Wonder what all the Cloud Computing hype is about? Want to know how to deploy a standard Java web application to the cloud and get limitless scalability? Well, this hands on tutorial will answer all your questions and provide confidence by walking you through the process of deploying a sophisticated Java web application to the Amazon Web Service (AWS) Cloud.
During this tutorial you will provision clustered servers (EC2), relational database (EC2 and EBS), load balancer (Elastic Load Balancing), content delivery (Cloud Front) and how to monitor your whole infrastructure. Other Amazon Web Services will be demonstrated and discussed as appropriate.
Note: An Amazon Web Services Account is a nice to have and will incur a minimal cost during the tutorial but is not a requirement. Access to AWS will be provided to you if you don’t already have access.
Take a step back for a moment from the code, and join us for a session exploring new ways of sketching digital interactions.
Sketching is not just about drawing, and neither is it limited to something done through pen and paper. In fact, many new digital technologies are hard to grasp early on through both static sketching as well as code. This is where animation comes into the picture. Through animation-based sketches you can use simple means to express and explore complex user experiences and scenarios. Learn how animation-based sketching can help you develop your early concepts and be used to communicate intended value to your customers.
In the workshop we will work hands on with:
- The challenges of sketching in early conceptual design
- Using animation and video tools in the design of digital concepts
- Move from simple stop motion techniques, to high fidelity renderings of e.g. an interface design
- Assessing when (and when not) to use animation as a sketching tool in the design process.
- Bring your own laptops/tablets
- Download and install the full/trial version of Adobe Premiere (http://www.adobe.com/creativecloud/catalog/desktop.html)
- Bring an open mind to explore the early fuzzy front end of design
Microservices have become the new kid of the buzzword block in our ever colorful industry. In this hands-on workshop we will explore what microservices really mean within the relatively well established context of distributed computing/SOA, when they make sense and how to develop them using the lightweight, simple, productive Java EE programming model.
We will explore microservices step-by-step using a simple but representative example.
* We will start with a vanilla Java EE monolithic application.
* We will break down the application into sensible Java EE based microservices.
* We will then apply concepts such as fat-jars, dynamic discovery, client-side fault-tolerance and circuit-breakers to our microservices using WildFly Swarm.
* If time permits we will deploy our microservices to AWS using Docker.
Focal points for the workshop will be explaining basic concepts, exploring tradeoffs, open-ended discussion as well as hands-on coding.
* JDK 8 or higher.
* WildFly 10 or higher - please make sure to use the full Java EE 7 version.
* NetBeans 8 or higher (NetBeans 8.1 recommended) - please make sure to use the Java EE edition of NetBeans.
ASP.NET Core is a ground-up redesign of ASP.NET, designed for building modern, cloud-based, client-rich web applications. ASP.NET Core MVC extends the redesign by combining ASP.NET MVC and ASP.NET Web API into an all new web application framework. We'll see what's new in ASP.NET Core, how it differs from the previous frameworks, and what new capabilities it adds.
In this hands-on lab, we'll cover:
- Installation and setup
- Introduction to ASP.NET Core MVC
- Controllers deep dive
- Views deep dive, including tag helpers
- Models with Entity Framework and AutoMapper
- Configuration, startup, services and middleware
- Client-side development with npm, Bower
- Publishing and deployment
Along the way, you'll build a full, complete, production-ready application using ASP.NET Core. Bring your laptops!
During this one day workshop we will investigate, attack, break and fix security issues ranging from embedded IoT hardware to the cloud. We will touch upon topics such as firmware, secure communications, mobile applications, cloud services and more. All of this will be demonstrated by using a full-stack lab platform.
Participants are expected to bring their own laptops with an SSH client and VirtualBox installed. An absolute minimum of 4GB of RAM is required, but 8GB RAM is highly recommended. Virtualization extensions (VT-x/AMD-V) must be available.
Participants will be provided with a WiFi-enabled embedded system (to keep), access to a cloud platform, a virtual machine with pre-installed software, source code for the lab platform, lab instructions and presentation slides (PDF).
For more information: https://iotsecurity.se
... Just join this spontaneous talk and have a great moment!
The matrix is inverted and my teddy bear is spying on me. Why am I covered in unicorn shit?… I was only browsing the web. No, I do not want another cookie. Why are you feeding me cookies? Is that my treadmill? Hello, White Man on the Cloud! Why can He see me, but I can’t see Him? Who, exactly, is getting smarter about whom? And what’s all this got to do with bacteria in a petri dish?
Listen to the tips and tricks of a top ranked white hat hacker!
Frans Rosén is a ethical hacker, which means he helps companies and organizations discover vulnerabilities. In this talk Frans will explain how companies can benefit from independent security researchers and ethical hacking. He will guide you through the white hat vs black hat community, responsible disclosure policies and bug bounties and share some of his interesting findings when hacking webapps.
Computing power is increasingly cheap and readily-available, whether on our laptops, in the cloud, or even in novel architectures such GPU cards. The premise of Search-Based Software Testing (SBST) is that this computing power can and should be used to assist in the software testing process: the objective is to use the computing power to automate the most tedious, labour-intensive parts of testing so that the human engineers can apply their experience to higher-level tasks where it is most valuable. For example, SBST techniques are effective in identifying and removing redundant test cases, optimising the order of tests so that defects are found earlier, and generating highly-efficient test inputs. In this talk, I will explain the general approach of SBST, demonstrate some SBST techniques from my own research, and argue why -- as software systems become increasingly large and complex -- the degree of automation that SBST enables is vital for efficient and effective testing.
Virtual reality and augmented reality are terms most developers and technical enthusiasts recognize. What about “Mixed reality”? A reality that is part real world, part digital world, a reality that is enhanced with Holograms. Microsoft’s HoloLens introduces users to an entirely new way of thinking about computing. Learn how to use the Holographic Development Kit (HDK) to build completely new experiences that will blow your mind (only figuratively, I hope), and get a sense for what is possible. You will be challenged to think of how to solve problems in an entirely new way that leverage holographic projections, to provide intuitive natural interactions with the digital world.
Pragmatic Microservices looks easier in the IDE, than on slides. In this session I code, deploy and monitor microservices, as well as, let them communicate.
Questions are going to be answered with (hopefully) working code only. There should be enough time left to explain devops best practices and microservice design patterns.
More and more organisations decide to do Agile. They decide to implement Continuous Delivery. They decide to construct self organising teams. But the problems that these measures mean to solve linger on. Why?
The problem with change is that it cannot be achieved through decisionmaking. It can only be achieved by humans. And while most of us think that we want change, few of us want _to_ change.
Building on the wisdoms of Plato, Sartre and Dilbert, this talk dissects the underlying reasons for our resistance to change and how we need to alter our mind set to combat this resistance.
While the conclusions are true for all businesses, they are fundamental to IT. In the fastest moving industry on earth, you cannot afford to be stuck in your ways.
The internet is not just full of cats. There is useful stuff on there too, like dogs, Netflix and internet connected fridges.
This talk shows you how to use some of the most common tools that you probably use everyday in another way. Think life hacks, with more focus on the hacking. We will go through how to use Google to evaluate your security, find out what the internet really knows about your network and attempt to answer the question, why would someone want to connect a toilet to the internet?
Macros are powerful tools that help reduce boilerplate, but they can sometimes lead to code that's hard to understand, debug and maintain.
In this talk we'll explore how to write macros in the Crystal programming language and what they can do, paying special attention to keeping their usage simple.
Embedded software is everywhere today, at the same time the IoT (Internet of Things) is poised to become the next growth area for software development and testing. In the next years, tens-to-thousands of billions of IoT/embedded devices will be connected to the internet, which could possibly impact people's well-being, health and safety.
Jon starts by examining how safety impacts IOT/embedded devices. Data produced by these devices is considered for how it can be used in analytics in development and testing to determine software risk areas and test patterns. Availability of data from devices is growing. Jon examines how teams can leverage data to address safety related challenges and testing, thus offering higher quality products to market. He examines how to mine and organize the data using concepts such as mind maps, taxonomies, and mathematical AI filtering of data statistics. Jon examines real world test patterns based on data to optimize the development and testing process.
Have you been told that your company is moving to a more DevOps development culture, but you have no idea what that really means? Everyone wants to run a more productive and agile engineering team by balancing the competing priorities of rapid releases and stable systems. DevOps is a movement that everyone is either wishing they had, talking about setting up, or getting ready to implement. But how does your company chat client fit into this and how can it help speed things up?
In this talk we'll look at ChatOps and how it can bring GitHub and many core DevOps tools and philosophies to developers' fingertips for everyone's benefit. We'll also see what other tools can plug into a chat client to optimize development workflows, and what immediate results we can expect to see as we start implementing integrations. By the end of this session, we will have outlined clear steps to ship code faster and safer today.
Good projects make for bad software. The defining feature of a project is an end date, the defining feature of successful software is that it doesn't end. Software which is useful is used and demands change, stop changing it and you kill it. At best the concept of a "Project" is erroneously used for software development work. At worst the Project metaphor leads to dead software, higher costs and missed business opportunities.
In this talk Allan Kelly will attempt to justify this somewhat radical view, he will examine the project model and show how it does not match software development. He will then outline an alternative to the project model and what companies need to do to achieve it.
HTTP is very easily the most important standard in server-side Java. The much awaited HTTP 2 standard is now complete, was fifteen years in the making and promises to radically speed up the entire web through a series of fundamental protocol optimizations.
In this session we will take a detailed look at the changes in HTTP 2 and discuss how it may change the Java EE ecosystem including the foundational Servlet 4 specification slated to be included in Java EE 8.
An informal and interactive Q&A with our Wednesday keynote speakers Aral Balkan and Brendan Koerner.
Concurrent programming is hard. Concurrent and distributed programming is even harder. But building applications at scale demands your application to be concurrent and distributed. Is there a way to make this more approachable?
The Actor Model tries to answer just that. It is based on the concept of small computational units communicating through asynchronous message passing, thus allowing concurrency and scalability while negating a lot of the problems of concurrent programming. But up until now the actor model remained a rather niche approach and has not become a used practice. This may change with the introduction of "Virtual Actors" - a new abstraction for writing distributed applications. This abstraction was introduced with the Orleans framework by Microsoft and adopted to Java by EA with their Orbit framework.
In this session you will learn about the the Actor Model, what's novel about Virtual Actors, and why it makes distributed application programming a lot simpler.
The microservice architectural pattern promotes building small, single purpose services that make it easier to build and maintain complex applications. Deploying a ton of small services might sound hard - but Docker, Kubernetes, and gRPC make orchestrating the deployment of interconnected services easier (and dare we say fun). In this talk we're going to cover using Docker and Kubernetes to run scalable Node.js applications across a fleet of machines. When it's time for our services to communicate - we'll take a look at using gRPC, Google's HTTP/2 based RPC framework to enable simple communication across multiple languages. Join us as we run through the world of node.js and microservice architecture at Google.
This talk will speak to the issues pertaining to supply chain security as is relates to global organizations and the highly interconnected nature of suppliers and corporations. The presenter will pull from personal war stories to help illustrate the need to not just worry about the main corporate security perimeter, but to address the extended perimeter and the exposures and risks that arise from the supply chain. Such aspects of an exposed supply chain include trading partner networks, code developed by offshore development centers, and outsourced help desks.
Rx (Reactive extensions) is a powerful API for Asynchronous programming.
It has a steep learning curve. Surprisingly though, the easiest way to grasp the concepts is by examples. So in this talk, we'll look at just 3 examples.
These are marginally complex requirements that most developers would run into these days. We dissect the problem using Rx and try to come up with elegant and simple solutions to an otherwise complicated problem.
Even the best test suites can't entirely prevent nasty surprises: race conditions, unexpected interactions, faults in distributed protocols and so on, still slip past them into production. Yet writing even more tests of the same kind quickly runs into diminishing returns. I'll talk about new automated techniques that can dramatically improve your testing, letting you focus on what your code should do, rather than which cases should be tested--with plenty of war stories from the likes of Ericsson, Volvo Cars, and Basho Technologies, to show how these new techniques really enable us to nail the hard stuff.
From the mathematicians and scientists of the 20th centuries to today's ninja craftsmen/craftswomen, Software community has lost something along the way. Instead of carefully observing scientific methods and maintaining objectivity, we have tangled ourselves in web of hype and celebrity culture - as if adopting today's YOLO motto.
This talk is a critique of the status quo. In the effort to find the origins of this shift, we will survey the trends and countertrends of contemporary art and culture only to find out that we are the true children of our time.
At the end, we discuss solutions and example of injecting objectivity into our everyday decisions. Expect both technical and non-technical content hence if technology is your only focus, not a talk for you. But if you enjoy sociology, culture and lateral thinking - here is the red pill for you...
Teams that find they no longer trust each other generally do so because no one actually knows what is going on. What is being completed? What is really stalled? Are we really building the right thing? What is a Product Owner? Who is our customer? Not surprisingly, wallowing in confusion is not a great way to build trust.
Jim Benson will show how teams that do not visualize their work and control their work in process will fall into misalignment by design. He will also show how to avoid this and why it works psychologically.
Who /actually/ owns physical hardware for their businesses anymore? Not us. We're all-in with AWS, and with a little bit of planning you can too. This session focuses on the how we have deployed our Laravel apps[s] into the AWS ecosystem over the last 18 months with the twin goals of having things fault tolerant (or at least recoverable), and not having to manage a server or service as little as possible.
More specifically, this session is subdivided into the following areas;
- Managing your AWS account
- Provisioning something to run Laravel on
- Getting Laravel onto it
- Letting users interact with it
- Scaling across servers [and eventually availability zones]
After this talk you'll have the groundwork for your Laravel application in AWS. Hopefully without the 'learn, re-implement, learn' loop we have tread more times than I'll admit.
Few topics in architecture discussions yield as much heat as that of microservices. Monolithic applications have dominated the landscape for years, and a large number of monoliths run a great many critical processes used to this day. More recently, companies with requirements for rapid release cycles & key "ilities" (maintainability, scalability, reliability, flexibility, extensibility) have chosen another approach, deploying functionality in more granular, API-driven modules: microservices.
In this session, the presenter will strip away the hype and speak frankly of the upsides & downsides of adopting a microservices architecture and why, with certain exceptions, the pros far outweigh the cons. Topics include Domain Driven Design & bounded contexts, increasing quality & velocity, horizontal vs. vertical scaling, portability, & more. The presenter will then show how to build & integrate microservices applications using Spring Boot, various data sources, & REST resources built to task.
Often we are led by an invisible, limiting inner voice, that has us live small, predictable and restrictive lives. This way we are sure to not encounter anything untoward or potentially shameful. But what do we miss out on? Well in short EVERYTHING!
Each of us has a powerful 'inner team' of sub-personalities that we can call upon when required, to give us new idea's, solutions to problems and the ability to innovate way beyond what we thought we were capable of.
We'll discover yours and 'evoke' them in this highly experiential and interactive session.
With the release of Ember 2.0, many best practices established in the 1.x series are unfortunately no longer relevant. Lessons learnt from the React and Flux communities can help guide the path toward The Ember Way, with "Data Down, Actions Up" being one of the core philosophies.
In this talk, we'll discuss patterns and anti-patterns for bringing Ember applications into the 2.x paradigm, and discover how ideas from Functional Programming and game rendering engines can inform us. We will also look at the roads ahead to see what future versions of Ember will bring.
While many of the distributed systems we operate today are built with language like Java and Go, distributed programming has a long history of innovation and adoption of its ideas. This include innovations seen all throughout the various fields of computing: novel type systems for dynamic languages; the concept of the promise, now a standard programming technique in web development; and unified models of programming when data lives across nodes. Some of these ideas had major impact, while some fell incredibly short. Many technically superior ideas were not adopted simply because they were too “research” focused.
During this talk, we will present the history of RPC and why RPC may not be the best abstraction for building your next distributed application.
Android is often in the headlines related to security topics. As a developer, have you ever stopped to take a deeper look at how Android is architected to protect users and applications? In this session we will look at how applications are isolated and sandboxed from the kernel to the framework. You will learn how the permissions you use so often are categorized and enforced. We will also study the encryption and verification features that protect the system and user data from prying eyes and tampering.
ASP.NET Core is a fresh start. There is a new security model with a highly extendable authentication pipeline. Authorization is also flexible with policy-based security that can easily be extended. Data Protection can be used to securely store sensitive values in cookies or form fields. There is also utilities that help mitigate common attack vectors such as cross site request forgery and cross site scripting.
For modern web applications with more advanced authentication requirements IdentityServer4 can be embedded in an ASP.NET Core application to issue tokens. Those can then be used as bearer tokens when accessing REST APIs.
This overview explains what is available and shows hands on how applications are configured to use the available features.
ISIS has been singularly successful at disseminating its propaganda thanks to its mastery of modern digital tools. The much-reviled organization has built a decentralized media machine that produces and distributes effective content in multiple languages, in order to both attract recruits and manipulate its foes. This talk will explore how ISIS came to embrace the power of digital technology, how its media apparatus helped establish its sinister "brand," and what can be done to undermine its communications operations.
Software development has evolved. Agile is now the de-facto standard. The role of an architect in an agile project is very different than the typical role in a more classic waterfall approach. Using an updated interpretation of `viewpoints and perspectives`, this talk will demonstrate how to make rapid, agile delivery sustainable. These viewpoints and perspectives will be linked to easy-to-produce models that can be used immediately in your projects. The talk will provide examples on how to determine which models are architecturally significant and worth the effort.
Developers have always been very important stakeholders of an architectural description. A good agile architect needs to strive for consensus and buy-in.
The Microsoft stack has changed, and suddenly, it’s not just about Windows any more. Thanks to .NET Core, we can now host .NET applications on Windows, Linux and even the Mac! So how does it work? What does it look like? And why would I want to do it? Let’s take a .NET Core app through its lifecycle, and see how to create it, and what tools we need to test and debug. We’ll also see how we host a web app without IIS, and how to deploy in a world of Docker and containers.
Few would doubt that Agile delivery is easiest when teams are cross-functional - ie they have within them all the capabilities they need to be successful.
Why then might you choose not to have purely cross-functional teams? Are there lessons there for organisations trying to move towards cross-functional teams?
We'll look at some real examples: a mature, global team, a heavily projectised and outsourced IT organisation looking to become more agile, and a UK government digital exemplar project.
Have you ever thought about how many amazing things we get in this day and age for free? Think about it, whether it’s articles in daily newspapers, social media, your code repository, your continuous integration server as a service. And that’s not even mentioning all the amazing open source libraries, frameworks that are all out there. It’s all free, and it’s awesomesauce!
But (isn’t there always a but) in reality, someone is paying for all this. Sometimes it’s being paid for with cash, other times in the form of data and in many cases in the form of liabilities.
Many of us choose to ignore this and gaze at the wonder of it all. One day however, we’ll wake up and ask where our free lunch has gone and surprised that things start crumbling down.
For too long we've lived under the tyranny of n-tier architectures. Building systems with complicated abstractions, needless indirection and more mocks in our tests than a comedy special. But there is a better way - thinking in terms of architectures of vertical slices instead horizontal layers. Once we embrace slices over layers, we open ourselves to a new, simpler architecture, changing how we build, organize and deploy systems.
The Cloud is everywhere, but how do you get into it? Developers everywhere are being told every day that the Cloud is important and that "everything is moving to the Cloud". What does that mean for developers? And what do you do with data, once it is in the Cloud?
There's a lot to master in any job, but software engineering takes this to a whole new level. A good developer has to enjoy learning, and of course we usually do this by making mistakes. But what level of knowledge divides a master from a mere competent beginner? How do we know when we've learned enough to do our job properly and consider ourselves fully qualified?
In this talk I'll help you to answer these questions by sharing the stories of my own greatest mistakes, and reveal how a lot of them ended up becoming my greatest opportunities. We'll explore what it means to fail (sometimes specatacularly) and most importantly, how to make the most of it. And remember - whether you think you know too much, or too little - you're wrong!
Firebase is Google’s full stack NoSQL cloud platform that allows developers to build extraordinary realtime mobile and web apps.
“How many developers does it take to change a lightbulb?” - “Zero; that's a hardware problem!” Is it still like that? Today’s Java developers eagerly cross the software/hardware barrier. With devices such as the Raspberry Pi and modern IDEs and APIs, it’s surprisingly simple. This tutorial shows you how to hack cloud-connected toothbrushes, sewing machines, and even your bathroom mirror with Java and DukeScript.
Contexts and Dependency Injection has become an integral part of Java to leverage dependency injection and bean management aside of EJB. The current CDI 1.2 is widely used amongst Java Enterprise 7 applications. The Expert Group is working since Fall 2014 on the next version of the specification with the goal to present the final CDI 2.0 spec in Q2/2016, which will be part of Java Enterprise 8.
You will learn about some of the upcoming highlights such as asynchronous events or how to boot CDI with Java SE. These features are already part of the early draft release. You will get an overview of the changes, the Java 8 support, and how to apply the new features in your application. This is the right session for you if you are already a CDI user or want to become one and those that are interested in the progress of JSR 365 to build first-citizen CDI applications.
Head to Head is a simple premise: I select 6 questions from Stack Overflow on a given topic (usually .NET-related) and I give the questions to the participants a week before the conference. They then come up with answers for the questions and also fun anecdotes, trivia, and code exploration.
The talk is never the same.
Simultaneously fun and informative, Head to Head packs the room consistently.
HTTP/2 has been ratified for months and browsers already support or have committed to supporting the protocol. Everything we hear tells us that the new version of HTTP will provide significant performance benefits while requiring little to no change to our applications -- all the problems with HTTP/1.x have seemingly been addressed, we no longer need the "hacks" that enabled us to circumvent them, and the Internet is about to be a happy place, at last!
But maybe we should put the pom poms down for a minute! Deploying HTTP/2 may not be as easy as it seems, since the protocol brings with it new complications and issues. Likewise, the new features the spec introduces may not work as seamlessly as we'd hope. In this session, we'll take a practical look at HTTP/2 and examine some of its core features and how they relate to real-world conditions. We'll discuss positives, negatives, and new caveats and practical considerations for deploying HTTP/2.
No matter what is your level of experience with git, you would not want to miss this session!
Having used git almost exclusively since 2008, and helping with git adoptions with many teams in startups and in mega tech corporations, I know how transitioning to git from more traditional source control systems (or using it as the first one) can sometimes be intimidating. Sometimes developers who have been using it for a while find themselves still afraid to do much with it because they cannot wrap their mind around it.
I came up with a simple set of analogies, methods, tricks and workflows, that can make the vast majority of the daily routine with git, simple, understandable, and enjoyable.
And if you end up not learning much, simply reset --hard and clean -xdf :)
I've never seen a job I didn't want to automate. Sometimes it's worked out well, sometimes automation has turned a small nuisance into a big, fragile, free-time-eating monster nuisance. In this talk, I'll explore why we automate, when to automate, the hazards of automation and the - big - rewards of automation. I'm part of the team developing IBM's WebSphere Liberty application server. We've used a mix of off-the-shelf and home-rolled tools and processes to work smarter and more productively. I'll describe what we've learned as WebSphere has transitioned to DevOps and continuous delivery and why I still can't resist trying to automate all the things.
Has the adoption of Agile techniques magically erased risk from software projects? Or more frighteningly, by changing the project environment through adopting Agile techniques, might we trick ourselves into thinking that risk has been abolished when it really still exists?
Risk is defined as “any uncertain event that can have an impact on the success of a project.” Risk mitigation, on the other hand, is about predicting the future. Does using Agile change our need to predict the future? I think not. With Agile the difference is our time horizon may be as short as one to two weeks and incorporate both development and testing, so our need to predict risks (and the future) will be different, but does not change overall. What does change is how we approach the topic.
The final punchline is that Agile risk management actually improves project performance. Projects and programs are comparatively faster, cheaper, better and make people feel better but risk has not been erased.
You're promised high amounts of code sharing when building your next million dollar business with Xamarin, but is that really what's going to happen?
We'll uncover the truth about code sharing with Xamarin; looking at custom renderers versus doing a native UI approach, as well as talking about how these decisions can haunt you throughout the development and maintenance of your app.
Object-Relational Mapping (ORM) is a design pattern that is very popular in modern web systems, but at the same time is totally against basic principles of object-oriented programming. ORM turns objects into dumb and passive data bags which simply transfer data from one procedure to another. There is a better way to design SQL representing objects.
One of the hottest and most widely used tools for log monitoring and analytics at the moment is the Elastic Stack:
* Elasticsearch doing the hard work of analyzing and searching large amounts of data.
* Logstash and Beats for collecting them.
* Kibana for powerful visualizations.
This talk gives you a deep dive into the four technologies, how they are working together, and how they can solve your problems.
At Off Grid Electric our mission is to power homes across rural Africa with affordable, solar energy. In order to do that we need to provide our employees with tools that work both on and offline. So how did we do it?
In this talk, learn about the techniques we employed to provide a unique online-offline experience in our Android applications. We’ll discuss the overall architecture, third party libraries used, and some of the challenges that we faced.
As more and more users come online in various parts of the world it makes sense for companies to begin exploring how they can modify their applications to be more network-friendly. This talk will get you headed in the right direction!
Take a break from all the deep dive coding sessions and enter the world of design research for a moment.
Sketching and prototyping is about getting the right design, and getting the design right. Traditional analogue tools such as pen and paper go a long way, but perhaps not all the way when we want to sketch and prototype to explore new and unfamiliar design situations.
Sketching is, however, not just about drawing, and definitely not an activity only for artists and designers. It is a thinking process that happens through the process of making. I will share some progress on two ongoing research projects that aim to enabling sketching for new design situations, where everything is not familiar and definitely not static. One project deals with the challenge creatives face when they try to design for a 360 degree space, and the other projects tries to support air traffic controllers who "design" the flows of aircrafts.
The research is clear: happy workers are more productive workers. Managing for Happiness is about concrete management advice for all workers. Practical things that people can do next Monday morning in order to make the organization a happier place to work, with people who run experiments and drive innovation. In this session, you will see how to manage the system, not the people. This is not only relevant for managers, but for everyone who is concerned about the organization.
Agile works to deliver the right product faster and to increase people’s motivation. Enhancing communication and collaboration are critical to creating high-performing teams. But often there’s push-back from management about not having the resources to spend on these “nice-to-have, soft skills.” What if we could prove these skills are the reason we can reap the benefits of Agile and create lasting change? Jenni Jepsen found the proof – hard scientific proof – about why things like having the overview and ownership work to make us feel more intrinsically rewarded. Jenni shares the neuro-scientific evidence of why Agile works – a far more accurate view of human nature based on breakthroughs in how our brains function, how we are motivated, and how to create lasting change.
Functional programming needs functions, side-effect free transformations, to enable lazy evaluation, memoization, function composition, and safe concurrent execution.
Frege is the only JVM language that provides this purity. It is a Haskell that runs on Java and interoperates with Java in a safe way: by rigidly requiring the demarcation of all effects that Java code may have.
In this session, you will experience many advantages of a purely functional language and how you can fully exploit them in your Java application.
Java SE 8 brings a bounty of improvements - Lambda Expressions, the new Date Time API, Completable Futures, streams and the fork/join common pool. In this code intensive session we will explore how these features can be utilized inside Java EE 7 applications with APIs such as Servlet, JAX-RS, WebSocket, CDI, EJB 3, JPA, JMS and Java EE Concurrency Utilities.
We will also briefly explore how Java SE 8 features could be effectively incorporated into Java EE 8 and beyond.
Is UX and UI design reserved for people with artistic skills that can "feel" what's right? or is there a more systematic approach we can take?
We will talk about how you can predict, detect and avoid bad UI and UX, using a no-guess system created by Microsoft Research.
We will also look at a lot of bad user interfaces so that you can learn from others mistakes and don't have to fall into their traps.
While mock objects are perfect instruments for unit testing, mocking through mock frameworks may turn your unit tests into an unmaintainable mess. Thanks to them we often hear that "mocking is bad" and "mocking is evil". The root cause of this complexity is that our objects are too big. They have many methods and these methods return other objects, which also have methods. When we pass a mock version of such an object as a parameter, we should make sure that all of its methods return valid objects. Read: http://www.yegor256.com/2014/09/23/built-in-fake-objects.html
ASP.NET Core is a fresh start. For authentication it means out with the old Http Modules’ events and in with a pipeline of Middleware. Middleware are loosely coupled components that are run by calling each other in a pipeline. They can be combined in different way. It can be a simple single cookie middleware used with an authentication form. Or it can be a powerful mixed authentication setup with multiple external providers (Google, Facebook, SAML2).
This deep dive starts with a closer look on how middleware are configured and how they interact during authentication. There will then be a look at how to implement a simple authentication middleware, identifying the different parts and how they relate to the overall pipeline model.
Devices (phones, tablets, etc.) already consume most services/data, but they have to get those services somewhere! In this session, learn how to use proven patterns & open source software to quickly and effectively build edge services - API gateways - that marshal & streamline communication between your key services and end-users with devices in hand. This session addresses vital points such as:
* Leveraging OAuth2 for service security
* Configuration services
* Microservice registration and discovery
* Circuit breakers for graceful degradation
Additional topics discussed include logging & tracing, testing approaches, and migration patterns.
The presenter will demonstrate how to develop & manage microservices & expose them via an edge service, securely, using OSS tools employed by Netflix to keep movies streaming globally 24x7.
Building extraordinary user experience requires a database that is fast, scalable, supported by a world-class infrastructure. It needs less coding. Firebase provides just that – it is Google’s full stack NoSQL cloud platform that allows developers to build extraordinary realtime mobile and web apps.
I can assure you this - you will leave this talk itching to try this blissful combination out on your current and future projects!
Writing JUnit test cases takes time, especially if you want to test a whole system thoroughly.
Testing a Java class at random is unlikely to cover many of its complex constructs and scenarios.
However, it is possible to treat test generation as an optimization problem, and then use techniques like Genetic Algorithms to address it.
In this talk, I will first describe how one could use Java reflection to build a random testing tool.
Then, I will briefly describe how Genetic Algorithms work, and how they can be applied to automated test case generation.
Such techniques are demonstrated with the open-source tool called EvoSuite (https://github.com/EvoSuite/evosuite).
Big Data is all the rage these days. But a lot of Big Data applications out there inherently rely on large, clunky, long running batch jobs. Looking to implement a real time learning system to block potentially fraudulent transactions? Or perhaps you wish to recommend some product just as a user removes an item from their basket. Waiting till the weekly 20 hour job runs isn't going to help you there.
Fortunately, we have good, robust, open source tools at hand that can enable us to tap into streaming data. In this talk, we will look at a combination of technologies that can help in this regard. Spark is a general purpose scale out processing system with support for micro-batch oriented stream processing. Kafka is a message broker developed for processing real time data feeds at high throughput and low latency. Cassandra is an excellent scale out partitioned row store with masterless, self healing capabilities that can work with Spark.
Come along, and go from Big Data to Fast Data.
With container solutions like Docker comes several opportunities, particularly in terms of bridging the gap between Dev and Ops. But there are also some new security aspects and complexity to consider if you plan to use Docker in production - especially if you want to use it in clusters. You need to think about security in several layers, and it is not only about operations. You will see examples of security threats and mitigations when using Docker, Kubernetes, Mesos, etcd and similar. You will learn how you can reduce the attack surface of your containers and clusters, and design secure systems from the attacker's perspective.
All abstractions are leaky, and we tend to think of that as a bad thing. But sometimes it’s useful to be reminded of the implementation details. Knowing how something works under the covers often makes it a lot easier to use the abstraction. Take regular expressions - very powerful, yet very hard to use - arguably a write-only language! But once you know how the abstraction works, reading and writing a regular expression becomes a lot easier. In this talk, we’ll take a look at some popular, perhaps overlooked, abstractions, see how they work, and see how understanding the level below an abstraction makes you a better developer.
This talk describes Graal, Truffle and related projects that aim to build multi-language, multi-tenant, multi-threaded, multi-node, multi-tooling and multi-system environment on top of Java virtual machine with the goal to form the fastest and most flexible execution environment on the planet!
Learn about Truffle and its Java API to become real polyglot, use the best language for a task and never ask again: Do I really have to use XYZ language?
Attackers are always trying their best to breach your network to steal the secret sauce hidden inside. This session will delve into the attacker's tool set and focus on the types of attacks that are being leveraged against companies today. I will examine tools, case studies and my own war stories.
- Introduction: Laying the ground work for the discussion.
- Types of attacks
- Attack data: We look into attack data to see what types of attacks are being leveraged against websites to provide a greater understanding of the threats posed.
- Threat modelling. What is the threat that you're actually facing?
-volumetric and amplification attacks
-web application security attacks
- Review of threat actors
- Attackers tools
-Scanners - low hanging fruit
- Mobile platform exposures
- To the cloud! An examination of booters (DDoS for hire)
- Lessons learned. How to best protect your data and web properties from attack.
- Case studies
We all know how fun and 'easy' it is to spin up environments, or even migrate our entire business into AWS. But after the initial thrill is over, comes the eventual realization that you have just traded the headache of physical hardware for something else. Something that isn't visible and almost unlimited financial risk. This talk is about that not-so-sexy part of an AWS implementation; management of it. Things like;
- [Bare Minimum] Account Security
- IAM Roles
- Service windows
Not only will you leave with an immediate checklist of items to do to your AWS account, but a set of scripts to help you wrangle these not-so-sexy items into submission.
Having accessibility skills that help you develop web sites and applications that can be successfully used by everyone, regardless of disability, is becoming more of a standard expectation of web professionals.
But sometimes it can be hard to find out how best to answer specific accessibility questions that might arise at various stages of the development lifecycle. This can lead to confusion or misinterpretation, and ultimately a lower level of accessibility in your digital products, which is bad news for your users with disabilities.
This session will consider a number of frequently asked accessibility questions—and some questions that should be more frequently asked than they are!—and provide you with some accurate answers. And, where there’s no obvious answer, you’ll learn the best approaches to take to finding the answer yourself.
MVC 1.0, as specified by JSR 371, is targeted for the upcoming Java EE 8 release.
In this session I will go through the fundamentals of this specification and explain the core concepts.
The session will include lots of code samples and tips to where to get started using this awesome technology.
Every software team writes code, but some teams produce fewer bugs than others. Every software team creates new features, but some teams develop features users love and others don't. What do high performance teams do differently, and why are team members more focused, satisfied and relaxed? They truly work together. No 10x rockstar programmer can achieve what a well rounded, enthusiastic team can.
Sven examines how the best software teams set and follow goals, integrate new members fast, ensure diversity, monitor and continually improve team health, embrace transparency, use a playbook to guide them through every phase of development and much more. He shares techniques including: bugfix rotations, OKRs, feature buddies, open demos, focus days, sanity checks and many more that help teams and team members to work more effectively together, and produce awesome results.
Algorithm Development is a term that leaves even the most experienced developers intimidated. Many of us have little exposure to algorithm development and many of us have never written algorithms. With how much influence algorithms are gaining over our lives, we must be prepared to ask tough questions: who writes these algorithms and what are the ethical responsibilities? What is our responsibility as end users and developers in relation to the surge of large corporations offering the use of proprietary algorithms?
When we look at algorithm development with a critical eye, we start to notice how deeply impactful the creation of new algorithms are to us as a society. This talk will discuss the ethical & social implications of failures using examples such as computer vision & poor AI training. We'll cover the need for multiple strategies, and their tradeoffs, for accountability through marketplaces, open source, governmental oversight & ombudsmanship.
Emotional skills are unfortunately among those things that are rarely taught in school or college, and that most people need to discover, for the better or worse, by themselves throughout life; despite of all the evidence showing that cultivating a balanced mind helps in several areas of our experience.
This talk is about learning a few practical ways, through mindfulness, of dealing with our own wrong thought patterns that prevents us from having a better performance or satisfaction about whatever we do.
Mindfulness describes the state of focusing the awareness in the present moment, by acknowledging the sensations, thoughts and feelings we have. It can be used as a means of solving the problems that are typically created by one's perception of a situation or person.
Working with Elixir is intoxicating. The syntax is clean, pattern matching is thrilling, and the power of the Erlang VM underneath is mind-blowing. But what can you actually build with it? What patterns do you use… what tools? Are Phoenix and Ecto my only choices for web and data frameworks?
In this talk Rob Conery will share his experience migrating a Ruby on Rails application to Elixir, and the choices he faced along the way. We’ll dive into Agents, Supervision Trees, JSONB and potential life on Mars as we figure out the best way to structure an application in Elixir that works great both now and into the future.
Our App Store featured iOS app is built with Clojurescript on top of React Native. YOLO tech or solid like a rock!? An experience report on building for iOS with Clojurescript. Is mobile ready for functional and logic programming? Let me give you an overview of the landscape, experiences, tricks and unsalted opinion. Oh, and freebies!
Kubernetes is a great tool to run (Docker) containers in a clustered production environment. There are also a few things that Kubernetes doesn't solve though. When deploying often to a production environment we need fully automated blue-green deployments, which makes it possible to deploy without any downtime. We also need to handle external HTTP requests and SSL offloading. This requires integration with a load balancer like Ha-Proxy. Another concern is (semi) auto scaling of the Kubernetes cluster itself when running in a cloud environment. E.g. partially scale down the cluster at night.
Although Kubernetes doesn't provide these things out of the box, it does provide an API that can be used to make all of this happen.
In this technical deep dive you will learn how to setup Kubernetes together with other open source components to achieve a production ready environment that takes code from git commit to production without downtime.
Hypermedia and unicorns are so 2011! The next evolution in APIs on the web may well be linked data. With the recent adoption of json-ld by Google, we may finally be seeing the semantic web break into our world, bringing the benefits of graphs of semantic data to your APIs. We will discover, by visiting a magical world, what resources are, how we can describe them, and how they relate to one another. Don't be afraid, you will discover many mythical creatures, from resources and tuples to json-ld, hydra, and maybe even a sprinkle of RDF. So come feed the links!
It seems like everyday there is a new headline about a security breach in a major company’s web application. These breaches cause companies to lose their credibility, cost them large sums of money, and those accountable undoubtedly lose their jobs. Security requires you to be proactive. Keep your employer out of the headlines by learning some key security best practices.
This session is designed to teach you how to identify and fix vulnerabilities in Java web applications. You will learn ways to scan and test for common vulnerabilities such as hijacking, injection, cross-site scripting, cross-site forgery and more. You will learn best practices around logging, error handling, intrusion detection, authentication and authorization. You will also learn how to improve security in your applications using existing libraries, frameworks and techniques to patch and prevent vulnerabilities.
Microservices are all the rage, and everyone talks about Docker, deployment, automation and infrastructure. But how do you get it working at a large company, when you have so many departments and stakeholders? How do you efficiently deploy and manage services across different teams and technical levels? And how do you do it with legacy in place?
This talk goes into detail about the real-world experiences of doing IT transformation at scale. The answer lies in a 14-year-old book called "Domain-Driven Design", as applied to modern service-based architecture.
The talk is both organizational and technical in nature. We'll discuss the concepts of domain-driven design, modern agile concepts like squads and guilds, as well as the details of API orchestration. We'll also look at API best practices around versioning, authentication, service discovery, and automated deployment.
The Erlang language and system was designed around a set of requirements for telecom systems. They were distributed, massively concurrent systems which had to scale with demand, be capable of handling massive peak loads and never fail. The Erlang concurrency and error-handling model was developed around these requirements. This talk will describe the development of the language and the design of systems based on the Erlang. It will also look at the further development with the introduction of new languages in the Erlang environment - the Erlang ecosystem.
Patterns of yore like MVP, MVVM etc. have taken the mobile world by storm these days. These are not new concepts per say, but their application to the world of mobile development is new.
In this talk, I share some of the learnings from having adopted this pattern in an actual production application.
What are the common patterns used in mobile these days? What are the problems with adoption? What are the advantages of adoption? How do we adopt these patterns in a way that doesn't lead to death by abstraction?
We'll discuss the juicy learnings from war stories in this session.
Most of us involved with product design and development like to solve problems rather than create them. But we are often tasked with solving abstract business or process problems rather than people problems. When we focus on the back-end aspects of a website or app, we may inadvertently create problems on the front end, for the people who use it.
In this session we will look at the benefits of user research through the lens of accessibility, as a way of gaining insights into accessible and usable interface and interaction design patterns.
In Ember, Handlebars is a small, Lisp-y templating language we use to express our application's user interface. We use Keywords, Helpers and Components and other primitives to build upon this language, and the result of this is a larger vocabulary in which we can declare our intent much more clearly. Let's explore how Keywords and Helpers augment Handlebars, and cover techniques and patterns for creating our own Helpers in good taste.
In this talk, we'll cover everything from the Rule of Least Power, declarative templating, as well as patterns and anti-patterns of creating helpers.
In my group at Microsoft, we have worked with the United Nations, Guide Dogs for the Blind in the UK, and Ströer in Germany on a number of projects involving high scale data.
In this talk, I'll share some of the best practices and patterns that have come out of those experiences: best practices for storing and indexing geospatial data at scale, incremental ingestion and slice processing of the data, efficiently building and presenting progressive levels of detail on a web and mobile.
The audience will walk away with an understanding of how to efficiently summarize data over a geographic area, general methods for doing incremental updates to large scale datasets with Apache Spark, and best practices around precomputing high scale frontend data views.
Q: What do you get if you cross Kanban and Extreme Programming?
A: Xanpan! - an XP/Kanban hybrid
The world doesn’t need another software development methodology - there are plenty already! But each team needs to learn and create their own. Xanpan is a hybrid development approach, a mix of Kanban and Extreme Programming, with a bit of Lean thrown in, seasoned with economics and refined over many teams. Xanpan demonstrates how elements of XP and Kanban can be combined and used as an effective development approach.
The resulting focuses on teams not projects, allows planned and unplanned work within iterations.
Xanpan started life simply as adding flow thinking to XPnow it has principles and practices, most of which are rooted in Kanban and XP. This presentation will describe the principles and describe the key practices. It will look at how and why these practices support the principles.
"Xanpan - team centric Agile Software Development" is available fro LeanPub.com and Amazon.
Visual Studio 2015 was a release rich with diagnostics improvements in the profiling and debugging space, and Update 1 brings a slew of additional features! In this talk we'll highlight how Visual Studio can be used most effectively as a live and historical debugger with features like IntelliTrace, CPU usage while debugging, heap snapshots while debugging, and more; we'll also talk about the new Diagnostics Hub experience that lights up a variety of performance measurement tools depending on the target you choose; and finally we'll see how to use the diagnostics tools in your production environment, where you don't have Visual Studio installed.
“It is not necessary to change. Survival is not mandatory.” -W. Edwards Deming
Work takes time to flow through an organization and ultimately be deployed to production where it captures value. It’s critical to reduce time-to-production. Software - for many organizations and industries - is a competitive advantage.
Organizations break their larger software ambitions into smaller, independently deployable, feature -centric batches of work - microservices. In order to reduce the round-trip between stations of work, organizations collapse or consolidate as much of them as possible and automate the rest; developers and operations beget “devops,” cloud-based services and platforms (like Cloud Foundry) automate operations work and break down the need for ITIL tickets and change management boards.
But velocity, for velocity’s sake, is dangerous. Microservices invite architectural complexity that few are prepared to address. In this talk, we’ll look at how high performance organizations like Ticketmaster, Alibaba, and Netflix make short work of that complexity with Spring Boot and Spring Cloud.
The cloud is the new normal and it is time to rethink how we see machines and deployments. We have been piling layer upon layer of complexity for too long. But why should it be this way? It is time to radically simplify all this.
In this talk, we'll throw general-purpose operating systems, snowflake servers and runtime provisioning out the door. Instead you'll see how servers become disposable, how machine images are generated from scratch in seconds and how to achieve perfect environment parity from dev to prod.
This is Immutable Infrastructure. It is a profoundly important change as to how we view and treat our systems. We'll go deep. We'll look at how this affects scaling, logging, sessions, configuration, service discovery and more. We'll also look at how containers and machine images compare and why some things you took for granted may not be necessary anymore.
But beware, neither sacred cows nor kittens will be spared!
The 21st century will see the rise and dominance of the creative economy. In an ever-changing environment, success can only come from a never-ending wellspring of ideas that help workers to make fun, make money, and make a difference. There is only one place where those ideas can come from: people. We used to call them knowledge workers, because in the industrial economy and in the service
economy, those with the most knowledge were best able to solve problems. In the creative economy, that’s all different. The knowledge you have today? It’s useless tomorrow. More important now is that people are a creative networkers. So how do we get people to be creative? The problem with organizations stuck in the industrial economy or in the service economy is that they place the wrong constraints on people. This needs to change. The creative economy is spreading, globally. If your employees don’t come up with new ideas for innovative products and services, those at other companies will.
We've all experienced deadlocks, and we all hate them, but how do we prevent (and potentially fix) them?
That's right, no one likes applications crashing or giving users an unexpected behaviour. Introducing asynchronous patterns is so much more than just applying async and await to your methods; you really, I mean really, need to understand what's going on.
In this session, we'll make sure you know how to avoid crashing your applications, and how to adhear to best practices when applying asynchronous patterns in our .NET applications.
Bugs make us slow. They annoy our users. They drain our revenues. We software developers are all too familiar with them. But not too far in the future, as software takes on a more central role in our lives, bugs will start driving us off cliffs and poisoning our bloodstream.
Are bugs a natural consequence of software? Are they all created equal? Can we prevent all of them? In this talk, we'll draw from some deeply powerful ideas and tools that can help us reason about what our code is doing, and we'll explore how they can render entire classes of bugs obsolete.
Let's discover how powerful logics, expressive type systems and generic code might just be our best allies in building the systems of tomorrow.
Moving to a distributed system will solve all your problems and you will be in developer heaven. Right? Not exactly, having hundreds of services doing different things means it's increasingly difficult knowing where exactly production issues are hiding.
In this talk Sam Elamin will relate his real life experience working on a distributed system dealing with £100,000 worth of transactions every hour. Sam will cover monitoring and how to develop your features based on how your customers use your platform and, most importantly, business metrics.
Sam will cover how to implement metrics in your application and setting up dashboards to gaining visibility into what is happening in your production system right now. We'll also go through some helpful techniques to help you convince your domain experts that gaining this insight is invaluable to keeping your competitive advantage.
The challenge of modelling and balancing the economy of a large scale game is one of the biggest problems game developers face and one that many have tried to solve by simply throwing man-hours at it... But there's a better way!
Learn how Gamesys did it by leveraging graph database Neo4j to model the in-game economy of our MMORPG "Here Be Monsters" and automate the balancing process. We'll discuss lessons learned, successes and challenges, and how a graph database enables our small team of game designers to stay agile and focused on delivering new content to players.
Learn how to take part in Java technology evolution through the Java Community Process (JCP) program. You can participate as an individual, corporation, or nonprofit such as a Java user group (JUG). This session outlines why and how to participate in the JCP Program. You will also learn about the global Adoption programs and how you can participate in the programs. We will discuss details such as how to run hack days, collaborate with other JUG leads on Adopt-a-JSR activities, and review use cases from other JUGs around the world contributing to the Java EE 7 and Java SE 8 JSRs. Currently there are new JSRs being submitted and developed for the Java EE 8 and Java SE 9 platforms. Find out how you have contribute to the future editions of the Java Standard and Java Enterprise Editions.
What is Servant Leadership? Is it just “unblocking all the things and getting out of the way”?
In this session, Mike would like both to challenge that misrepresentation of this classic leadership model and to show Servant Leadership’s present-day relevance to the challenges of Lean-Agile transformation.
We'll explore six transformation strategies (honestly, with their respective pitfalls) and the opportunities for demonstrating and developing Servant Leadership that go with each of them.
Who were the most influential bands of Rock history? Which bands could not exist if there was no Velvet Underground? How much Shoegazing subgenre is related to the Drone music?
Rock music history was perhaps full of drugs and alcohol but we are sobering up to represent it in terms of (social) networks and find mathematical relationship between artists, trends and subgenres. Full of DataViz and interesting relationships, we will pick up a few common clustering and network analysis algorithms to analyse the publicly available Wiki data. Expect lots of air guitar power chords and virtuoso solos.
Not necessarily, but that doesn’t mean we should discard DSL’s. In fact, DSL’s are really powerful when they are small and focused. In this talk we’re going to show a few DSL’s that we can create to deal with different aspects of our application, whether it’s business dealing with tax rules or infrastructure and working with transactions, and see how with very little effort we can create more concise, maintainable and readable code.
So you've built your HTTP API, and now that it's live, you're suddenly dealing with a whole new set of problems. Do you really need to PUT the entire Customer just to change someone's email address? Why does it take you 25 API calls just to render a shopping cart? How do you find the bottlenecks when just drawing a web page requires fifty HTTP requests? What happens when one of your API consumers accidentally tries to GET your entire customer database?
In this talk, we'll look at the problems of running ReSTful APIs in the real world, and the architectural patterns that exist to help us solve those problems. We'll talk about hypermedia - how does it work and why does it matter. We'll look at resource expansion, and how it can reduce your server workload and speed up your client applications. We'll talk about how to implement PATCH properly, how to handle security and authentication for your APIs, and what tools and services exist to help you design, deliver and debug your HTTP APIs.
Sick of developing a user interface for mobile, then doing it again for desktop, then again for tablet? How about including features that make sense on a smaller device, but not on a larger screen? Or what if you want the layout of elements on the screen to change based on screen size and device type? Get familiar with the Adaptive UX patterns, features and elements of the Windows 10 Universal Apps, and it will make your developer life more about features, less about plumbing (and avoiding losing those last few hairs on your head).
It's faster to get your toaster hooked up to the internet than it is to make it actually toast bread. And in even less time it can start making friends, with your fridge, your webcam and approximately 350k other devices in a big friendly botnet being used to attack corporations and random websites. In the growing world of IoT what does security even mean anymore and who is looking at it. (is anyone?) What does the rush to market mean for the security within the IoT space, and what, if anything, can we do about it.
Excitement swirls around Kotlin, and we developers want it in our codebases. From an Android engineer's point of view, Eric will talk about the best ways to start using Kotlin at work and what parts of a Android codebase really benefit from Kotlin usage. With the 1.0 stable release, convincing your coworkers to get Kotlin into at least your tests is an endeavor worth undertaking!
I will review the state of quantum computing research, focussing on leading technologies and approaches. One approach in particular, topological quantum computing, is poised at the forefront of physics. This approach aims to create a new kind of delocalized state in a condensed matter system, the so-called Majorana zero mode, that will allow quantum information to be manipulated by braiding particles around one another. The state has been found. Can it be braided?
We've had a good run doing dark magic in our corners of the job market. People didn't know what we did and we were terrible at explaining it, which is why we were left alone. Now the media has run out of distractions and computers, machine learning and artificial intelligence is everywhere. What does that mean for us? What skills do we need? Is this the end? Are we safe from automisation? Chris Heilmann will talk about his life as a successful, possible impostor and show what our role should be in this change.
If you find yourself copying and pasting code from your build.gradle file every time you start a new project, then it's time you learn about Gradle Plugins. Come and learn what it takes to create a custom Gradle plugin for use in your Android/Java applications.
We're going to go over the following:
Walk away feeling empowered to create your own awesome plugins!
You're sold on non-traditional developers but now that you've hired someone, how do you ensure that these novice software engineers are productive, happy team memebers without wasting time or talent? With experiences pulled from managers of non-traditional developers as well as the bootcamp grads themselves, you'll leave this session with a deeper understanding of the challenges and risks of onboarding bootcamp graduates. We'll also go over strategies for managers, lead developers, & mentors on how to cultivate your new hire and grow a culture that ensures everyone on the team thrives.
This talk will cover:
- Beyond Day One: The basics of on boarding
- Structure & Guidance: How to guide your new developer into being a self-sufficient contributor
- Mentoring: For all the skills not taught at the bootcamp
- Team Dynamics & Culture: Ensuring that the team provides a healthy, welcoming environment in which the new developer can succeed
This talk will introduce you to the awesome Go language and show how powerful and easy it is to deploy it to any cloud powered by Kubernetes, a tool backed by Google and also written in Go.
You'll be given walk through on how to build and run your first Go program on a Docker container, and deploy that container to a Kubernetes cluster running on Google Compute Engine.
You might have the keys to the kingdom and not even know it. This demo-based hacking session will guide you through an advanced attack showing how developers are becoming more and more valuable from an attacker's perspective. You will learn how criminals can steal the secrets you hold and why the security of your system can be critical to the entire organization. From penetrating the network to identifying individuals and installing keyloggers and backdoors, Fabio will bring his experience in advanced penetration testing to show you what a determined attacker with a specific goal would do to your IT environment.
As developers, you interact with Android system services every day. They expose a host of platform features to applications, but what do you really know about them? In this talk, we will examine the system service architecture that connects applications to device hardware. You will gain a deeper understanding of core platform technologies such as Binder IPC and AIDL, which you can use to tune how your applications interact with the platform.
You've seen it: Agile Fatigue, Lean Lethargy, SAFe Cracked, DAD Deadbeaten, Kanban Corrupted. We've been ritualed, frameworked, and holocracized until we're blind.
All to the point that people sit around and say, "Is my shirt Agile?" "Can I document anything anymore?" "Am I allowed to have work that isn't on a board?" "Where do I fit in that gigantic diagram?"
We've all forgotten that process is not a product, it's a means to an end. We want to build stuff, we want to make money, we want success.
Jim Benson, who may be responsible for a process or two, (Personal Kanban, Lean Coffee) will lament the Process for Profit mill we've created, tell some funny stories of people stuck in these anti-systems, discuss the social and psychological reasons why this has happened, and offer some concrete suggestions of how we can evolve into better ways of working.
File synchronization services like Dropbox, Google Drive and OneDrive are increasingly popular—hundreds of millions of people entrust their precious data to them every day. But they are complex distributed systems, and their behaviour is subtler than you might think, especially when files are changed on more than one machine. What can we rely on when we use these applications—and how can they be tested effectively? I’ll describe how we used QuickCheck to characterize their behaviour and generate tests, using Dropbox as the main example. And there may be a few surprises…
Do you know how well your base is protected or do you fear getting getting the classic "All your base are belong to us" on your screen when you logon in the morning?
A good way to get a comfortable feeling in your current security setup, is by knowing which flaws it has. There are many ways to do it and often you will see consultants being hired to figure out your state of the union. Sure it can work out well by doing so, but you can get a bigger benefit from their services if you have already done your initial thoughts before they show up.
As developers and new into the security scene there are many tools that will help us doing the initial risk assessment, when you leave this session you will be able to go back home and start your assessment.
By knowing your risks, you can start mitigating them...
Expressen is the fastest growing media site in Sweden. In 2013 I joined Expressen with the goal of, together with a few others, build a new development department. This is the story of how we went from zero to 60 developers. This is the story of how we gradually went from a monolithic .NET CMS to a plethora of small applications built with Node. This is the story of how we built an agile and fearless culture.
While I don't have all the answers, far from it, few have the opportunity to build a new development department from scratch in a billion SEK company with a strong brand and I'll share some of the lessons that we've learnt. Both technical and organizational.
Crystal is a new programming language that focuses on developer productivity, type safety and execution performance. It is statically checked and compiles to native (machine) code. It combines a powerful type inference algorithm, compile-time macros, compile-time type introspection, automatic union types and Ruby-like syntax, allowing quick prototyping and generating efficient computer programs. It provides a Garbage Collector, has non-blocking IO and lightweight processes, uses LLVM as its backend and doesn’t run on a Virtual Machine. In this talk we will show some examples and patterns that arise from combining all these language features.
One of the most (the most?) important microservices styles is based on strategic design from Domain-Driven Design (DDD). In this presentation we will explain how to utilise it. We will also describe pros and cons from the experience of several real world projects. You will learn how DDD can help your design both in the large and the small and you will be able to benefit already tomorrow!
This session elaborates on how a modern web tool stack is used to get you and your team productive. After this session, you will know what tools such as Yeoman, Grunt, Gulp, Bower, and their friends are like. This is not a web framework battle. It’s all about the tooling for productive web development that every Java developer should know about.
If you want evidence that the software development industry is susceptible to fashion, just go and take a look at all of the hype around microservices. It's everywhere! For some people microservices is "the next big thing", whereas for others it's simply a lightweight evolution of the big service-oriented architectures that we saw 10 years ago "done right". Microservices is by no means a silver bullet though, and the design thinking required to create a good microservices architecture is the same as that needed to create a well structured monolith. And this begs the question that if you can’t build a well-structured monolith, what makes you think microservices is the answer?
Consistency is hard and coordination is expensive. As we move into the world of connected 'Internet of Things' style applications, or large-scale mobile applications, devices have less power, periods of limited connectivity, and operate over unreliable asynchronous networks. This poses a problem with shared state: how do we handle concurrent operations over shared state, while clients are offline, and ensure that values converge to a desirable result without making the system unavailable?
We look at a new programming model, called Lasp. This programming model combines distributed convergent data structures with a dataflow execution model designed for distribution over large-scale applications. This model supports arbitrary placement of processing
node: this enables the user to author applications that can be distributed across data centers and pushed to the edge. In this talk, we will focus on the design of the language and show a series of sample applications.
Alright, so maybe "bootiful" won't ever work, but I tried, and it was worth it too because you're reading this. Spring Boot, the new convention-over-configuration centric framework from the Spring team at Pivotal, marries Spring's flexibility with conventional, common sense defaults to make application development not just fly, but pleasant! Spring Boot aims to make address the common functional and non-functional requirements that gate quickly moving to production.
Join Spring developer advocate Josh Long for a look at what Spring Boot is, why it's turning heads, why you should consider it for your next application (REST, micro services, web, batch, big data, integration, whatever!) and how to get started.
Why yet another lisp? This talk will look at some of the basic properties of the Erlang VM and OTP and how they affect implementing languages on it. It will show what makes existings lisps, even Clojure, a bad fit. LFE (Lisp Flvaoured Erlang) has been designed to run efficiently on the Erlang VM and at the same stime be a "real lisp" providing Lisp's good bits. We will describe the language and how it uses the properties of the system to run efficiently and interact seemlessly with other languages running in the Erlang ecosystem.
You've spent months re-architecting your monolith into the new microservices vision. Everyone gathers around to flip the switch. You navigate to the first page...and nothing happens. Refresh...still nothing. The site is so slow, it won't respond for minutes. What happened?
In this session, I'll walk through a post-mortem of a real-life microservice disaster. I'll show the modeling, development and production problems we found, and how we slowly morphed the new distributed monolith into our final picture of sanity. While we can't prevent project failures, we can at least identify problems early on in our design so that our final product results in a clean, robust distributed system.
A distributed system can be more available than its minimally available part. A whole can be larger than the sum of its parts.
Distributed systems are hard, but are even more difficult if you are not thinking about them with a distributed set of mind.
When building such systems, we have to be aware of the fallacies of distributed computing. We must think about failure scenarios and account for them.
We will cover real-world scenarios and try to apply a few surprisingly simple techniques that might have helped avoiding distributed systems failures.
How good are your test cases? Maybe they are good, or maybe you need to add some new ones.
How to tell? You can measure things like code coverage, e.g. to check if some parts of your code were not executed.
Still, this does not tell you anything about the quality of your assertions.
In the extreme case, a test suite with no assertions might still achieve 100% code coverage, although being of questionable value.
Mutation testing is a technique that is used to automatically inject faults in your code, and then check if your test cases can “kill” those “mutants”.
In this way, the quality and effectiveness of your assertions can be evaluated.
In this talk, I will discuss the benefits and challenges of mutation testing, and also show open source tools like PIT.
Agile reminds us that the focus of any set of requirements needs to be on an outcome rather than a collection of whats and whos. Storytelling is a powerful tool to elevate even the most diehard requirements analyst from a discussion of individual requirements to a discussion of outcomes. Outcomes are the big picture that acts as an anchor for whole efforts and which is continuously broken down into more and more detailed backlogs. The onion metaphor that is popularly used in agile planning can be used to describe the evolution of backlogs. Building an initial backlog is much like peeling through the layers of an onion to get to the core. There are many mechanisms for developing and maintaining the detailed backlogs, including asking, observing, showing and hybrids. Using the onion metaphor, techniques for developing and splitting user stories are the second layer of the onion. However, before getting to the center of the backlog evolution onion, we need to understand the big picture.
Everyone knows that security is something that 'should be' included, but far to often, isn't. Why not? Is security simply the new buzzword? In this talk we will cover why security fails and how to recognize when you're company is struggling to get security included. We'll go through what a developer, tester or manager can do to get this vital topic included from requirements to testing. Using simple practical things, any organization of any size can move forward in their security work, it's simply a matter of knowing where to start.
What do you do when your application crashes or hangs in production? Even if you have good monitoring, nothing can compete with a debugger or a full process dump captured on a production system. But you can't always afford the time to analyze hundreds of crash dumps. In this talk you will learn how to perform completely automatic dump analysis and triage using Microsoft's ClrMD, a .NET library that can explore threads, call stacks, and exceptions; visualize threads and locks to form wait chains and detect deadlocks; and walk heap memory to inspect important objects for your application. With automated analysis tools you can take back full control over what happens in your staging and production environments.
The last 2 years of my life I have worked with hospitals in Indonesia. That's pretty strange territory for an IT-consultant and I was worried how my experiences with kanban, lean and agile could be used in this setting. Would it be applicable and useful?
Through the unfortunate opportunity of a disaster (the roof of a hospital fell in) I soon got chance to flex all of my knowledge to save the hospital.
In this talk I will describe how the basic ideas, principles and techniques of Kanban, Lean and Agile helped us to save a hospital from bankruptcy. Twice.
In just 1,5 years the hospital kanban and lean principles guides us from being virtually bankrupt to not only making money everyday on average, but also adopted a hypothesis driven business management.
Using these principles and ideas in a total different setting I gained a much deeper understanding of them, and also needed to find other ways to describe and apply the practices I've taken for granted in "our" culture and setting.
Are microservices a wonder-pattern for rescuing intractably complex applications? Or are they just a restatement of the software engineering best practices we all should be following anyway? Or something in between?
How do they work? How should they be written? What are the pitfalls? What are the underpinning technologies? Using balloons, raspberry pis, and the cloud Holly demonstrates refactoring a monolithic application into microservices.
Android 6.0 Marshmallow brings runtime permissions to users.
Marshmallow MR1 and N have subtle changes, too.
Are you targeting API level 23 or 24 yet?
What changes affect developers? Learn about the basics as well as the edge cases of requesting permissions. The new permission model has opened up a great opportunity for developers, as users do not have to agree to all permissions up front. See how runtime permissions can build trust with your users!
Tired of projects where the wrong thing is tested? Finding TDD too time-consuming or too hard? High test coverage and your users still find bugs? Don’t understand if your tests are unit, integration, automation? InVEST in your future; come and discover how vertical slice technology helps to write those tests that matter. The hyperboles are included for free.
APL is an interesting beast, with an immense level of expressiveness locked away in a syntax that instantly scares away all but the initiated.
In this talk, we'll take a gentle introduction to APL and demonstrate its power to implement complex algorithms in very little code. We'll compare examples with equivalents in C# to illustrate why APL is much better suited as a "thinking tool" for programmers.
Software is being embedded in more and more devices. IOT is poised to become the growth area for software and testing with billions of devices and new software connected to the internet. IoT is the intersection of embedded, mobile, communications, and traditional software environments in combination with user demands. Embedded devices face new challenges in safety related testing.
Jon considers the impact to development and test teams based on these challenges. He outlines the development and use of data, tools, modeling, and patterns to address these challenges. Future test approaches proposed in the presentation include: use of crowd testing, leveraging case-based AI test tools, model-based testing, math-based testing, attacks/tours in test exploration, and how best to leverage data. The presentation will define how teams must think and structure development and testing of IoT to achieve an optimized product production strategy.
The history of software is rich with extraordinary individuals whose knowledge of their systems was unrivalled. But in 2016, where distributed systems and machine learning are ubiquitous and the average web app uses two frameworks, four languages and six caching layers, does it make any sense to talk about full stack developers? Are we clinging to outdated paradigms, nostalgic for the days when one person really could know all the answers, or does overspecialisation pose a genuine threat to the established conventions of software development? And if it does, should we resist it - or welcome it as a change that's long overdue?
It's 25 years since Tim Berners-Lee created the first web page. In this talk, we'll look at the history of the World Wide Web, exploring what we've learned - and forgotten - along the way. We'll reflect on a quarter-century of writing code, designing systems, building teams and shipping products, and we'll take a speculative look at the next 25 years of the web.
Coding is fun and rewarding, but sadly we need more than just programming skills in order to build great software and deliver value to our customers. Software is a people industry, and we have to get to grips with collaborative design, select the best architecture, processes and tools, and then convince others that our approach is correct. Where's the stack overflow for that!?
Fortunately, many problems you'll encounter in your career in software boil down to just a handful of core concepts from which many solid strategies can be derived. This talk will cover three of these that I consider most important, things I wish I'd known years ago. You'll learn ways to help guide your team on their journey to building better software, and more importantly identify when your way may not be best after all (!)
But I quickly realised that I had to unlearn a great deal of "best practices" and "design patterns" native to today's most popular programming languages.
This talk explores the topic of thinking in Elm. How to translate the previous knowledge we have acquired when building applications into a purely functional language: How to deal with error conditions, concurrent updates and how to create delightful functional APIs are some of the questions this talk will try to answer.
Data Science is the new Kool Aid, and everybody's drinking it. Beneath the coolness factor, there lies a culmination of a number of disciplines that come together with the ultimate goal of leveraging knowledge buried in data. In this talks, we will look at some of the aspects that fall under the umbrella term of Data Science. We will discuss Statistical Analysis, Machine Learning, Data Wrangling, distributed databases and data stores, realtime stream processing systems, etc. We will also look at how you can learn some of these things from the vast resources available in this field, and take your first steps in a brave new world.
The actor model adopts the philosophy that everything is an actor. It provides a pattern for concurrent communication allowing discrete units of computation called “Actors”. Actors maintain their own private state and interact with the outside world, and other actors using messages. Microsoft Azure Service Fabric introduces Reliable Actors, building on the Virtual Actor pattern to provide a programming model build on the scalability and reliability of the Azure Service Fabric platform.
In this demo intensive session Alan will show how Reliable Actors can be leveraged in cloud-based applications. Starting with a detailed overview of the actor model explaining the key concepts of the actor model the session will introduce telemetry processing for a fitness application as a scenarios. The implementation of this scenario will then be demonstrated, showing how the functionality of Reliable Actors can be used to implement the concurrent processing of multiple telemetry streams.
Ask somebody in the building industry to visually communicate the architecture of a building and you'll be presented with site plans, floor plans, elevation views, cross-section views and detail drawings. In contrast, ask a software developer to communicate the software architecture of a software system using diagrams and you'll likely get a confused mess of boxes and lines. I've asked thousands of software developers to do just this and the results anecdotally suggest that effective visual communication of software architecture is a skill that's sorely lacking in the software development industry.
This talk explores the visual communication of software architecture based upon my experience of working with software development teams across the globe. We'll look at what is commonplace today, the importance of creating a shared vocabulary, diagram notation, the value of creating a model plus how to use tooling and static analysis techniques to automate diagram generation.
Party culture is dead. Will sensor-driven interactive audio-visual shows revive it?
Today's applications are expected to provide powerful full-text search. However, the topic can be relatively complex and is often the least understood part of the infrastructure. This talk covers:
* How full-text search works in general and what the differences to databases are.
* How to implement common requirements with Elasticsearch.
Attendees will learn how add common search patterns to their applications without breaking a sweat.
Content Delivery Networks (CDNs) are relatively commonplace and using them is becoming more and more essential to applications for performance, security, and cost reasons. However, not all caching is the same and, when using a CDN, applications aren't necessarily taking advantage of all the caching features. Also, modern CDNs offer control, programmability, and visibility unlike what was available just a few years ago
In this talk, we'll discuss caching strategies when using CDNs. More specifically, we'll cover caching long tail content, caching fast-changing content, invalidation, stale and error conditions, and best ways to interact with a CDN when it comes to cached content. We'll use real-world examples to showcase new ways of using a CDN as a platform that extends applications to the network edge. We'll also discuss other values that a CDN provides and examine best practices for getting the most visibility and control over application traffic.
Why do so many IT projects fail? And what can we do about it?
Most companies and organisations know (or at least have heard) that they should work in a more agile manner. But it's generally a hard sell to the people in charge. This talk dissects the agile practices from an economic standpoint, showing that it actually makes business sense even if the project itself was to fail.
By adjusting the metrics from what is easily measured to what actually matters, we can create the correct incentives for producing real value. But, as it turns out, implementing the steps necessary for making IT truly profitable also has profound implications for some of the tools and practices we tend to take for granted.
Functional programming promises to help with the difficulties of parallel and concurrent programming. Frege - a Haskell for the JVM - approaches this aspiration with purity. It uses only pure functions concurrently. These functions are guaranteed to have no side effects and to work solely on the immutable arguments.
Frege is the only JVM language that can guarantee purity through the type system at compile time - even if we call into Java methods!
With this guarantee we can safely go parallel and even employ advanced concepts like software transactional memory (STM) in a safe manner.
If this sounds too good to be true, this session will show you how it works and how you can use it yourself in your Java projects.
With Java 9, modularity comes to your doorstep (whether you ordered it or not). This isn't your average language feature: making the most out of it may involve rewiring your brain. In this session we explore the benefits of a modular codebase using Java 9 modules. Because who doesn’t like more reliable and secure applications, meanwhile killing the dreaded classpath?
After reviewing the basic concepts of modules, we'll explore modularity patterns that enhance your design and development skills. We all have existing software, so migration of codebases to a modular world is an important topic as well. Automatic modules, the 'unnamed' module and other new concepts are added to your toolbox to this end.
Want examples? We've got plenty in this practical and code-driven talk. Even if you intend to use Java 9 without modules, this talk helps you prevent common issues. You'll be ready for Java 9 before you know it.
Both speakers are currently writing “Java 9 Modularity” for O’Reilly.
In this presentation Ancilla van de Leest will walk you through the argument of why the right to Privacy is actually a basic human right.
Through numerous illustrations of current affairs placed in a historical context, we will learn that the right to privacy goes way beyond the 'but I've got nothing to hide' argument. It actually holds the key to the checks and balances of our very government.