or YAML, similar issues can occur as well. In this talk, I explain how deserialization vulnerabilities work natively in Java and how attack chains are created. Next, I will show that deserializing XML, JSON, and YAML can also get you into trouble. And of course, we had the recent Log4j problems with deserialization. Many different problems can occur when deserializing data and in this session, I will use several demos to illustrate various security issues. How do you avoid these issues? I will give you some pointers on how to mitigate these problems in your own applications, this also includes new features in Java 17. At the end of this session, you will have an understanding of the problem space and be able to take action in your code to prevent it.

Design Patterns Revisited in Modern Java

Design Patterns are common ways to solve problems that developers have discovered over time. They often fill the gaps between the language capabilities and the design goals. When languages mature, sometimes patterns become natural features of languages and blend in to the natural way of writing code instead of a special effort. Java has evolved significantly over the years. In this session we'll revisit some common design problems and see how patterns are realized to solve those problems with the modern capabilities in Java.

Distributed applications - Better off with frameworks, Kubernetes, service meshes or all of them at once?

Software Development based on a distributed (microservice) architecture provides both several advantages and new challenges. In order to take advantage of the distribution it requires implementation of service discovery, routing, load-balancing, resilience mechanisms and more.

Java frameworks like Micronaut, Quarkus or Spring Boot provide dedicated implementations for API Gateways, Service Registries, Circuit Breakers and many more. These functionalities are declared as code dependencies and need to be set at build time.

If the architecture is running on top of Kubernetes there are alternative options to address these problems. So-called service mesh implementations do not have to be part of the actual application code, but can happen on a the network level of the container. A fairly new approach is emerging with the eBPF technology, which claims to enable service meshes with minimal overhead.

With this talk I want to compare the approaches to figure out if one, the other or a combination of them might make sense. The talk is split into a theoretical and a live-demo part.

Distributed Tracing as Architecture

By now, we all know "BDUF" (Big Design Up Front) and "NDUF" (No Design Up Front) don't work when creating the architecture of a system. We need "JEDUF" (Just Enough Design Up Front) ... unfortunately, nobody knows what "just enough" is. But some vendors can probably sell you a tool for it ...

In this talk, I want to give a very pragmatic approach on creating the architecture of a (new) system. And it's not only drawing boxes and lines or pitching some tool. It starts with a short but intense design phase and then validating and evolving the architecture from a running application using distributed tracing. This means the system itself will be the architecture! We will use Elastic Kubernetes Service on AWS with XRay as a practical example to explain and visualize the architecture of a cloud-born distributed system.

Docker Compose: From Localhost to Cloud

You know Docker, right? But do you know Docker Compose? Yes? But do you know what’s new in the 2.0 release? And do you know that you can use Docker Compose in your development  environment as well as in production? No? Then, this talk is for you.

In this talk we will quickly present the history behind Docker Compose, and highlight some of the novelties brought by Docker Compose 2.0. We will show you some advanced use cases that you might use as a developer on your local machine. But did you know that Ops can also take advantage of Docker Compose by deploying an entire application to the Cloud? Yes, in a single command an entire application can be deployed to your Could provider without the need of Kubernetes. And talking a K8s, we will end our talk by giving you some hints on when to use Docker Compose over K8s.

Docker Who: Small Containers Through Time and Space

Have you recently moved to microservices? Your team is deploying the code much faster, but data transfer costs are going up as well, aren’t they? That’s because the size of containers matters the most, and keeping them lightweight means saving on bandwidth usage.

BellSoft’s engineers have come up with a solution, which is full-fledged Alpine Linux support in OpenJDK. By that, we’ve also invented a real-life TARDIS: Containers that take only a few MB of storage but carry enormous potential. With the release of JDK 16, the Portola Project has been integrated into the OpenJDK mainline as part of our JEP 386. Duct-taping with a glibc layer will become a thing of the past, as all the processes will connect flawlessly. Your company will get to use tiny container images independently of the distribution kit vendor. They have been available for a long time, but the official HotSpot port status for the musl library will expand the scope and simplify related development.

My talk is going to touch upon the benefits that Alpine Linux is bringing to the OpenJDK community. It will also explain how to optimize Docker images for free by changing just one or two lines of code. Lastly, I’ll offer a tool for choosing an optimal container that will suit your project perfectly.

Doctolib needs a bigger database. Ok. But which one?

For 8 years, Doctolib has allowed millions of users to book medical appointments, using a single PostgreSQL database.

Today, Doctolib runs on AWS Aurora, the AWS managed version of PostgreSQL and is operating one of the largest transaction databases in Europe. We are using the biggest available machines, and we are still planning to upscale even more, to support the growth of our business. Yes, it’s possible to split this huge database or to move some parts to another kind of storage. At Doctolib, we like the simplicity of having a single database to deal with.

In this session, we will

• Expose the actual limits, our immediate needs, and what we plan to do afterwards
• Our criteria to find a replacement solution. Scalability, code compatibility, costs, hosting…
• How we chose to benchmark each solution
• Which solution was tested? And not tested?
• The result of the evaluation of 3 solutions: Spanner, Yugabyte, and Citus.

Instead of an ideal solution, we will try to expose which trade-offs were discovered and chosen.

Don't hack the platform ☠️💣💥

Don't go to this talk! Your coworkers will not be happy when you come back to work tomorrow and start applying the things you'll learn here. You'll do a lot of damage.

Mutating immutable objects is never a good idea. You shouldn't be bypassing the constructor when you instantiate an object. You certainly don't need to add constants to your enums at runtime. And don't even think about including Java 8 code in your Java 7 codebase. Truly, nothing good will come from attending this talk.

In all seriousness, this talk will provide awareness about some of the lesser-known vulnerabilities of Java and the JVM. Maybe I'll even tell you how to guard against them.

Duke’s Star Trek with Java 18 Code Challenges

Duke needs your help in navigating through the Delta Quadrant. Join us on this incredible journey visiting new features of the JDK 18 system as well as the best features of previous versions of Java. During this journey, you can improve your craft as an engineer. These short challenges will keep your katas going at warp speed! Solve the puzzles to learn the full power of the Java language. Apply the techniques, and develop concise code where bugs will have a hard time hiding. Come to this session to boldly go where no Duke has gone before!

Dungeons, Dragons, and Graph Databases

Are you an adventurer? Do you want gold? Experience? Levels? Of course you do! And where do you get these things? The dungeon, where else? But, unfortunately, dungeons aren't setup for the convenience of adventurers who wish to extract these fine things. You have to wander about and get what you get.

But you’re also a developer. You could build a database of all the rooms with their content. Then you could query it and find the best route to get the gold and the experience and the levels. But how would you model this data and write these queries? The rooms. The corridors. The monsters. The sparkling hoozits. That’s a lot of entities to relate to each other. And that’s gonna be a monster of a SQL query. Whoa–look at that JOIN! Better get my text editor ready.

Or, you could use a graph database. A graph database allows you to model these relationships intuitively with nodes and edges. Being schema-free, you can evolve your graph as you encounter new things such as traps or secret doors. And, using the Cypher query language, you can write elegant and easy to understand queries that find the best routes to get the stuff adventures desire most.

In this talk, I’ll introduce you to the concepts of graph databases and compare how to solve this problem with a relational database and how a graph database makes it easier.

So come, have a flagon of mead as you learn about graph databases, optimize your dungeon crawl, and equip another weapon in your quest for better software!

Dynamic workflow orchestration with Apache Airflow and CrateDB

With the rise of complex data solutions, the need for automating and orchestrating database processes is becoming increasingly important: there are more and more use cases when a database change requires a chain of operations where the execution of an operation depends on the execution of previous ones. Furthermore, to quickly develop and adapt database orchestrations, one must use the tools that offer scalable solutions that are easy to monitor and manage.

This talk will illustrate how easy it is to automate orchestration workflows with Apache Airflow and CrateDB. Apache Airflow is one of the most popular platforms for programmatically creating, scheduling, and monitoring workflows. The workflows are defined as directed acyclic graphs (DAGs) where each node in a DAG represents an execution task. Initially, Airflow was designed in a way that each task run independently. As of Airflow 2.3, a dynamic task mapping feature has been introduced, making Airflow a perfect solution for building dynamic workflows.

On the other hand, CrateDB is an open-source, distributed database that makes storage and analysis of massive amounts of data simple and efficient. CrateDB offers a high degree of scalability, flexibility, and availability. One of CrateDB’s key strengths is its compatibility with many data engineering tools, including Apache Airflow.

In this talk, you will learn how to set up a new orchestration project, and how to use Airflow with CrateDB to orchestrate complex tasks.

Embrace security in your supply chain

While cloud native development brings a significantly shorter time-to-market and a whole new level of flexibility (and scalability) for new applications, the use of publicly available tools / code / libraries etc can also incur new business risks that can damage your organization’s reputation and cost lots of money.

There are several separate tools available to reduce such risk, but most of them only cover a small part of the supply chain and they are hardly ever DevOps friendly.

As a security focused organization, we believe that bringing the functionalities together in a user-friendly, yet very powerful platform helps developers and DevOps teams to secure all steps of the supply chain without the burden of having to manage all individual aspects.

In this session, we demonstrate that it is pretty easy to make your code adhere to the organization’s security policies without feeling blocked, that it hardly takes any effort to prevent your pipeline from failing over misconfigurations or the reuse of existing code and that you can easily get full vulnerability and compliance visibility into your code dependencies. Then we will scan the artifact for compliance issues and vulnerabilities before deploying to a kubernetes cluster and see how we mitigate some risk.

End-to-end innersourcing and secure development with GitHub

Many of you may be familiar with GitHub for your own Open Source (OSS) projects. But, did you know that you can run your end-to-end development within your organization using GitHub Enterprise?

Join Chris for a whistle-stop tour in the day-in-the-life of a developer with GitHub Codespaces, GitHub Copilot, GitHub Actions and GitHub Advanced Security, showing how you can bring Open Source best practices into your day-to-day work (also known as InnerSource)!

Ensuring traffic livability with artificial intelligence

Every second, gigabytes of mobility data is generated in our cities through connected cars, smartphones, parking sensors and cameras. This enormous big data stream is the source of raw information on the mobility in the city, that is telling us how traffic is behaving under a varying range of conditions: weather changes, road works, traffic accidents. The task of unearthing these correlations between the many different data sources is a daunting one, where technology such as artificial intelligence can shine.

The Mobilize Digital Twin platform of Cegeka captures such mobility big data, and then trains AI algorithms to understand "how traffic works". '

This opens up the opportunity towards decision makers to answer any kind of "what if" question:

• what happens if a road gets closed?
• What happens if a huge rock festival is organized?
• What happens if we introduce a new circulation plan?

Our AI models can learn the impact of such an event in one city, and then transpose the impact to another location. This way, technology can support decision makers by allowing to compare different scenarios, to see which scenario has the desired impact on traffic livability.

Ephemeral Developer Environments for a better Developer Experience

Development Environments are fragile and hard to set up and maintain. Cloning repositories, installing an editor with the right extensions, and having everything set up to compile, build and debug the application under development is a tedious experience.

Gitpod is an open-source project that helps teams prepare ready-to-code, containerized development environments specifically for their projects. Such dev environments are described in code that is versioned in Git alongside your source code.

Integrated with GitLab, GitHub, and Bitbucket, Gitpod automatically and continuously prebuilds developer environments for all your branches. As a result, team members can instantly start coding with fresh, ephemeral, and fully-initialized dev environments - whether you are building a new feature, fixing a bug, or working on a code review.

In this session, you will learn why we created Gitpod, how it works and how you can boost your development workflow using it - extensive demos included.

Error 404: Color not found

Colors are an important way to convey information, but there are a lot of people with color blindness and low vision. What if your only way of conveying information is using color? What about an infographic where the color contrast is too low and the information is not reaching the end user, the customer or co-worker? What about missing the deal of your life due to an inaccessible website? In some cases the error: ‘color not found’ will directly lead to: ‘customer or deal not found’. I guess this is not what we want our products to be!

In this talk I teach you about color contrast, color blindness and the use of color in UX. I also tell you about tools that you can use to test color accessibility in a lot of use cases.

Event-driven autoscaling for Serverless Java

Kubernetes makes it possible to autoscale various business use cases from the web apps to mobile, IoT edge streaming, and AI/ML in more reliable and stable ways. One caveat of the Kubernetes autoscaling is based on hardware resource utilization (CPU, memory) through Horizontal Pod Autoscaling. This causes a new challenge to build an event-driven serverless Java on Kubernetes because the event metrics from multiple event sources (e.g., Apache Kafka, AWS SQS) are more relevant than a pod's CPU usage for deciding when applications need to be scaled out and in. 

Fortunately, KEDA and Knative on Kubernetes are designed to solve this challenge by autoscaling both standard apps and serverless by event metrics in a separate way. This session will teach you how to redesign your Kubernetes autoscaling architecture by event-driven metrics from Apache Kafka over standard resources (CPU, Memory) with Knative and KEDA integration for serverless Java using Quarkus.

Event Sourcing - what could possibly go wrong?

Yet another presentation about Event Sourcing? Yes and no. Event Sourcing is a really great concept. Some could say it’s a Holy Grail of the software architecture. I might agree with that, while remembering that everything comes with a price. This session is a summary of my experience with ES gathered while working on 5 different commercial products. Instead of theoretical aspects, I will focus on possible challenges with ES implementation. What could explode (very often with delayed ignition)? How and where to store events effectively? What are possible schema evolution solutions? How to achieve the highest level of scalability and live with eventual consistency? And many other interesting topics that you might face when experimenting with ES.

Ever seen an astronaut riding a horse? Understanding and applying text to image generation models

Over the last 6 months text to image models such as DallE-2, ImageGen, and StableDiffusion have taken off. These models can achieve previously unfathomable levels of photorealism, illustrate entirely new images from a single text prompt, and even paint your favorite animal in the art style of Picasso. The potential of these models is nearly limitless.

This talk walks through the architecture and theory enabling these models to generate novel yet coherent images, explores some more advanced uses of text to image models, and lastly shows you how to get started generating images using KerasCV, the most optimized implementation of StableDiffusion available to date.

Exception Handling in Functional and Reactive Programming

Functional and reactive programming is gaining popularity and use. One hurdle developers face using these approaches is in exception handling. Dealing with exceptions in these styles is confusing in the beginning and is often messy and error prone. In this presentation we will step back and take a closer look at exception handling, about their role in functional and reactive programming, and discuss the dos and don'ts for exception handling. We will learn using concrete examples and live coding to illustrate the problem and the possible solutions.

Exception Handling in Functional and Reactive Programming - Overflow

Functional and reactive programming is gaining popularity and use. One hurdle developers face using these approaches is in exception handling. Dealing with exceptions in these styles is confusing in the beginning and is often messy and error prone. In this presentation we will step back and take a closer look at exception handling, about their role in functional and reactive programming, and discuss the dos and don'ts for exception handling. We will learn using concrete examples and live coding to illustrate the problem and the possible solutions.

Expect The Unexpected: How To Choose Reliable Open Source Dependencies

Open source components make up a staggering 90% of modern application dependencies. Given the software industry’s heavy reliance on open source projects, it’s increasingly important to choose well-maintained, community-based components to withstand better an unpredictable disaster, such as last year's Log4j vulnerability.

As software security professionals that also happen to be pandemic brides, we know a thing or two about dealing with the unexpected. As it turns out, choosing reliable event vendors has a lot of parallels with choosing open source software components. Come to this talk to learn about best practices around choosing open source dependencies you can rely on and how to set your ecosystem up for success.

Exploring Stateful Microservices in a Cloud Native World

How does one choose to architect a system that has a Microservice / REST API endpoints? There are many solutions out there. Some are better than others. Should state be held in a server side component, or externally? Generally we are told this is not a good practice for a Cloud Native system, when the 12-factor guidelines seem to be all about stateless containers, but is it? It’s unclear and this confusion may lead to poor technology stack choices that are impossible or extremely hard to change later on as your system evolves in terms of demand and performance.

While stateless systems are easier to work with, the reality is that we live in a stateful world, so we have to handle the state of data accordingly to ensure data integrity beyond securing it.

We will examine and demonstrate the fundamentals of a Cloud Native system with Stateful Microservices that’s built with Open Liberty and MicroProfile.

Fairies, Fakers and Factories: boost you tests with better test data

Whether you write your tests up front or after the fact, you've probably found yourself in this situation: You know exactly what you want to test and how you're going to approach it, but you suffer from a massive lack of inspiration when you try to define your test data. Eventually you end up with "Test User", "Jane Doe" and "Product123". This is both frustrating and ineffective. Coming up with good test data over and over again can be mind numbing and the result is mostly not representative for the data that will actually flow through your system.

So how can you improve this? Is there a way you can easily generate good test data and at the same time reduce the burden of creating test data over and over again? Yes you can! In this session I will show you how you can use test data generators like Java Faker and jFairy to create test data factories that help you improve the quality of your test data. I will show how this can massively improve your productivity when writing tests, because it helps you to focus on what really matters: the tests themselves.

Fake it till you make it: an introduction to synthetic data

Using ‘real’ data may be tempting, yet under the GDPR it’s not a good idea when dealing with personal information. Unfortunately, testing or debugging software may be harder without having full access to all underlying data. A synthetic dataset can be a good solution: generating fictitious replacement data, that mimics the structure and distribution of the original data.

Joachim Ganseman from Smals Research talks about how synthetic data can be generated, and especially about the practical concerns and limitations.

• How do we deal with rarely occurring values, correlations or dependencies?
• What about the balance between maximum privacy protection vs. retaining enough functional usability?
• Can we do reliable analytics on a synthetic dataset?

He will share some practical examples using open source software in Python.

Fast and Furious Full-Stack Development with JHipster & Spring Native

JHipster is a development platform that makes it easy and fun to build modern web and microservices with Spring Boot, Micronaut, and Quarkus, as well as Angular, React, and Vue. With the addition of Spring Native support, it's now possible to build applications that can be compiled ahead of time into self contained native platform executables using GraalVM Native Image. In this session we'll talk about how you can create such app from scratch, extend it, and see some demos!

Fleet is on its way

Fleet is the next-generation IDE by JetBrains. It was born lightweight, inherently distributed, and with built-in support for remote development. Let’s see what Fleet is and how one could use it. We’ll go over Fleet’s main features, which include working with many programming languages simultaneously, remote collaboration, and Fleet’s ability to adapt and employ code insight solutions from JetBrains IDEs and LSP (language server protocol) servers available in your favorite ecosystem. Finally, we’ll check out how Fleet helps developers solve everyday problems and run their typical workflows. 

From 'It works on my machine' to 'It was written by a machine' - GitHub Codespaces & Copilot

Being a developer is hard. From knowing the building blocks of programming, through to keeping on top of the latest languages and frameworks. That's before we even think about running systems in production... But at some point, we've all uttered those words 'It works on my machine'. Or, may have looked up code snippets from our favourite search engine...

What if there was a better way for both? In this demo-led session, Chris will introduce GitHub Codespaces and GitHub Copilot, explaining how they can improve your developer experience and make you even more productive!

from Java and Scala to assembly

When it comes to performance, many developers take for granted statements (myths) that are not always valid, no longer correct, or were never accurate.

Performance and benchmarking were always tough topics, and in languages such as java and scala, there are so many layers between code and machine that any analysis seems futile. 

We will, however, try to do this and check a few exciting examples of scala code snippets down to the "bare metal".

We will use recent JVM versions, including graal and some valuable tools such as

jitwatch, javap, gc logs, jmh, performance counters. 

The next time someone claims something about performance, you can measure and check it.

From Objects to Functions

Learning Functional Programming in the field. Taking examples from two chapters of my book "From Objects to Functions" (pragprog.com) we will see how using a functional approach changes the error handling and the logging parts of our application.

Using exceptions to recover from errors in our programs goes against the principle of functional programming because it will prevent us from defining the logic composing pure functions since an Exception cannot be a valid return value for a pure function.

In this talk, I'll present some possible techniques to handle errors differently and, arguably, make our code easier to read and maintain.

Functional programming also allows us to centralize the logic to log significant events with their context. Instead of using simple string messages scattered along our code, we can define more specific domain events and log them with the full context of the error, removing the need to configure log levels.

The example code presented is in Kotlin, but applying the same techniques in Java or other languages should be easy.

From Serverful to Serverless Java with AWS Lambda

For more than 25 years, Java played an essential role when building sustainable software architectures and applications. The traditional approach to develop & run Java applications included setting up applications servers, complex build & dependency management and often relied on large enterprise frameworks. In contrast, Serverless functions are ideally short-lived, single-purposed and do not rely on extensive infrastructure configuration. This paradigm shift encouraged new frameworks, concepts and techniques to evolve.

In this workshop you will learn how to bring your traditional Java Spring application to AWS Lambda with minimal effort and iteratively apply optimizations to get the best out of your Serverless Java experience. You will get an overview of best practices, performance trade-offs and the design considerations for each step to be able to make well-informed decisions when bringing enterprise Java applications to AWS Lambda.

Future of Frontend Development

For the last couple of years, React, Vue & Angular have positioned themselves as the "Big 3" frameworks for frontend development. They still add new features, but not at that rate compared to the early days. Did we already reach the peak?

On the contrary! Svelte's compiler approach, React's Server Components or esbuild's performance (via not using JavaScript) are groundbreaking changes that will shape the next generation. If the "Big 3" will adopt or vanish, is another topic...

Join my talk and see how these new approaches are expanding the frontiers even more.

Fuzzing in Go

The recent release of Go 1.18 brought not only the long-awaited generics, but also a new Fuzzing capability built in the standard toolchain.

But what is Fuzzing?

Let's explore what Fuzzing is about, see how it's integrated in the testing framework to automate randomized testing, and write a live demo from scratch.

Fuzzing is not consistently used in the software industry yet, however Fuzzing has the potential to detect critical security flaws. More than ever, who can afford to neglect defence in depth, when exposing any service at all on the internet?

Game of Loom: implementation patterns and performance implications playing with virtual threads

Virtual threads will be very likely the next big game changer in the Java ecosystem, allowing to have the scalability of asynchronous programming models with the simplicity of synchronous code. Their main claim is that, differently from native threads that are a costly and then scarce resource, you can create as many virtual threads as you want with known and much cheaper memory and performance impact than the native ones. But is this always true? What are the costs of scheduling thousands or even millions of virtual threads? Does the more frequent context switch have some performance implications? What about the cache misses that these context switches could potentially imply? During this talk we will try to answer these questions in a funny way, by analyzing an implementation of the traditional Conway's Game of Life based on the communicating sequential processes (CSP) model and using both virtual and native threads with different algorithms in order to compare their performances. Based on this analysis we will also try to derive some rules of thumb on when and how using virtual threads.

Generational Shenandoah: Better latency with smaller heaps

One benefit of pause-less garbage collectors such as Shenandoah and ZGC is that they can bound pause times to a few ms independent of heap sizes. An operational tradeoff is that the JVM must be configured with a much larger heap in order to assure pause-less operation, sometimes 3-5 times larger than would be required by a stop-the-world garbage collector. This is because extra memory is required to hold objects allocated during the times that garbage collection is concurrently running and to hold floating garbage that was allocated during the previous garbage collection pass but cannot be reclaimed until the end of the courrent garbage collection pass. Adding a second generation to Shenandoah allows typical young-generation garbage collection passes to complete in much less time than is required for traditional Shenandoah full garbage collection cycles. This means less memory is required for new allocations and floating garbage and fewer CPU resources are required by the concurrent GC worker therads. All of this translates into lower costs for capital and operations, lower energy consumption, and a greener planet.

This talk describes the motivation, design, and best-practice recommendations for making effective use of generational Shenandoah in your services that have timeliness constraints.

Get old, go slow, write code!

Turning old as a developer is hard. It is hard to stay relevant, hard to keep up with the competition of newcomers and hard to know all of those new frameworks, tools, languages and practices. However, the truth is that we oldies have a big advantage over the younglings.

We are slow! Slow is good! So whatever you do, don’t put your programming on the shelf just because someone half as old writes code with twice the speed.

Instead of getting frustrated over the pace of the oldies I really believe that we need to take a step back, embrace the skill of being slow and change the developer mindset to understand that the best way to go fast in the long run often is to be “controlled slow” in the short run.

In this highly interactive talk, I will elaborate on the danger of the traditional “software developer life cycle” (developer -> team lead -> project leader -> manager) and try to show how we instead can make those grey hairs your biggest asset, just by slowing down.

Getting started with Domain Driven Design without fighting the wrong battles

Domain Driven Design is in every mouth. Ultimate silver bullet, buzzword machine, it’s starting to sound like a must do for every start-ups. But how do you get started to generate value quickly?

What if the answer wasn’t the aggregates, value-objects, domain events and other popular tactical patterns, but rather in understanding the domain? That would be convenient, as DDD offers tools allowing us to grasp the domain and modelize it correctly.

Let us discover together the strategic patterns - the most important part of Domain Driven Design - that will offer the best returns on investment. This will help you adopt this philosophy smoothly, far from the hype and technical difficulties.

Google's Journey from Java to Kotlin for Server-Side Programming

Kotlin is now the recommended programming language for server-side JVM usage at Google, set to replace Java while still providing access to a large existing Java ecosystem.  With over 8 million lines of Kotlin code at Google (across server and Android), we've done a number of things to ensure our developers are successful with Kotlin.  This talk will explore the reasons we've switched from Java to Kotlin and how we've made it a successful change.

GraalVM Cloud Native & Micronaut® Deep Dive

This session is for developers looking to go beyond the basics with Micronaut®, a microservices and serverless framework for Java, Kotlin, and Groovy.

Taking an extensive look at how advanced features such as dependency injection (DI), aspect-oriented programming (AOP), and ahead-of-time (AOT) compilation work, the creator of the Micronaut framework, Graeme Rocher, will walk attendees through the Micronaut framework’s elegant programming model and how to rapidly build compelling Microservice applications.

Graeme will also demonstrate how the Micronaut framework can be combined with GraalVM Native Image to produce fast, efficient and optimized Cloud Native Microservices that ensure maximum Cloud portability.

GraalVM Native Image Bootcamp

What do Quarkus, Spring Native, Micronaut, and Helidon have in common? They all support GraalVM Native Image ahead-of-time (AOT) compilation to transform applications into a native machine executables that starts almost instantaneously, provides peak performance with no warmup, and require less memory and less CPU. It's perfect for containerized workloads and microservices where maximizing startup time and minimizing required resources is critical. In this workshop we'll provide a practical introduction to GraalVM Native Image AOT covering how it works, what it can do, when to use it, and how to tune and debug applications.

Topics include: building with Maven and Gradle, static and dynamic linking, containerization, configuration, working with resources, profile guided optimization, garbage collection options, and JUnit testing and debugging native executables

Gradle: Give your build some love, it will be returned!

The notion of developer productivity is a key issue in our increasingly computerised society. In this context, it seems coherent to apply the same software engineering practices to the build as to your applications and libraries.

The recent improvements of Gradle cover the technical aspect of the build but also recommendations and idioms for better builds.

We will see how the new features for JVM projects and dependency management allow you to model your projects and publish your libraries with richer metadata. Some examples:

• Version catalogs,
• Test suite modelling
• And more

You will learn how to write idiomatic Gradle plugins by leveraging Gradle's programming model. You will also learn how to organise the build of your software whether you have a single repository or several repositories. The build logic will be reusable, based on conventions and with code quality and testing.

We will also see how the new Configuration Cache can speed up local development by starting the execution of tasks immediately. You will learn how it works and what constraints it imposes, in alignment with idiomatic recommendations.

gRPC Cornerstone: HTTP/2… or HTTP/3?

Hiding all the underlying protocol complexity makes gRPC really popular.  The framework makes all the decisions on how to layer an RPC model on top of HTTP/2. API designers and users are not exposed to low-level implementation details.

On the other hand, knowing these details may be necessary when troubleshooting and making performance optimizations in a real-life system. 

This talk provides practical advice on triaging gRPC interactions and achieving performance improvements - by covering technical details, starting with HTTP/2 frames and streams in gRPC. It also exposes the limitations of HTTP/2 and prepares the audience for the upcoming HTTP/3 standard and its integration with gRPC.

It is intended for current & potential gRPC users as well as engineers interested in exploring the benefits of HTTP/3.

Happy Developers write better code

In the current world, with a rapidly growing demand for software and software developers, we need to take care of how software development teams experience developing software. Remember that developers are users too. They work in organizations where they use a large set of tools, frameworks, libraries, infrastructure, processes and hardware to build software. All these things contribute to the developer experience and the (un)happiness of Developers. Happy developers write better code.

In this talk, we will talk about Developer Experience (DX) in organizations and give some examples of what influences this experience and how we can all improve the Developer Experience.

Helm vs. Kustomize: the frenemies that soothe Kubernetes

At the beginning of working with Kubernetes, engineers considered it bliss to have a simplified model when dealing with infrastructure. As maintaining infrastructure for distributed systems showed its complex consequences, other means appeared to help tame the marvelous k8s beast. Helm’s arrival became the de facto standard as it was seen as the only real choice to reuse Kubernetes resources until Kubernetes 1.14 was released, having Kustomize embedded in it. 

It is human nature to challenge and debate, and in this talk, we will observe through examples what makes Helm and Kustomize adversaries in the Kubernetes resource reusability battle, but also when they can even work together.

Highly available, distributed & resilient software... team

Design patterns for building distributed, resilient, and scalable web applications are well known today. However, setting up a project organization to build them effectively remains a challenge, especially when the team itself is distributed. The "human" factor is a source of problems that are difficult to predict.

What would happen if you could take inspiration from the architecture of your applications to improve the communication of your teams?

Microservices, messages queues, load balancers, caches, sharding, decoupling... These architectural concepts are designed to improve digital exchanges within our apps, and above all to anticipate and manage failures. By modeling the exchanges within your team as software architecture, we will see how these design patterns can also be effective in solving our communication issues, very human this time.

How Betclic is using its Datalake to generate some load tests and simulate sports events ?

Sports betting is growing a lot since few years in Europ. All actors in the domain are confronted to the same issue : how to ensure a flawless continuity of service whereas systems requests are exponentially increasing ? Climax of the phenomenon, Euro 2020 football excitement.

To prepare that event, at Betclic, we developed a platform to generate some load tests in order to replay past events and associated actions (bet placement, offers reading, etc) 

Based on a datalake which is able to ingest our logs, that solution allows us to simulate a configurable growth (+50 %, + 100%). 

We propose an architecture presentation about tools we set up and used (AWS Glue, Athena), and also our load tests strategies with Gatling tool. 

How Graph Data Science can turbocharge your Knowledge Graph

Knowledge Graphs are becoming mission-critical across many industries. More recently, we are witnessing the application of Graph Data Science to Knowledge Graphs, offering powerful outcomes. But what does Graph Data Science stand for, and how does it turbocharge Knowledge Graphs?

In this talk, we will illustrate the various methods and models of Graph Data Science being applied to Knowledge Graphs and how the Neo4j platform allows you to find implicit relationships in your graph, which are impossible to detect in any other way. You will learn how centrality algorithms as well as node embeddings uniquely capture the topology of your graph and how they are being used in drug discovery as well as various other industries.

We will end the talk by showcasing how you can get started with Neo4j.

How I built the world’s most efficient deepfake detector with $100

ThisPersonDoesNotExist.com is an ultra-realistic face generator based on neural networks, frequently used by botnets to create realistic fake profiles on the internet.

At a time when disinformation and manipulation of opinion spread through social networks, it is necessary to be equipped to spot fake identities, especially via their profile pictures which are the hardest elements to fake. During this talk, you will discover a method to detect images generated via ThisPersonDoesNotExist.com, with 100% reliability and even a way to know the exact time the photo was produced.

The conference will focus on a technical challenge faced during the implementation of one of the attacks, which involves TensorFlow models leveraging features of a customized ElasticSearch instance, on very limited hardware.

During this beginner-friendly conference, we'll also cover the basic machine learning concepts needed to make GANs work, and a technique to generate almost undetectable fake faces yourself.

How I split a 60 module mono-repo in minutes

Once upon a time, I had to split up a large mono-repository at one of my customers… again. Like any proper mono-repo, it contained a hellish amount of modules, services and libraries. The repository had so many responsibilities, I suspected it could actually make me coffee when provided with right build arguments. And if that wasn’t bad enough, the client decided they needed the new modules in a different build-tool too.

At the start, I faced the question that has been tormenting developers since ancient times: do it manually or automate it? Of course I chose the latter (if I liked preforming manual labour I would have chosen an other profession). In this talk I will show you how I have spent 10 days to save 3 days of disgusting manual work. I will demonstrate and share the tools that will allow you too to split-up your own monstrous repositories in a couple of minutes. 

Based on a real-world scenario, I will share my journey of finding “the easiest” solution for quickly breaking up large repositories into separate smaller ones. Using live examples, I will show how you can fork your repo’s git-history on a per-file basis (fast!), how you can write your own Gradle plugin to pull apart you project’s modules + dependencies and rewrite them to Maven and what I have learned from my experiences.d

How the right architecture helps you make big changes

You want to move to a different framework, or maybe you have to upgrade that really outdated library, but where do you start? And how do you do that in small steps? This workshop lets you experience how architectures and techniques like hexagonal, vertical slice and domain driven design can help you move through big transformations, while at the same time you increase your code quality!

Like many of us, your codebase is likely not a nice small microservice and you cannot afford to spend months working on a rewrite. Instead you need to take small steps. But small steps and keeping everything working may seem like a daunting approach. During the workshop, you will will get you acquainted with several techniques and the right mindset that will allow you to make big changes in small steps.

You can choose to use Java or Kotlin during the workshop.

To make sure you have a running start and don't lose any time on basic setup during the workshop, please following the preparation instructions at:

https://github.com/nkrijnen/workshop-devoxx-2022

TLDR: Install IntelliJ + clone repo + check that tests run.

IMPORTANT NOTE: Based on schedule popularity ❤️ , we'll repeat this HoL on Wednesday afternoon at 14h00 !!

How the right architecture helps you make big changes - 2

You want to move to a different framework, or maybe you have to upgrade that really outdated library, but where do you start? And how do you do that in small steps? This workshop lets you experience how architectures and techniques like hexagonal, vertical slice and domain driven design can help you move through big transformations, while at the same time you increase your code quality!

Like many of us, your codebase is likely not a nice small microservice and you cannot afford to spend months working on a rewrite. Instead you need to take small steps. But small steps and keeping everything working may seem like a daunting approach. During the workshop, you will will get you acquainted with several techniques and the right mindset that will allow you to make big changes in small steps.

You can choose to use Java or Kotlin during the workshop.

To make sure you have a running start and don't lose any time on basic setup during the workshop, please following the preparation instructions at:

https://github.com/nkrijnen/workshop-devoxx-2022

TLDR: Install IntelliJ + clone repo + check that tests run.

How to avoid common pitfalls with modern microservices testing

Have you ever wondered why your microservices break in production after all the tests have passed during CI/CD? Have you ever wondered if you’re testing too much or too little? If you want to learn about common pitfalls and how to catch them at build time rather than at runtime, this session is for you!

In this session we’ll share some common battle scars from our experiences in the field. Additionally, we will introduce the testing pyramid and explain why it is important in helping to continuously deploy microservices independently without fear. We will demonstrate, through a test-driven development approach, how the combination of Pact contract testing combined with Quarkus developer joy can help prevent your microservices from breaking in production.

How to handle 100,000,000 logins without service interruption ? Betclic will relate his football Euro 2020

Sports betting is growing a lot since few years in Europ. All actors in the domain are confronted to the same issue : how to ensure a flawless continuity of service whereas systems requests are exponentially increasing ? Climax of the phenomenon, Euro 2020 football excitement. 

At Betclic, we enhanced our platforms and took upstream right decisions : we set up some observability process, monitoring and load tests. These ones allowed us to support more than 100 millions of logins in 1 month without service interruption. We’ll also present how we are preparing football World Cup 2022. 

Come to discover tools which allowed us to manage that big growth in an optimal way, and to experience our sport events in peaceful way. 

How To Review Someone's Code While Not Being A Jerk!

Most of us do code reviews very often if not daily. However, how can we tell whether we are good reviewers or not? Do we review a code as robots? Do we keep in mind that we are reviewing the code of someone who invested time and knowledge to write this code, and thus deserves to get respectful feedback?

In this talk, we present the code review best practices and we answer the following questions: What to look for in a code review? How can we write useful reviews?

Furthermore, we explain the key tips for writing respectful and constructive code review feedback. To discover more about all these points and more, come and see our talk.

How to secure a Kubernetes cluster from scratch?

"You just have deployed your first Kubernetes cluster. You are about to make it accessible to your developers, but your CISO falls on you: he asks you to present all the measures taken to secure the cluster." We will start by auditing the technical configuration of a Kubernetes cluster in order to identify vulnerabilities and apply patches to technical components. We will continue with the exploitation of Kubernetes primitives to implement security mechanisms (RBAC, AdmissionController, NetworkPolicy, SecurityContext, ...). We will then enrich the cluster with Open Policy Agent, a rules engine allowing us to apply finer control than Kubernetes primitives. We will also integrate Falco, a behavior analyzer to detect suspicious actions performed within containers and at the Kubernetes API Server level. We will end with the implementation of a CI/CD pipeline integrating a vulnerability analysis carried out with Clair in order to detect compromised images during the build.

How to train machine learning agents to do fun and absurd things using Unity3D.

While machine learning is often used for image recognition, speech recognition and the such, people tend to forget that there is another industry making full use of machine learning. The games industry. Within the games industry companies have been using machine learning to train their NPCs (non-player characters) a plethora of things. From basic combat behavior to full blown city building. During this session Alexander will show you what you can expect from using machine learning agents in Unity3D, an industry standard game engine. Alexander will demonstrate how to implement basic machine learning agents in Unity and how to train them! But the agents won't be trained to do standard stuff. From matrix bullet dodging to headbanging, we can train our agents to do the most absurd and fun things!

Improving your skills with the debugger

This presentation is about levelling up your debugging game. Most developers only use the proverbial tip of the iceberg when working with the debugger. There is so much more to learn so lets have a look at interesting mechanisms like:

- dropping frames ("going back in time")

- remote debugging (why stay on your local machine?)

- hot code swapping (faster than redeploying the code)

- stream debugging (for those hard to debug streams)

The entire presentation will be in IntelliJ. Some parts are IntelliJ specific, but most parts apply to all IDEs.

Introducing Spring Framework 6.0

The next generation of Spring applications is almost here!

Spring Framework 6.0 brings an exciting new baseline for the entire Spring ecosystem: Java 17, Jakarta EE 9+. This is the foundation for Spring Boot 3.0 and the beginning of new major themes, ranging from AOT/Native to Observability.

During this presentation, Stéphane and Brian will cover the main topics of this new release:

• the new Java 17 and Jakarta EE 9 baseline
• the AOT/Native efforts for GraalVM native applications and efficient JVM apps
• the Spring Observability initiative and what it means for various components like RestTemplate, web controllers...
• the new Java interface clients for HTTP and other transports
• Support for RFC 7807 problem details
• and more!

IoT in the Trenches, at Scale

If you’ve wired up a Raspberry Pi to some sensors and actuators,  you’ve dipped your toes into the internet of things. But there’s  a lot more to it that crosses the skill sets of cloud and device  engineers. This talk is a tour through issues and approaches, and circles back to Java’s origin (believe it or not) in IoT.

IoT, JavaScript and Beer Brewing: Cheers to that!

Beer brewing can be fun, but combining brewing with IoT device hacking is even more fun. Using open source technologies, it is possible to connect and collect data about almost anything, including the fermentation process inside a closed fermenter. 

In this three-part presentation, you will learn how to use JavaScript to program microcontrollers and IoT devices. You will then learn the basics of beer brewing. Finally, you will see how you can use serverless technologies and a document database to process, manage, and analyze data produced by those IoT devices.

And if you’re new to beer brewing, don’t worry; you will also learn a thing or two about that as well!

It is not about being right

I have moved between individual contributor and a management role three times in my career, and every time I felt that what helped me as an IC was impacting me negatively as a manager. I'll walk you through my last transition to a management role: what aspects made the transition harder and how I did overcome them.

Jakarta EE 10 - Simplicity for Modern and Lighweight Cloud Applications

Jakarta EE 10 is packed with new features for simple development of modern, lightweight enterprise Java applications for the Cloud. The new Jakarta EE Core Profile enables developers to develop microservices with Jakarta EE technologies with runtimes smaller than ever. Jakarta EE Core Profile even makes it possible to compile Jakarta EE applications to native images to reduce the footprint even further.

In this session, we will explore the new features of Jakarta EE 10 in an interactive way packed with live code demos. Among the features we will go through are the new reflection-free programming model introduced in CDI 4.0 Lite and the new Java SE Bootstrap API in Jakarta RESTful Web Services 3.1. But there will be more, so make sure you join this session to get it all!

We will even take a peek into the looking glass to see what we can expect from Jakarta EE 11.

Java and Rust

Java is an established language, with advanced VMs, robust package libraries, mature frameworks, dynamic and reflective capabilities, a large tooling selection, and a sizeable developer ecosystem. Rust is a younger systems programming language that can have small memory footprint, low CPU utilization, offer low latencies and have small application sizes.

• But how do these characteristics pan out in the real world?
• How easy is it to take advantage of them?
• Is one language “better” than the other?
• Are they really so different?

In this talk we will take a journey with the two languages and we will review our experience in designing and building a sample application with the same requirements in both Rust and Java. We will compare the development experiences and how they each perform. We’ll share our thoughts and conclusions on where Rust and Java could be improved. And we’ll talk about how we see each being used in the future.

Java Collections Puzzlers

The Java Collections Framework is the most widely used API – probably in your application too. You use it all the time, but do you really know your way around it? You can be surprised even by common classes like ArrayList and HashMap, let alone by the handling of null values or immutability in lesser-known classes. In this interactive session, we’ll look at some obvious code and its less-than-obvious effect. It’s up to you to guess the outcome! But everything will be explained, and you’ll end up knowing how to avoid pitfalls, both well-known and obscure, in using the Collections Framework. 

Java *is* agile

It's so refreshing to see a group being agile in the world where so many talk about doing agile. The announcement of the six months release cycle was met with skepticism. But, Java has delivered consistently since that announcement. Let's dig in and learn how we can benefit from the amazing recent changes.

Java on CRaC: Superfast JVM Application Startup

One of the key benefits of a microservice architecture is the ability to dynamically respond to changes in load by spinning up new instances as required. However, when deploying JVM-based services, the warmup time of JIT compilation can be a limitation on the effectiveness of this technique.

One approach to solving this problem is using native images, where the service is statically compiled using an ahead-of-time (AOT) compiler. Although this does reduce startup time and footprint, it does so at the cost of overall performance.

A new project has been proposed and accepted into OpenJDK called CRaC (Coordinated Restore at Checkpoint). The goal is to research the co-ordination of Java programs with mechanisms to checkpoint (snapshot) a running application. Restoring from the snapshot could solve some of the problems with the startup and warmup times, especially in microservices.

In this session, we’ll look at the main challenges for such a project, potential solutions and the results from a proof-of-concept implementation.

Java™ 18 & 19. What's new and noteworthy?

Hey, there are two major Java versions released every year! We don’t have to wait 3 years or so for new features any more. Isn’t that cool? ;-)

Java was supposed "to be slow". However, Java turns out to evolve so fast, that next releases aren't just version bumps, but might significantly change the rules of the game. That's a good reason to check out what's new in Java.

To name a few changes:

• Pattern Matching for switch,
• Record Patterns,
• Virtual Threads,
• Calling native stuff,
• Simple Web server,
• what's gone and what will be gone,
• and other stuff.

If you find them interesting, let’s dive deep together into new interesting stuff.

Java under the Hood of Elasticsearch

Elasticsearch is one of the most widely used Java projects out there. While many people know the REST interface and how to use it, this talk takes a look under the hood and picks up some of the more interesting Java topics there:

• Why and how Elasticsearch is always bundling the latest JDK with the default binary; also what lessons can be learned from Docker to Java distributions issues.
• What Java features is Elasticsearch (not) using; also what are the requirements for building / testing and running.
• While the Java Security Manager served Elasticsearch extremely well for Log4Shell and other security issues, what are the next steps after its deprecation to replace it.
• Elasticsearch's Gradle setup is a monster but a powerful one — how does it keep the developers productive and what are the most important changes around performance.

JOOQ, Joy of SQL

What if we take back control over our interactions with our favorite database? Our databases are powerful monster and we underuse them 😓!

We’ll see with JOOQ how to write standard and advanced queries, with ease and type-safety!

This presentation is based on a my experience in SQL with PostgreSQL, since the beginning of my career as a software engineer. I described all the state of mind I go through about SQL and what lesson I've learned about it.

Kafka: a map of traps for the enlightened dev and op

While looking simple, Kafka hides a surprising complexity. In this Deep Dive, we will explore a map of Kafka kingdom's traps, monsters, and treasures.

First from the point of view of the **client side app and its developers**: serialization, partitioning in a polyglot world, impact of rebalancing, retry and orders, assignment policy, commits and schema loss, DLQ problems, etc.

Then from the point of view of the **operations**: how to configure the Kafka cluster, how to validate that it works as expected, which metrics are useful, how are guarantees managed, what’s the impact of sharing resources between a Kafka and… another Kafka.

This deep dive will make you explore advanced concepts that influence the development of a well-behaving Kafka application. And because we’ve got to go live one day, we will discover how a cloud provider handles its fleet of Kafka at scale. This retrospective comes from the work Clément and Emmanuel did around Kafka libraries development and the management of Kafka in the cloud.

Dev traps, ops traps, they will be discovered through a fun and practical focused recipe format.

Keep Your Cache Always Fresh with Debezium!

The saying goes that there are only two hard things in Computer Science: cache invalidation, and naming things. Well, turns out the first one is solved actually ;)

Join us for this session to learn how to keep read views of your data in distributed caches close to your users, always kept in sync with your primary data stores change data capture. You will learn how to

- Implement a low-latency data pipeline for cache updates based on Debezium, Apache Kafka, and Infinispan

- Create denormalized views of your data using Kafka Streams and make them accessible via plain key look-ups from a cache cluster close by

- Propagate updates between cache clusters using cross-site replication

We'll also touch on some advanced concepts, such as detecting and rejecting writes to the system of record which are derived from outdated cached state, and show in a demo how all the pieces come together, of course connected via Apache Kafka.

Keep your dependencies in check

If Log4Shell, Spring4Shell, etc. have taught us anything, it's that we need to keep our dependencies up to date. But updating our applications can take a lot of time. How do we stay on top of that, while also continuing to deliver business value?

Luckily, there are plenty of tools that can help us with this, from package managers to bots that can automatically create changes on our repositories. Let's go over some of the different options, so we can make informed choices about what's best for us in a particular situation.

Learning Through Tinkering

Do you also feel like it’s hard to keep up with all the new tools and frameworks coming your way? You are not alone! By choosing IT, you are choosing to learn for the rest of your life… not an easy task.

In this session we’ll look into some concepts that will help you get the most out of your efforts to learn new shiny stuff!

We’ll go over a couple of example projects and give you some guidelines to keep learning without being overwhelmed by the flood of new technologies.

Let's build together a microfrontends application combining multiple frameworks using Module Federation

Live coding demo of a Micro-Frontend application gathering modules in Angular, AngularJS, VueJS and React using the Module Federation plugin from Webpack 5.

The term Micro-Frontends first appeared in ThoughtWorks Technology Radar in late 2016. It extends the concepts of micro-services to the FrontEnd world.

Webpack is an open source bundler modules. Its main purpose is to bundle JavaScript, HTML, and CSS files for use in a browser.

In its version 5, Webpack brings a new plugin called Module Federation, this one allows to assemble "remote" files and modules which are exposed on another machine.

This plugin opens the door to a new way of making Micro-Frontends applications.

It makes it possible to cut, version, patch and deploy its application by "pieces", in order to reduce its overall complexity and facilitate its evolutions.

The multi-framework aspect makes it easier to migrate technical stacks by removing the constraint of a global migration carried out in one piece.

Let’s Go Triple Active with Three Clouds and Cilium

One cluster and one cloud are not enough to guarantee a highly available resilient architecture. For critical systems, it may be crucial to provide triple active resiliency. But how to achieve this?

This talk shows a triple active architecture based on a cluster mesh between AWS, GCP, and Azure using Kubernetes and Cilium. In addition to a live demo of a working cluster mesh across three clouds, the talk discusses multi-cloud networking and Cilium as a CNI plugin with meshing capabilities. The talk focuses on an honest review of Cilium based on real-life experience. It contains a deep dive into routing and meshing configuration problems, cloud-specific limitations, as well as detailed Cilium performance results in a multi-cloud environment.

The summary provides guidelines on architectural patterns and functional use cases for cluster meshes with Cilium, highlighting Cilium strengths and weaknesses.

Let's kustomize our manifests with style 🤩!

What if we reboot the YAML templating system in K8S world?

Come discover Kustomize, a powerful built-in alternative to manage our YAML and keep our deployment readable and simple to debug. We'll see together how to organise our systems, by environments or by features ❤️.

At the end of the talk, you'll be able to deploy and distribute your Kubernetes application, manage it and upgrade it with ease, directly from kubectl, kustomize and even kpt!

Let's make a contract: the art of designing a Java API

An API is what developers use to achieve some task. More precisely it establishes a contract between them and the designers of the software exposing its services through that API. In this sense we're all API designers: our software doesn't work in isolation, but becomes useful only when it interacts with other software written by other developers. When writing software we're not only consumers, but also providers of one or more API and that's why every developer should know the features of a good API. During this presentation we will go through real-world examples, also taken from the standard Java API, of good and bad API and comment them in order to show the dos and don'ts of API design. More in general we will discuss the characteristics of an easy and pleasant to use API, like consistency, discoverability and understandability, together with some basic concepts like the principle of least astonishment, and find out how to achieve them.

LITTIL step for man, big step for mankind

LITTIL started as an initiative of Devoxx4Kids Netherlands during the covid period. How can we teach children programming while we are all limited by the covid regulations.

In this talk we show how we started with LITTIL as a greenfield open source project to bring our IT volunteers in contact with primary schools. Why? We support small Devoxx4Kids days in the classroom.

Let me show you what we build and how we love to let people all over the world use this platform for free. After this talk I hope not only the Netherlands will bring these great Devoxx4Kids days to their schools, but also other countries.

Load Testing Crash Course with Gatling

QA had thoroughly tested the new release, performed Unit tests, functional tests and yet... we still crashed.

The ultimate goal in development is to make sure the application works for the end users in the production env, not just in QA.

This is where load testing comes in.

This session will give you some basics about load testing, how to avoid common pitfalls and how to build efficient load tests with Gatling and Java.

We're going to talk about network protocols, application behavior and stats.

Loom is Blooming

The Loom project has been under work for several years now. A preview version has been made available in the JDK 19, so we now have a precise idea of what it will bring to the Java platform. We can see the patterns we will be able to use, and the performances it will bring. Our good old Threads, created more than 25 years ago, will see a new kind of lightweight threads. Creating a thread will be easier and much cheaper, allowing the creation of millions of them in a single JVM. These virtual threads can be block at almost no cost. These new virtual threads bring with them new notions that will be covered in this talk. You will see structured concurrency, reactive and asynchronous programming. You will learn about ExtentLocal, a new way of dealing with ThreadLocal variables, about StructuredExecutor, and about synchronization. A lot of code is shown in this presentation that will show you how Loom can change the way you write your code, the performance gains you may expect, both in your application and for the Java Virtual Machine itself. 

Major migrations made easy

Conferences love to show you the latest and greatest framework versions and language features. But those new technologies can feel a world away back at work. And it can be hard to justify the time spent to upgrade something that’s not broken, such as JUnit 4.

What if you could migrate in mere minutes? With OpenRewrite you can! A collection of fine grained recipes combine to achieve large scale migrations of frameworks and tools related to the JVM. And since it uses an abstract syntax tree, refactorings are guaranteed safe.

Upgrade Spring, Micronaut and Quarkus. Adopt JUnit 5; switch to AssertJ. Replace Log4j with Logback. Fix Checkstyle violations. A world of quick and easy migrations awaits!

Make your workflow to your Wallet: resilient, cost-saving, and simple cloud architectures

App integration? Microservices orchestration? Long-running actions? Stateful workflows? Retries? Fault-tolerance? Process automation? Do any of these concerns keep you up at night? Luckily, there's a way to cure your insomnia. Meet Google Cloud Workflows.

To make this session even more fun, we'll show how we can combine two remarkable technologies, Google Wallet and Google Cloud Workflows, to implement an online raffle system at Devoxx. Bring your Android phones, interact with our app, add passes to your Google Wallet, and maybe even earn some cool swag!

Mastering Testcontainers

Testcontainers libraries are a great way to create a reliable environment for running tests. They provides programmable, lightweight, and disposable containers to give you more confidence in your integration tests. Getting started with Testcontainers is super straightforward, but have you looked into more advanced features to supercharge your test suite?

In this session, we’ll look deeper at Testcontainers and learn cool things like what’s the best way to debug what happens in a container? How to build more complex topologies of services? What’s the best way to migrate from Docker compose? How can one use Testcontainers for local development in addition to integration tests? And what’s the magical reusable mode everyone is talking about?

Whether you’re a practitioner with solid test coverage or just beginning your journey into writing more reliable software, this session will introduce you to Testcontainers and its pretty cool capabilities!

Math Behind Software

Be aware: it's mostly theoretical math here!

But math is an essential part of our everyday work as software engineers, so it's worth having a closer look at what the math behind software is.

This presentation is focused on the concept of vacuous truth and how it can impact our work.

The talk opens with an intro on how and where math intersects with software development and moves on to defining vacuous truth exactly and a brief explanation of why calling .allMatch on empty Stream will always return true.

Maven, my life is short!

Have you ever attached a performance profiler to your Maven build? Do you know what are the bottlenecks and possible mitigation strategies? In this talk we’ll guide you through some of those, such as skipping Maven Mojos, using mvnd, a.k.a. Maven Daemon, vertical scaling (a machine with more CPUs and RAM) and incremental builds with GIB. All tricks will be presented along with relevant numbers and we will discuss not only time gains but also costs and trade-offs. Sneak peek: the presenter’s main build went down from 23.5 min to 1 min.

Melrōse - a language and runtime to program music

Melrōse is both a language and a tool to create and listen to music interactively, The language uses musical primitives (note, sequence, chord) and many functions (map, group, transpose) that can be used to create more complex patterns, loops and tracks. Melrōse uses MIDI output to produce sound by any (hard or software) device attached. Melrōse can also react on MIDI inputs to start, record and stop playing musical objects. A plugin is available for Microsoft Visual Studio for the best usage experience.

Modern frontends with Thymeleaf and htmx

Frontend development is getting more and more complex when using JavaScript frameworks like Angular or React. On top of that, the landscape is also rapidly changing. Developers claim that this is needed to build the highly interactive web experiences we all come to know and like. However, that is not true. This talk will show how you can use the productive combination of Java 17, Spring Boot, Thymeleaf, and the htmx JavaScript library to build such experiences without writing JavaScript. Adding a few attributes to your HTML will allow you to implement patterns like Click To Edit, Endless Scrolling, Lazy Loading, etc…

You might think that you need to start your new project with a JavaScript framework because you “might need that interactivity” later. This talk will show that you can use htmx to enhance your web application easily where it makes sense. For the rest of your application, use the simplicity and productivity of server-side rendering.

htmx is already making great strides in the PHP/Laravel and Python/Django world, it is time for the Java/Spring Boot world to embrace this as well.

Monitoring Latencies: How fast is your REST service?

Understanding how fast REST services respond is one if the key signals in application performance monitoring.

However, there is no established best practice for monitoring REST service performance. Popular Java metric libraries offer multiple algorithms and representations to choose from, each of which requiring specific trade-offs and targeting specific use cases.

Moreover, this is an area of active development: The Prometheus community and the OpenTelemetry community are about to finalize the specification of sparse / exponential histograms, which will come with their own strengths and weaknesses.

In this talk we will give an overview of the algorithms implemented by the most popular Java metrics libraries, explain the implications on dashboards, SLOs, and alerts, and explore trade-offs.

After the talk you will be able to choose the implementation that fits your use case, and you'll be able to better understand latency data on your monitoring dashboard.

“Multi-Player” Enterprise Applications: Why and How to Build a Collaborative UX

The sprint planning meeting is about to wrap up when the product owner remembers: "The customer complained about the stale object exceptions. How hard would it be to see each other's edits in real time before anyone tries to save?" And they aren’t talking about Google Docs, but a workhorse enterprise application.

Just like that, you find yourself going down a rabbit hole filled with CRDTs (what?), message buses and a perplexed UX designer. It's hard enough for your microservices to deal with eventual consistency, and now your end users might also face something similar. Are you stuck with locking out one user while another one makes changes? Or letting users unintentionally overwrite each others’ edits?  

Worry not! I've made peace with the rabbit and I'm here to help you understand why collaboration isn’t just for desktop productivity apps and how to make the essential tradeoffs for both your architecture and your users.

Mutation Testing: Did my test break my code ? 🤔

Last week, you spend the last 2 days writing plenty of tests. Your code coverage was 100% so you thought you could safely leave on a weekend ✈️🏖️

But on Monday, your inbox is flooded with new bug reports. What happened!? What did you miss?

In this talk, we present Mutation testing which is a technique to evaluate the quality of tests beyond the number of lines tested. Mutation testing is based on creating a changed copy of the code to ensure a software test suite is able to detect the changes.

How do we create Mutation tests? How does it work? What are the advantages and drawbacks of Mutation tests? All these questions will be answered with a demo in this talk.

Come and discover what Mutation testing is and how can we implement it to ensure the quality of our test suites.

NewSQL, the holy grail of databases?

Once upon a time, we only had two types of databases: SQL and NoSQL. Both had advantages and disadvantages, but this allowed us to choose the database that fit our application best. Then one day a challenger appeared: NewSQL. It promises to have the scalability of NoSQL databases as well as the transactional & consistency capabilities of an SQL database. Come with us on a journey to discover whether or not NewSQL is indeed “the chosen one”.

No more John Doe: realistic mock data with mockaroo

When working on something new, you often have to create fake data. Those attempts usually never exceed the John Doe or test123 level, and that’s fine. If you need more meaningful information, or have to generate data on more than one occasion, then you need a tool - welcome mockaroo!

Mockaroo offers a wide range of generators, ranging from IT (domain names, IP addresses, email) over commerce (currencies, IBAN) to miscellaneous (colors, animals, currencies). On top it provides an intuitive UI to get you started. Next to that, you can save your data in common formats.

In this session, I’ll briefly cover why realistic data is useful. Next I’ll dive into mockaroo and how to create your realistic dataset. While doing so, I’ll provide practical tips based on previous experiences. A short demo consuming this test data as an API will conclude this talk.

No more Xmx! - Adaptable Heap Sizing for Containerized Java Applications

Have you ever run Java in a container? Are you tired of tuning Xmx? If so, this talk is for you! (And even if not, this talk is still for you!)

Come learn about Google's solution to memory management of Java programs inside a container. Currently, the configuration of Java applications is tricky and error-prone; incorrectly-valued flags can have significant performance and cost impact. In practice, the most problematic flag misconfiguration is the maxiumum Java heap size (--Xmx). A new project within Google, called Adaptable Heap Sizing (AHS), boldly removes the need to manually tune and set a maximum heap size, and instead automatically adjusts Java heap usage based on container limits and container usage. Furthermore, AHS improves the stability of Java applications by significantly reducing the likelihood of memory-related runtime errors, while often reducing memory usage as well.

Attend this talk to learn more about Java memory in a container, the history of memory issues at Google, and how we came up with a solution to these problems!

Nothing less than Sustainable Pace

Why are we, developers, very often running behind the schedule?

Why is the idea of sustainable pace so far from reality?

There is a clear correlation between these questions and the increasing complexity throughout software development life cycle - SDLC. Development-wise we have the tools to manage and prevent it, such as clean code and architecture. But why does that still happen even though we set these standards?!

Code is not everything in SDLC (unfortunately). In these session, let's go through some smells, other than code smells. We'll look to the big picture; what makes it unpredictable; what leads to unsustainable pace; and what we've been doing at ARHS to deal with that.

OAUTH 2.1 explained simply (even if you are not a developer) !

It is very difficult today to deploy an application on the web without dealing with OAuth2. Designed to better protect users, this authorization delegation protocol has become a standard in the industry.

However, haven't you cried trying to understand the concepts of OAuth2? Let's be honest, this is quite easy to get lost between the different roles and the multitude of flows of this protocol. And its complexity has discouraged more than one! However we can't deliver without it, so we try to setup some OAuth flow and usually... this is really painful.

But don't worry, whether you have a tech profile or not, this talk will help you to finally understand the intricacies of OAuth simply, including the new version 2.1, using analogies from everyday life!

Ode to the mighty Bit

I’ve given talks at software conferences about quantum computing and the amazing properties and possibilities of quantum bits (qubits). However: It is now time to give the regular old binary bit the love that it deserves.

During this talk we will dive into bits and booleans, the foundation of modern computing and the building block of your entire career. We’ll look at truth tables, bit masking, bit twiddling, NAND gates, how to store and manipulate data (like floating point numbers) in binary and finally we'll take a look at the powerful concept of boolean satisfiability & SAT solvers.

OpenTelemetry – An Observability Framework for Cloud-Native Software

In cloud-native technology stacks, distributed and polyglot architectures are the norm. Distributed architectures introduce a variety of operational challenges including how to solve availability and performance issues quickly.

These challenges have led to the rise of observability. Telemetry data is needed to power observability products. Traditionally, telemetry data has been provided by either open-source projects or commercial vendors. With a lack of standardization, the net result is the lack of data portability and the burden on the user to maintain the instrumentation.

This session introduces the OpenTelemetry project which solves these problems by providing a single, vendor-agnostic solution. We'll take a look at the different parts of the specification and how OpenTelemetry integrates with popular frameworks and libraries. Finally we look at the interaction with Cloud infrastructure as OpenTelemetry is especially focused on cloud-native applications.

Optimizing Speed and Scale of Real-Time Analytics Using Apache Pulsar and Apache Pinot

Apache Pulsar is a new generation of platform that offers enterprise-grade event streaming and processing capabilities built for today's Cloud Native environment. But what do you do if you want to perform user-facing, ad-hoc, real-time analytics too? That's where Apache Pinot comes in.

Apache Pinot is a realtime distributed OLAP datastore, which is used to deliver scalable real time analytics with low latency. It can ingest data from batch data sources (S3, HDFS, Azure Data Lake, Google Cloud Storage) as well as streaming sources such as Pulsar. Pinot is used extensively at LinkedIn and Uber to power many analytical applications such as Who Viewed My Profile, Ad Analytics, Talent Analytics, Uber Eats and many more serving 100k+ queries per second while ingesting 1Million+ events per second.

Apache Pulsar's highly performant, distributed, fault-tolerant, real-time publish-subscribe as well as queueing messaging platform that operates seamlessly in a Cloud-Native environment with support for geo-replication, multi-tenancy, data warehouse or data lake integrations, and beyond. It is a tried-and-true platform that has major enterprise customers such as Yahoo, Verizon, GM, Comcast, etc.

Best of all, Apache Pulsar and Apache Pinot together represents a blissful union in the #OSS "heaven"!

Come hear the dynamic duo, Mary Grygleski from DataStax, and Karin Wolok, Head of Developer Community at StarTree, on an introduction to both systems and a view of how they work together.

ORM, 20 years later

Hibernate is the preeminent object/relational mapping solution, and is still immensely popular two decades after it was first introduced to the Java community.

The Hibernate team recently had an opportunity to ask what Hibernate got wrong, and what could be done about it. Answers to those questions were realized in Hibernate 6, which marks a significant break with the past.

Simultaneously, the needs of Quarkus pushed the team to create Hibernate Reactive, the first non-blocking ORM.

In this session, Gavin King will talk about Hibernate 6 and Hibernate Reactive, and of his experience returning to the world of data access after a long absence.

Overcoming CVE Shock - Adding Perspective in Vulnerability Scanning

"CVE shock" is the state of total helplessness felt by a dev or security engineer facing the overwhelming list of CVEs returned by the vulnerability scanner. Sound familiar?

We'd like to bring you a therapeutic and cathartic rant session for those who have felt "CVE shock" firsthand, with a goal to turn that frown upside down, and demonstrate through real code examples, that there is hope!

In this talk we'll share the findings from a security research project on the state of application behavior in containers. This research was conducted on existing cloud native projects and with some script magic, and will shed light on the most popular packages actually used in your containers. With this information in hand, we were able to automatically identify the relevant CVE for the most popular applications and packages, and discard those that are irrelevant. This utility can also be used to produce VEX documents that align with industry processes and standards.

We are going to present the research, the automation and code samples, and how you can leverage these to reduce the noise, and only focus on the CVEs relevant to your application.

Panel: Exploring Sustainability in Tech Without the Guilt-Trips

Most of us are all well aware of it: the current trend of climate change is not looking great. We can already feel some of its consequences and it is very likely to only become worse. As software developers we’re all about innovation though, so as long as we’re innovating not all hope is lost.

So how can you use innovation to become more sustainable, both as a software developer and as a human being? There is no single answer to that question, which is why we’re hosting this talk as a panel so that you’ll be able to hear multiple opinions. Each of us has a different perspective and knows different things we can do to help make a difference, and we'd like to hear from you as well!

We’d like to emphasize that we don’t want to guilt-trip anyone. This session is intended as a source of inspiration. The sheer scope of the problem can cause even the best of us to freeze up. Hearing ideas, no matter how small, from peers will provide you and us with ideas for the next step to take. This talk could be an opportunity for you to catch a few sustainability tips that can find their way into your life without costing you any noticeable effort.

Performance Testing Java Applications

Every so often, you’ll read a performance benchmark (of a Java or other application), with bold claims for how well X performs compared to Y. Testing the performance of your Java application is an artform rather than engineering, and is a minefield of misconceptions, misunderstanding, and misinformation. In this session, we will review the basics and give you concrete steps to build a robust performance testbed for your application. We will be looking at this from a real-world server-side application point of view, specifically for Java apps. We’ll review common problems and how to avoid them. We’ll cover these topics while building up a performance test and running it live:

• Define your goals: SLA, latency, throughput, stability
• Test env vs. Production env for testing
• The impact of GC on Java app performance
• Tools for setting up, driving load, and getting perf test results
• Testing application infrastructure like Kafka, Spark and Cassandra
• Operating system settings, JVM settings, memory sizing, and CPU sizing
• Analyzing perf test results and finding bottlenecks that are both apparent and not obvious

PGP vs sigstore: the match at Maven Central

Did you ever use PGP to sign libraries published to Maven Central? Did you try to check PGP signatures when downloading dependencies, to make sure you are not affected by a Software Supply Chain issue?

Required PGP keys management is usually not the best experience developers have…

That’s why the sigstore project was introduced recently, promising easy keyless signatures. It started with Docker images signatures, but a lot of effort is put to extend its usage to every package registry, including Maven Central.

Let’s see how sigstore works and how it is expected to improve not only the signing experience, but also the verification process of artifacts at Maven Central.

Playwright. Your Next Java Test Framework for automating Web tests

The Playwright is a testing framework created by Microsoft to write tests for modern web applications. It helps us create multi-browser/platform resilient tests.

Playwright tests can be executed in different languages (Python, JavaScript, Java, …), working in headless mode and giving some boost to your tests.

Apart from specific testing features, Playwright comes with a set of different tools that enhance the experience as developers, like creating reports to inspect the test execution, the state of the browser at each moment, and showing why a test failed. Also, screen recording of the execution to review the test path visually.

Moreover, an automatic code generator is a tool provided to get started with Playwright smoothly.

If you want to learn about this new testing framework, get an introduction to its components, how it’s different from other testing frameworks, and see it in action. Come to this session and start efficiently writing automated web tests.

Plugin and Play with Kotlin

How to verify your Kotlin project in a Kotlin way? What linter, code coverage tool and static code analysis plugin to use?! We might know our Java counterparts for this, but what to do when you write your talks in Kotlin? 

Kotlin is designed to fully interoperate with Java, mainly provoked by the fact that the JVM version of Kotlin's standard library depends on the Java Class Library. Nevertheless, Kotlin’s standard library has some new tricks which are not supported by Java. Therefore, the Java verification tools might not interpret all the cool new stuff that we’re writing in Kotlin in the right way.

In this talk we’ll go over some plugins (Kover and Detekt) that are specifically designed for the Kotlin language to fully support your Kotlin project!

Portable GraalVM Cloud Native applications with Micronaut®

The Micronaut framework® is a modern, JVM-based and full-stack for building modular, easily testable microservice and serverless applications. In this session, the co-creator of the framework Graeme Rocher, will demonstrate how the Micronaut framework makes it easy to build cloud-portable Java-based applications.

Featuring abstractions over common Cloud services such as Email, Object Storage, Database, Tracing and Metrics. Graeme will demonstrate how you can take the same application and successfully re-deploy the application to multiple cloud providers without being concerned that you are introducing coupling to a particular Cloud.

Graeme will discuss best practises to integrate into your strategies for defining your application build, configuration and code to ensure your application stays Cloud portable in the future, whilst still allowing you to drop down and access Cloud specific APIs and SDKs when necessary.

The talk will also demonstrate how you can create optimised builds with GraalVM Native Image that ensure maximum efficiently of your application, whichever Cloud you deploy to.

Protecting the world’s greatest open source ecosystem with Sigstore

Would you make a sandwich with lettuce or tomatoes you picked up off the street? For most people, we hope, the answer is "no". We like to know that our ingredients are clean, who produced them and if they're safe to eat. Today many of us build software with 3rd party packages but there either isn't enough metadata or we're all too lazy to determine if they're truly safe to use. We risk accidentally shipping broken, vulnerable or dangerous software through compromised credentials, dependency confusion attacks or any of the many other techniques malicious actors have at their disposal.

Sigstore, an OpenSSF project to make cryptographic signing of artifacts easy to do and to verify, is a core part of solving the dependency trust problem. In this talk, by two of the sigstore-java maintainers, we will be introducing you to the Sigstore project and it's use with Maven Central. We’ll show how you, as a producer or consumer of Maven Central artifacts, can use Sigstore to sign and verify your artifacts and protect yourself and your users from malicious software supply chain attacks.

Pure Agile: Building a Culture Without Scrum, Kanban and XP

Why do we always estimate the size of tasks? Can't we catch the deadlines without estimating anything? Why do we push the teams to be small? Can't we succeed with big teams? Why do we give status reports every single day in front of a wall? How come many companies build successful products and achieve to be agile without calling themself doing Scrum, Kanban, or XP. Is doing Scrum means being agile? Do Agile Manifesto really explain what agility is? As Allen Holub in his blog, "Parroting the practices of some framework without knowing why they’re important and what problems those practices solve usually leads to an ineffective and empty faux Agile". It is time to talk about what agile is without doing Scrum, Kanban, and XP.

Quarkus Community BOF

Quarkus, the Black Swan of Java, is getting more and more popularity for its unbeatable Performance characteristics and the first rate Developer Experience it offers. With more than 630+ contributors to the main project, its rapidly expanding extension ecosystem, and a continuous stream of innovation Quarkus is leading the way in the Kubernetes Native Java Application development space.

Come to this Quarkus Community BOF to discuss the present and future of Quarkus with distinguished members of the Quarkus Development Team.

Quarkus, Micronaut and Spring Boot fighting in the Cloud

On the right corner, Quarkus, goes into his challenge against Micronaut the lightweight champion, and pound-for-pound with Spring Boot the best microservice framework in the world. Who will win the world “Cloud Native Java Runtime” title fight?

In this 3h long workshop you will bring your own laptop, install all the needed tools and be ready to develop from scratch three microservices: one written with Quarkus, one with Spring Boot and one with Micronaut. Add some business logic, access a database in a reactive and imperative manner, run them on HotSpot, compile them with GraalVM, containerize them with Docker and deploy them to the cloud. Then, add some load testing, scale and monitor them. At the end of this workshop you will know which of these microservices is the most appropriate in terms of performance, resource consumption, and startup time… or maybe you won’t ;o)

For this workshop you will need to install:

• Git
• Java 11, Java 17 and GraalVM
• Your own IDE
• Docker desktop
• An HTTP client (cUrl, wget, Postman)
• Have a Docker Hub account
• Have a GitHub account
• Have an Azure account (we will give you some credits)

Qwik: A no-hydration instant-on personalized web applications

Qwik is a new bread of frameworks with a goal of instant-on interactivity for your site even on low-power slow-network devices. Qwik is a resumable framework that starts its execution on the server and seamlessly transitions to executing on the client in a very lazy and incremental way. The seamless transition from server to the client provides an instant on-user experience which leads to lower bounce rates, more conversions, and higher sales. 

With Partytown for third-party scripts, and Qwik for your first-party applications your browser main thread has never been so bored. Qwik and Partytown are new bread of open-source web technologies that are designed with startup performance first as the main objective and all other design decisions follow from that goal. When Qwik and Partytown are combined with an edge-delivery network it is possible to get your application fully interactive into users' hands in as little as 50 ms setting a new standard of startup performance.

Reality as code - How close are we at generating humans and it's environment

I've done my fair share of automating computers and deploying processes. Many things have been said and written and after reading the conference schedule I wasn't sure what to add. Lately, though, I've become intrigued by how computers are automating humans, that is, the creation of photorealistic humans and virtual environments also known as 'synthetic media'.

I will take you on a tour across lip-synching, face swapping, voice cloning and capturing 3d modelling humans. How close are we at generating humans and what does it mean for our society? From Hollywood VFX over virtual production to AI-generated humans via GAN models and deepfakes, I'd like to explain the topics in a technical engineering way to inspire people in this exciting new field.

Recording the Flight of Serverless Functions

Since JDK 11 Java Flight recorder is available to all of us through the OpenJDK. It gives visibility of what is happening in your code and under the hood of the JVM with an acceptable performance overhead. 

Serverless functions allow us to run code in the cloud without the need to worry about infrastructure, scalability, nor maintenance. 

They offer a lot of benefits but profiling or debugging production workflows does not come out of the box.

In this session, we will demo a novel way how to do this, by generating JFR traces for a serverless function without the need to change a single line of code and analyse the result with Java Mission Control. 

It will not only show how the code itself behaves. But it also gives an idea what the cloud provider does with the JVM during the lifecycle of the serverless function.  

The demo will be on an AWS lambda, but the method can be generally applied on most other JVM based serverless functions. 

Repeatable scalable path to production for Java/Spring apps on Kubernetes

We will demonstrate how to easily develop, build and deploy modern Spring boot apps on Kubernetes. We'll use convention over configuration for the whole path to production; showing how you can deliver your apps continuously without being a Kubernetes expert. We'll show how to make apps k8s aware with Spring Cloud Kubernetes, how to do CI/CD with a full integration of open source components like Cloud native buildpacks and Flux/Tekton gitops.  Knative brings autoscaling ability and advanced deployment patterns like blue-green and canary deployments. Using Backstage as a developer portal enables faster developer onboarding and a one stop shop for all things related to the apps like runtime information, logging and (API) documentation.

Rethinking integration testing with Testcontainers

Before Docker, configuring the environment for integration testing was painful - people were using fake database implementations, mocking servers, usually it was not cross-platform as well. However, than to Docker, now we can quickly prepare the environment for our tests.

In this lab, I would like to show how you can use Testcontainers - a popular testing library that harnesses Docker to easily, reliably, spin up test dependencies.

You’ll go through the process adding powerful integration tests to your codebase (we’ll use a Spring Boot app) without the headache of managing external service dependencies manually. And get acquainted with all necessary Testcontainers concepts to write elegant, efficient, and reliable integration tests.

Reuse old smartphones to monitor 3D prints, with WebRTC, WebSockets and Serverless

Monitoring my 3D prints in my basement means climbing lots of stairs back and forth! So here’s my story about how I reused an old smartphone to check the status of my prints. I built a small web app that uses WebRTC to exchange video streams between my broadcasting smartphone and viewers, with WebSockets for signaling, and a serverless platform for easily deploying and hosting my containerized app.

Revolutionizing Java-Based Applications with GraalVM

Minimizing resource usage and ensuring scalability are major concerns in cloud deployments. For Java applications, GraalVM Native Image offers a perfect deployment platform for the cloud, enabling fast startup, low memory footprint, and instant performance. Additionally, there is improved performance predictability, simplified packaging, and better scalability. This talk will cover how to take advantage of this new revolutionary way to run Java-based applications including trade-offs and limitations.

Secrets of Performance Tuning Java on Kubernetes

Initially, getting Java to run on Kubernetes may seem complicated, but after a few lines of YAML and a bit of work with Docker, you will wonder what all that fuss was. It is easy! Then you start looking at the performance of your Java app in one core, one GB of memory container, and this is when it all very quickly gets murky. Ops, SREs, and Java developers need to be aware of the JVM's inner works when deciding on how to resource their applications. Without this knowledge, it isn't easy to know whether it is best to scale vertically or horizontally for performance and costs. This talk will explore JVM ergonomics, CPU throttling, Garbage Collectors, and how using this knowledge can help you increase performance while reducing costs in the cloud.

Serverless Integration with Camel Quarkus

When you build an application you will undoubtedly need to integrate it with other applications and systems. The Apache Camel project’s goal is to simplify the way we do integration, using the book “Enterprise Integration Patterns” as the gold standard. 

Apache Camel has been around for a while, but it is more relevant now than it has ever been. In this session we’ll show you how Camel can leverage Quarkus’ fast startup time and developer experience. 

As a bonus it can make use of technologies like serverless computing (eg. Knative) and data streaming (eg. Kafka), to remove bottlenecks, integrate faster and better than ever before, and save resources and money on top of it.

Attendees should come away from this event with the following:

• Understanding of what Serverless Enterprise Integration means and how to deliver better software faster
• How serverless technologies like Knative can optimize resource usage and scale rapidly to respond to fluctuating demand
• How the next iteration of Apache Camel (based on Quarkus) can leverage serverless computing and event driven architectures to do integration when and where it’s needed

Serverless machine learning systems with Hopsworks and Github Actions

In this session, we show you how to build an operational prediction service using only Python and free serverless services. The service is called CJSurf and it has a website that shows predictions of wave heights of surfing at a beach in Ireland. It is updated every 6 hours (https://github.com/jimdowling/cjsurf).

A prediction service is an analytical or operational machine learning system that receives new data regularly, manages versioned features and models, produces predictions on a schedule or on-demand, and serves predictions to end users or services. We will show how we built CJSurf with feature pipelines and batch prediction pipelines run in Github Actions, features and models managed by Hopsworks, and a user interface built in Streamlit. In total, there are only 4 Jupyter notebooks and 1 Python program. We will show how the system follows best practice in MLOps with regard to automated testing, versioning, and A/B testing. We hope this session can encourage Data Scientists to consider moving beyond only training models to building prediction services to show the value of our work to stakeholders.

Should Each Microservice Have Its Own Database?

We all heard a mantra saying “each microservice should have its own database” but is this always true? What about a situation when we split one business domain (bounded context) into several microservices because of some technical reasons. Does this statement hold true in this situation as well?

Working as a consultant helping clients to build distributed, microservices-based systems Dmitry faced this situation quite often. In this talk he will explain what challenges such situations bring and share different ways how these challenges can be addressed.

SKF Keeper project - There is no right or wrong, only fun and boring

During our work as penetration testers we found that there are a lot of vulnerabilities being introduced in applications that could have been prevented in an early stage of development.

The latest trend in integrating security tooling into CI/CD pipelines. However, security tooling integrated in your security pipe-lines will not cover the whole attack surface. This is because the tooling can never understand the full context of the applications functions and logic. On the other hand, resources in the form of manual verification can often be scarce and expensive. 

So what is the right balance and how can we make the most impact? By Guiding and training the developers and enabling them in writing secure software.

We created an online free to use, fully open-source platform that enables you to learn about building secure software using materials from the best resources available and practice them in hands-on labs. We currently have 3 different tracks that you can follow, Defensive secure coding, Offensive security testing and Infra security. Now you can have everything you need, training & guidance for doing AppSec right!

This aim of this talk will be to guide everybody willing to take the maturity of their security in software development to a higher level.

Sleeping Peacefully In the Age Of Shells: How Picking the Right Technologies Is Harder Than You Think

Log4Shell and SpringShell are just the vulnerabilities that managed to get everybody’s attention, but vulnerabilities that can be as harmful as them are discovered daily. Staying safe requires good tools and sound data. Getting that right can be a challenge

With real-life examples and up-to-the-minute analysis, this presentation will provide guidance on navigating the threat landscape, explaining how different types of attacks need different defenses and how that translates into specific actions that developers must take to reduce the chance of being compromised.  

Modern software security means being conscious of the choices made in selecting open-source components, tools, and vendors. This talk will teach you more about the tools, skills, and knowledge needed to be effective as well as show why learning to think critically about open source technologies and commercial tools alike will help reduce those sleepless nights.

Spring + Kotlin = Modern + Reactive + Productive

The combination of Spring and Kotlin is a winning combo for building modern, reactive, and productive servers.  This talk will walk through how Spring & Kotlin fit together with coroutines, R2DBC, Testcontainers, and Kotlin/JS for the web UI.  Come for Kotlin, stay for the ASCII art!

Spring Security, demystified

How I stopped worrying and learned to love security

Ensuring that applications are secure is now high on most "Deploy to Prod" checklists. Spring Security is the de-facto standard in the Spring ecosystem, bringing robust security and sensible defaults to web apps. It is flexible enough to fit any use-case, thanks to a myriad of configuration options and innumerable extension points.

Newcomers to Spring Security can feel lost when they step out of the "Getting Started" guides and need to fine-tune Spring-Security to their specific use-case. Developers can find themselves frantically copy-pasting from Stack Overflow until it kinda-sorta works.

This deep-dive aims to demystify Spring Security and provide a useful method for understanding how it works, and where the extension points are. Through numerous live coding examples, you will get familiar with the general architecture, foundational patterns and common abstraction. You will understand how they are used in the library code, and how you can draw inspiration from them.

Streamlining large-scale Java development using Error Prone

Using static analysis to spot bugs in your code has become a staple of modern Java development. But what if we can take this one step further where, instead of just finding issues, we fix them automatically? And, what if we can do this not just for bug patterns but for any coding pattern you'd like to enforce?

At Picnic we use Google's Error Prone and Refaster tooling to do just that. In this session you'll learn what these tools are and how to use them effectively. Large-scale refactoring and enforcement of code patterns becomes a breeze once you master these tools. What's more, you'll get a view of some the automated refactorings we use within Picnic at scale. Come and learn how to take control of your codebase like you never have before!

Supercharge your Native Image applications in 5 steps!

You've probably heard of GraalVM Native Image and how it is great for startup time & memory consumption, but do you know how to use it to the fullest in practice? In this session we'll look at developing and testing Native Image applications, optimizing their performance, working with metadata, monitoring, and more!

Synthetic data for explainable AI

Machine learning and artificial intelligence are becoming more and more part of the standard IT landscape in enterprises and organisations.

Commonly, ML models are trained using labeled data from the past and applied on new data.

This practice generally works well, but has a few risky shortcomings: undetected biases in the data and previously unseen data can have unwanted side effects.

These side effects often go unnoticed until the impact of these side effects become visible. The consequences can be enormous and costly.

We will explain how we can use synthetic data to avoid biases and to achieve explainable AI. Humans are back in control over ML models.

Using synthetic data is very powerful, but of course building a representative data set is the new challenge and a new expertise field in AI technology.

Taking your web app offline (in a good sense)

Web as an application platform is amazing: evergreen browsers or some form of webviews exist almost on every device with UI, we have native APIs to access the hardware, we use versatile language with the excellent tooling, we are the huge (the largest ever) developer community after all! But the web historically tightly coupled with the connection state... In my session, we confirm: the modern web APIs and some best practices allow us to build offline-first web apps: always available, caring about data consumption, preserving and sync, providing UX which is comparable (if not better) to the native apps, regardless of the connection. Plus, the current state of the tooling makes it possible to add these features in a fast and reliable way. Let's explore the offline web in a very practical manner - by building the offline-first app!

Taming Kafka Connect with kcctl

It's the year 2022, and we're still struggling with the idiosyncrasies of curl and memorizing (and typing!) long REST URLs when working with Kafka Connect?! That can't be right! But don't despair, cuddly help is coming in form of kcctl 🐻.

kcctl is a modern command-line client for interacting with Kafka Connect, modelled along the semantics of kubectl from Kubernetes. You can use kcctl for registering and updating connectors, examining their status, retrieving and resetting their offsets, and much more. All with short and concise commands, with tab completion and nicely coloured output along the way.

Join us for this live demo to see kcctl in action, also touching on some advanced tricks like templating and setting up multiple connectors at once using jsonnet. You'll learn how kcctl sparks joy and boosts your productivity when interacting with Kafka Connect from your shell.

Taming the event chaos with a workflow engine

So, you've built your solution: a set of well-architected microservices, a shiny UI and tying it all together with event sourcing using Kafka. 

However, now the legal department comes along and they're asking to get insight on which data is used where and by whom. 

Marketing wants to generate daily PDF reports to publish on the website. 

Management is requesting that a ticket gets created whenever something goes wrong with a business-critical event. 

And yet another department wants to reuse some of the events for a customized integration with a legacy system.

You can feel it, soon enough it's chaos. Pure pandemonium. A cobweb of scattered data and services calling each other or external API's. And nobody around anymore can keep the oversight.

In this session we present how to solve these problems with Flowable, an open source set of engines implementing the BPMN (process), CMMN (case) and DMN (rules) standards. 

Through multiple live-demos and lots of code examples, we demonstrate how to orchestrate, manipulate and eventually tame the event chaos using Flowable, Spring Boot and Kafka. 

TDD and other drugs

Do you find testing addictive? or is it one of those things you dread to do?

In either case testing practices are likely to be part of your day to day activities, wouldn't it be nice to make it easier and more effective?

Codebases that have been written with TDD can have up to 90% test code, isn't it a good idea to pay attention to so much code you will have to maintain? 

This talk is a collection of testing practices identified and experimented during years of work as a developer and a software engineering consultant.

It walks through different techniques and approaches and the common pitfall encountered.

Teaching in your software team

In this talk, Pim will explain how to set goals for learning, how to identify which goals could help your team and what concrete actions you could take to help you or your team achieve these goals. You will leave this talk with a good understanding of Bloom’s taxonomy for cognitive learning goals and ideas how to apply them in your daily environment. 

Testing an onion architecture, done right

Hexagonal, or onion, architectures are perfect for separating domain logic from access to that logic, and resources the logic needs.

But how to test such an architecture?

In this session, you'll see a pragmatic yet robust approach to testing such an architecture, with a live coding demo using a Spring Boot application.

We'll find a correct balance between unit tests and IT tests. We'll look at different tools for IT tests, and we'll also take a look at granularity of unit tests: do you *really* need to test every class separately?

After this session, you''ll have a better understanding in how to balance unit tests and IT tests for optimal coverage and execution speed.

The Age of Virtual Threads

Virtual threads and structured concurrency are two features added in JDK 19 (as Preview and Incubation respectively) that will change the way we write high-throughput servers. In this talk we’ll describe the purpose of these features, and give some advice on how to prepare for the age of virtual threads.

The Art of Code

Software and technology have changed every aspect of the world we live in. At one extreme are the ‘mission critical’ applications - the code that runs our banks, our hospitals, our airports and phone networks. Then there’s the code we all use every day to browse the web, watch movies, create spreadsheets… not quite so critical, but still code that solves problems and delivers services.

But what about the code that only exists because somebody wanted to write it? Code created just to make people smile, laugh, maybe even dance? Maybe even code that does nothing at all? Code that was created just to see if it was possible?

Join Dylan Beattie - programmer, musician, and creator of the Rockstar programming language - for an entertaining look at the art of code. We’ll look at the origins of programming as an art form, from Conway’s Game of Life to the 1970s demoscene and the earliest Obfuscated C competitions. We’ll learn about esoteric languages and quines - how DO you create a program that prints its own source code? We’ll discover quine relays, code golf and generative art, and we’ll explore the phenomenon of live coding as performance - from the pioneers of electronic music to modern algoraves and live coding platforms like Sonic Pi.

The Art of Java Language Pattern Matching

The goal of project Amber within OpenJDK is to explore the inclusion of smaller, productivity-oriented Java language features. One part of this that has delivered new functionality in recent versions is pattern matching.

Pattern matching combines application code logic to test if an expression has a specific type or structure and extract components of its state for processing.

In JDK 14, JEP 305 introduced pattern matching for instanceof, as a preview feature; in JDK 16, this was made a full feature through JEP 394. This simplifies the use of this operator by eliminating the need for an explicit cast and assignment. In JDK 17, JEP 406 added pattern matching for switch. It is now possible to include patterns in switch case labels.

In this session, we’ll look at the details of these two new language features and a more general look at pattern matching. We’ll also explore future features in this area, such as record patterns (scheduled for JDK 19) and array patterns, which may be included in a subsequent Java release.

By the end of the session, you’ll be ready to use these powerful new features.

The fast startup landscape is expanding!

Java has been dogged by two meme's since its creation: "Slow to start" & "Uses too much memory"! And while we can debate the truth of the claims, one thing is clear - the Java's fast startup & small footprint landscape is changing. The broader computing ecosystem is putting increasing pressure on both fast startup and small footprint and the Java community is responding! This session will give you the lay of the land on what options you have today, and the options that are coming in the future. Wondering how CRIU (checkpoint restore in userspace) in Project CRaC may help? Or the tradeoffs of adopting GraalVM's native image? Or what Project Leyden might be doing? Come to this session to find out more!

The Hacker’s Guide to Kubernetes Security

Kubernetes is the most popular container orchestration platform for automated deployment, scaling, and management of containerized applications. With more and more applications running in Kubernetes, it is crucial to understand Kubernetes security risks.

This talk guides you through various security risk of Kubernetes, focusing on OWASP Kubernetes Top 10 list. In live demos, you’ll find out how to exploit a range of past and present CVEs or misconfigurations in your k8s clusters, attacking containers, pods, supply chain, network, or storage. You’ll learn about common mistakes and vulnerabilities along with the best practices for hardening your Kubernetes systems.

The Hitchhiker’s Guide to a Great Developer Career

As developers, our job is to write great code, test code, deploy code, fix code, and even delete code, but nobody told us that there is much more to it if we want to have a great developer career.

In this talk, Helen and Sven will share their successes and failures during their 20-year careers to date working for various technology companies. You’ll learn about growing your personal brand (what is it good for?), the trials and tribulations of different roles (so many choices), becoming a manager (or not), mentoring and sponsoring (they are not the same thing), how to care for yourself (prevent burnout), and lots more career advice.

You'll hear about their inevitable bumps in the road (or downright failures), as well as their successes. As it turns out, having a great developer career is not all about the technology and the code; it's also about you and the people around you!

The Jakarta EE BOF

In this BOF, we will go shortly through the status of Jakarta EE, where it came from, and where it goes. You will learn how you can participate in the evolution of Jakarta EE. Look at it as an informal Jakarta EE community gathering where you can meet and interact with many of the Jakarta EE participants in the industry.

The lost art of software design

“Big design up front is dumb. Doing no design up front is even dumber.” This quote epitomises what I’ve seen during our journey from “big design up front” in the 20th century, to “emergent design” and “evolutionary architecture” in the 21st. In their desire to become “agile”, many teams seem to have abandoned architectural thinking, up front design, documentation, diagramming, and modelling. In many cases this is a knee-jerk reaction to the heavy bloated processes of times past, and in others it’s a misinterpretation and misapplication of the agile manifesto. As a result, many of the software design activities I witness these days are very high-level and superficial in nature. The resulting output, typically an ad hoc sketch on a whiteboard, is usually ambiguous and open to interpretation, leading to a situation where the underlying solution can’t be communicated, assessed, or reviewed. If you’re willing to consider that up front design is about creating a sufficient starting point, rather than creating a perfect end-state, you soon realise that a large amount of the costly rework and “refactoring” seen on many software development teams can be avoided. Join me for a discussion about the lost art of software design, and how we can reintroduce it to help teams scale and move faster.

The next generation of Angular Applications

Angular 14 was released in June 2022, and this version announce that modules will become optional.

Oh wouuahhh, until now modules were th basics concepts of an Angular application. The entire architecture of our applications revolved under this concepts. To summary, modules were a central part of Angular application.

Since Angular 14, it's the component that occupy this role. These specifics components are called "Standalone Components"

However this release brings many other features, all very interesting such as:

• composition API by injection
• types forms and new APIs to manage dynamic form
• a new way to manage the title of our single page application

How will these new features change the way we architect our applications. How to integrate them into our existings applications ? Will the module become deprecated ?

This talk answer to these questions by explaning all the concepts with exemples.

The Practice of Securing Kubernetes

Like all frameworks and platforms that gain popularity, Kubernetes has now reached a critical mass of production users, and once this happens would-be attackers start coming out of the woodwork.

But fear not! In this session will take a deep dive on what it takes to get baseline Kubernetes security - without having to be a security expert. We'll explore the most common security pitfalls with vanilla Kubernetes installations. Next we'll review the many layers of Kubernetes to optimize for security including: bootstrapping, API server configurations, Kubelet configurations, and etcd best practices. We'll wrap up with practical tips and takeaways for you to get started with securing your Kubernetes environments that anyone can apply.

The secret life of PETs

Cloud computing services have become increasingly essential to business and individuals. The move from on-premise servers under the direct ownership of the user or organisation to cloud services provided by third party providers changes the risks to privacy that cloud users are exposed to. These privacy risks can be mitigated by Privacy Enhancing Technologies (PETs).

This talk will answer the following questions.

What are PETs and what are the differences between hard and soft PETs?

Why you should be using PETs and what PETs to use?

How can PETs be used to to amaze your friends and astound your enemies?

The State of OpenTelemetry for Java Developers

OpenTelemetry, or OTel for short, is taking over the observability world to uncover all kinds of performance problems or errors. Let’s look at that hands-on.

This talk dives into the background of OTel including the technologies its building on (or replacing). It also takes a look at what auto-instrumentation can and cannot achieve. As well as the latest developments beyond tracing with metrics and the first steps towards logging.

This talk also takes a look at different approaches of integration — the Spring ecosystem is wrapping most of OTel into Micrometer while other frameworks are not. What are the pros and cons of these different integrations for the developers.

Things I Wish I Knew When I Started Testing Spring Boot Applications

Getting started with Spring Boot and its auto-configuration mechanism can be a hurdle for new developers.

Once you get your first Spring Boot application up- and running, writing tests for it is the last thing you care about. You’re happy that your code does its job.

However, as soon as you try to integrate your changes, you face a pull request rejection because your lead developer reminds you that tests are missing.

Testing is an integral part of software development, and unfortunately, some teams treat this topic neglectfully. That’s bad for the future maintenance and overall health of their project. Fortunately, both Spring Test and Spring Boot offer excellent support for testing your application.

This talk will give you an overview of best practices, pitfalls, and recipes for testing Spring Boot applications. Simply put, with this talk, I’ll share the things that I wish I had known when I started testing Spring Boot applications.

Threading lightly with Kotlin

Most developers have written or used concurrent code during their careers. Those who use Java are probably familiar with the traditional unit of concurrency: the Thread. Kotlin brought first-class support to a different concurrency paradigm, called coroutines. These were developed in the sixties… Why are they relevant again, 50 years later? Let’s find out!

This session intends to demonstrate the differences between concurrency models based on threads and concurrency models based on coroutines. We will discuss what coroutines are and what they are not, and answer questions such as:

• How different are coroutines and Threads?
• Are there any new pitfalls that developers should be aware of?
• Do the traditional synchronization methods available in the JRE still apply?

During the session, we’ll present several hands-on exercises that allow participants to see with their own eyes the way how coroutines work and experience the differences and similarities between Kotlin and Java concurrency models. We’ll discuss the performance, memory usage, and complexity of both models.

At the end of this session, participants will have a good grasp of the paradigm shift that Kotlin coroutines brought to the JVM.

(Pre)requisites

Participants may bring their own laptop if they want to follow along with the code.

We expect participants to have some notions of threading, concurrency, parallelism, and synchronization. Participants only need a basic working knowledge of the Kotlin language.

Tournesol: Towards a Collaborative Governance of the Web

COVID disinformation, the Capitol riots and the Ukraine invasion stress the critical role of online propagandas on national security and global peace.

Unfortunately, today, the web is ruled by a handful of actors which have been shown to either pay too little attention to the dangerous externalities of their activities, or to actively collaborate with dictators to facilitate their control over their populations.

In this talk, after stressing the need for alternatives, I will present Tournesol, a proposal for a collaborative governance of information prioritzation on the web. I will also discuss some of numerous technical challenges that must be addressed to make Tournesol secure and trustworthy.

TweetWalls@Devoxx - Today, Tomorrow and Beyond - A Community Get Together

TweetwallFX

- entertaining thousands of Devoxxians for more than half a decade - time to look back

to where we started, chat about the achievements, e.g. AI, exchanging

tips and tricks against hijacking of hashtags, creating layers of self

protections and so much more..

Let's talk about using TweetwallFX for your conference (includes CFP

rendering) and even some fun about embedded - did I mention TweetwallFX

can be run a RaspberryPi?

Maybe we can even make it run on GraalVM?

Bring your own ideas on how TweetwallFX can be further improved - we are always open to crazy suggestions... Ask Stephan...

Ultra-fast Java Microservices: overcome the pitfalls of data persistence

The persistence mechanism is the heart of most applications and microservices, although architects often happen not to give as much attention to such components. A wrong choice and design, will impact the whole system's functioning, no matter how much you scale up the service. Join this session and learn how to avoid this from happening.

In this guided lab, you'll learn tips and tricks on creating a healthier app with an increased performance by improving its relation with database persistence. 

From a Java perspective, you'll try not only more conventional options like SQL and NoSQL but also some trendy new solutions in the market like MicroStream. You'll also have hands-on experience with this open-source ultrafast in-memory data persistence storage allows queries to be up to 1000x times faster than traditional relational databases.

Unlock your autonomy. Improve your software design.

We want to be autonomous, to create and own our professional pathway.

During my talk I will show you that companies really need autonomous engineers and teams as the autonomy is crucial for effective software design.

I will also share with you my tips on how to establish and develop your autonomy based on my experience of working with IT organizations.

If you are curious what the secret sauce of autonomy is, come and join my session.

Using Record Types to Build Better Domain Models

Not everything in the world is an object. That's why DDD defines different design patterns, like Entity, Value Object, Repository, etc. Beginning with Java 14 Oracle has provides us with Record Types. They are a step towards true value types. We look at the current status and what's in the box for the future.

In this talk we will look at:

* what's behind the motto "Codes like a class - works like an int"

* why immutabilty leads to less failures

* why value types make your code at the same time better readable and more efficient

* the difference between refence and value types

* the new syntax to support value types in Java

* how value types are implemented in other languages

* what inheritance means for value types

* the advantages of storing data on the stack versus storing data on the heap

* and most important: how value types can help us to provide a better domain model

Vapourware: The best software that never was

We've all had our grand ideas and small side projects, but some people have turned these into huge software projects that never came to be.

In this talk Anders Norås tells the stories of great software that never got to see the light of day, the stories behind and the people how built it. 

You will hear the story of the world's greatest web browser - six decades in the making, get to know a music streaming service that could have been the first Spotify and more.

This is the best software you never got to use.

Welcome to 19th edition of Devoxx Belgium

It's been 3 years since our last Devoxx Belgium edition and we're of course excited to welcome everybody to the 19th edition.

During this welcome you'll receive some practical info, stats etc.

What is JHipster Lite and why should you care?

More than 7 years after releasing the initial version of JHipster, there is a new revolution arriving called "JHipster Lite". We gathered a ton of feedback, learned from a lot of mistakes, and are now building from scratch a new version of JHipster, based on the latest Java technologies.

We'll discuss why a huge project like JHipster (with more than 600 contributors) is moving to modern Java, and how we plan to achieve this. We'll also see the downsides and issues that this new release is causing.

If you're a JHipster user, this should be the first time we do a public conference session showing this new version: you'll see our latest features and goals, hopes and fears, and see how you can contribute too!

What Leaders can learn from The Montessori Principles

The Montessori approach has revolutionised the education system by putting the child at the centre of the class and by treating children like adults. We will look at the principles of the Montessori approach to see what we can learn to help us promote autonomy while being supportive. It will be fascinating and fun to see how much children's motivation is similar to adults' and how this parallel can help us make better decisions daily. You will learn how to balance coaching and delivery and simple strategies to enhance the effectiveness of your teams.

What's cooking in Maven?

It's been over 10 years since Maven 3 saw the light, bringing initial multi-module support. Later releases brought a lot of improvements, bug fixes, and of course coloured output.

But the Maven community hasn't been resting on their laurels. A lot of effort has gone into the future of Maven. You may have heard about Maven 4, Maven Wrapper, or Maven Daemon. Why should you care? And how will it change the way you use Maven? I will show you by using the latest snapshot builds of Maven - time will tell if that's a brave or a stupid idea…

Join me to find out what the future of Maven has for you!

What's in my AI? A Comprehensive Analysis of Datasets Used to Train GPT-1, GPT-2, GPT-3, GPT-NeoX-20B, Megatron-11B, MT-NLG, and Gopher

Pre-trained transformer language models have become a stepping stone towards artificial general intelligence (AGI), with some researchers reporting that AGI may evolve from our current language model technology. While these models are trained on increasingly larger datasets, the documentation of basic metrics including dataset size, dataset token count, and specific details of content is lacking. Notwithstanding proposed standards for documentation of dataset composition and collection, nearly all major research labs have fallen behind in disclosing details of datasets used in model training. The research synthesized here covers the period from 2018 to early 2022, and represents a comprehensive view of all datasets—including major components Wikipedia and Common Crawl—of selected language models from GPT-1 to Gopher.

https://lifearchitect.ai/whats-in-my-ai/

What's new in Apollo Kotlin 3

Apollo Kotlin is a type-safe, caching GraphQL client - you may also know it as Apollo Android.

Why the name change? Well, version 3 is a major release and is now written 100% in Kotlin! It brings, among other things:

• a coroutines and Flow based API
• Kotlin Multiplatform support
• new codegen options
• test builders
• and more!

In this session we’ll look at what Apollo Kotlin is, how to use it in a project, and dive into the latest and upcoming features.

What’s new in CDI 4.0 ?

Jakarta Contexts and Dependency Injection is probably the most underrated specification around. It is the Jakarta EE and MicroProfile corner stone since it provides a standard programming model and a powerful to integrate third party technology in a seamless way.

Now that major work on CDI 4.0 is nearly over (waiting for Jakarta EE 10 release), it’s interesting to list the evolution of the spec in the last year.

In this talk we’ll go thru all new and corrected features in the specification and will make a big focus on CDI lite that will enhance CDI spec to better support build time framework like Quarkus.

We’ll go thru the new portable extension API with a concrete example, and we’ll see how it differs from legacy runtime portable extension.

You’ll leave the talk being able to develop CDI Lite extension for your favorite framework integrating it to the CDI programming model.

What the heck is Project Loom and what can a normal Java developer expect from it?

You may have heard the words Project Loom, Fibers, Structured concurrency, and Virtual threads from Java enthusiasts. But what exactly are these, and what is the current state of concurrency in Java? can Java keep up with languages like Go and Rust when it comes to fearless concurrency? Let's be honest, concurrency in java is not among the easiest to master, and thread safety is even more difficult to get right. Can Project loom help to make it easier and less idiot-proof? In this session, I'll do a deep dive into Project loom and explain the different features in the work, look at the current state, and compare it with what we have today with some samples. We will also look into it from the aspect of what a normally Java developer can expect/benefit from it. So come join me for an exciting ride.

Why don't you create your next application without a database?

Within every application, data plays a very important role. Currently, we always use a database or a No-SQL solution to store our data externally to the Java process. But this comes with a cost, the impedance mismatch between the object-oriented world of Java and the external data storage. And developers spend a lot of time creating the mapping, writing queries, and optimizing the retrieval from the external system.

With MicroStream the data instances within the JVM memory ARE your database. You can query them using the getter methods and the Stream API with extremely high performance and low latency as no mapping or external retrieval is needed. Your Java objects survive the JVM restart because they are serialized to disk for example with a new, from the ground built up very secure serialization solution.

In this session, you will learn about the revolutionizing way of data storage with MicroStream. The basic principles, how it works, and demos are part of the agenda of this session.

Why you should be using OpenTelemetry!

An introduction to how OpenTelemetry can give you visibility into incredibly complex microservice based environments. The talk will focus on what OpenTelemetry aims to solve, what OpenTelemetry can do and finally visuals on what you can except to see as a result of implementing OpenTelemetry.

Will Git Be Around Forever? A List of Possible Successors

Ten years ago, only Linux kernel committers and other early adopters used Git. Almost everyone else used Subversion. Ten years later, Git is the most popular product. Which makes me wonder: what will we use another ten years from now? And what features would YOU want from your version control software in 2032? No history rewrites? Faster? No merge conflicts ever? 

In this talk I'll discuss a few post-Git products, including Fossil, Plastic and Pijul, and their support for the features we so dearly desire. I'll also try to predict which one will be 'the top dog' in 2032.

So attend this session if you're excited about the future of version control and if you want to have a shot at beating even (!) the early adopters. Now if it turns out I was right, remember that you heard it here first. 😀

Women's journey in tech

Tech companies have found out they benefit when their employees are made up of diverse backgrounds, ideas, experiences and visions.

Nowadays, we know fixing the challenge of gender imbalance adds more value to the society in several aspects, we care about it and we knows how important it is.

Thus, the tech companies attempt to change the environment by attracting more women and to make the future of tech more diverse.

However, the pool of female candidates is not large enough to compensate for this gap. In addition, we agree that the challenges exist which not only discourage women from joining this field but also from staying in it.

So the following questions could lead us through this journey.

• How is it to work as a woman in the R&D of tech companies?
• Which aspects could be improved?
• How do we ensure that more women will be attracted to R&D sector?
• How we can change society to tackle the diversity imbalance?

I believe sharing our lived experience as a woman is valuable as it can improve the situation and make the tech environment more diverse than before. By sharing their thoughts, every woman can have a significant role in enhancing the tech environment.

Let’s talk about the challenges, and the lived experiences and motivate others to express themselves.

Word Embeddings from Deep Space Nine using Machine Learning.

Sisko - Man + Woman = ?

Word embeddings are a way to represent words in a numerical manner so they can be fed into machine learning models. In this presentation we will walk through some of the most common strategies, such as Bag of Words, Word2Vec, fastText, GloVe and Bert. Using the scripts of Star Trek Deep Space Nine, we will explore the differences between these techniques and how to use them in a production environment.

Write You An Actor (System) For Great Good! (with JBang, JDK 19, records, pattern matching and virtual threads!)

Learn everything about all the fanciest recent features of the JDK, by implementing an actor system from scratch!

In this deep-dive, we will explain how an actor system works, and live-code it right before your eyes using expression switches, records, sealed type hierarchies, and virtual threads!

We will compare our actor system to other languages and actor runtimes, and will bring all of this to your fingertips with the power of JBang!

Writing cleaner code with Domain-Driven Design

I always thought that my code was fine. I took my time for naming things, wrote small classes/methods and tried to use other Clean Code practices. But after a job interview with a technical coach, I was pointed towards Domain-Driven Design (DDD) and some other design topics. I could learn a lot from it, said the technical coach. And I did! Since then, I started noticing how much parts of DDD could help with my day to day job. I will take you with me on my learning journey of Domain-Driven Design, and how it helped me improve my code. We will touch upon themes like Ubiquitous Language, Supple Design, Bounded Contexts and more. You can expect a talk with a lot of code examples and practical advise that you can use the next day.

You shall not password

In these modern times of real privacy protection and increased server-side security, a key risk can still be defined as “relying on a single word or phrase to protect all of one’s data”. Consider a password a secret you happily seem to share with the world wide web. Ponder the thought: if you start sharing your secret, can it still be considered a secret?  

During this session, iO experts Mark and Lucien take you through a multitude of security measures that don’t rely on the use of passwords. They’ll share the reasons why we should move away from passwords and how you can easily implement Web Authentication to provide your users with a simple and more secure way of authentication.  

Welcome, to the age of passwordless authentication! 

In short: 

• FIDO: let’s solve the world’s password problem, together 
• Web Authentication: there once was… a credential management API 
• Authenticators: ‘And who might you be?’ 

Zero trust privacy architecture for IoT SaaS

When running an IoT SaaS, you are potentially collecting a lot of sensitive end user data.

How can we protect the confidentiality of this sensitive data while still allowing trusted SaaS users to access this valuable data ?

How can we promise to our SaaS users that we have no access to the end user-data ?

In this presentation we will show how Airties, a managed Wi-Fi provider, uses public-key encryption and hashing algorithms to securely implement pseudo-anonymization in order protect the privacy of the end-user without compromising on usability, performance or cost.

While the solution uses AWS as a cloud provider, it can be easily be migrated to other cloud providers.

Zero Trust Security for your APIs

Are you a mid-level developer or an architect who’s curious about API Security and how to achieve it? In that case, we’re excited to help!!

As you already know APIs are the building blocks of your application network. They are the medium of communication and involve a lot of data transactions. As per Gartner’s report, API abuse will be the most frequent vector attack, and it’s quite evident. We have heard about the API abuses and attacks quite often.

In order to protect your APIs and provide complete security we will adopt the Zero Trust Security model. We will learn about the Zero trust model and the architecture. We will also understand how to implement the Zero Trust Security in easy steps.

By the end of the presentation you’ll have a fair idea about API Security and how  to protect your API ecosystems using Zero Trust Security. Come along with your queries for us!