Getting software released to users is often a painful, risky, and time-consuming process. This workshop sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. This workshop focuses on the Deployment Pipeline concept from Continuous Delivery.
In this workshop I move from release back through testing to development practices, analyzing at each stage how to improve collaboration and increase feedback so as to make the delivery process as fast and efficient as possible. At the heart of the workshop is a pattern called the deployment pipeline, which involves the creation of a living system that models your organization's value stream for delivering software. I spend the first half of the workshop introducing this pattern, and discussing how to incrementally automate the build, test and deployment process, culminating in continuous deployment.
Getting software released to users is often a painful, risky, and time-consuming process. This workshop sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. This workshop focuses on the agile infrastructure required to implement a deployment pipeline and continuous delivery.
In this workshop, I introduce agile infrastructure, including the use of Puppet to automate the management of testing and production environments. We discuss automating data management, including migrations. Development practices that enable incremental development and delivery will be covered at length, including a discussion of why branching is inimical to continuous delivery, and how practices such as branch by abstraction and componentization provide superior alternatives that enable large and distributed teams to deliver incrementally.
A Technology Radar is a tool that forces you to organize and think about near term future technology decisions, both for you and your company. This talk discusses using the radar for personal breadth development, architectural guidance, and governance.
ThoughtWorks Technical Advisory Board creates a “technology radar” twice a year, a working document that helps the company make decisions about interesting technologies and where we spend our time. ThoughtWorks then started conducting radar-building exercises for our clients, which provides a great medium for technologists company-wide to express their opinions about the technologies they use every day. For companies, creating a radar helps you document your technology decisions in a standard format, evaluate technology decisions in an actionable way, and create cross-silo discussions about suitable technology choices. This session describes the radar visualization and how to conduct a radar building session for yourself. After a brief introduction, the bulk of the workshop consists of attendees building a radar for the group, following the same procedure you'll use when you do this exercise at your company. At the end, we'll have created a unique Radar for this event and practiced doing it for yourself.
After almost a decade and several significant releases, Spring has gone a long way from challenging the then-current Java standards to becoming the de facto enterprise standard itself. Although the Spring programming model continues to evolve, it still maintains backward compatibility with many of its earlier features and paradigms. Consequently, there's often more than one way to do anything in Spring. How do you know which way is the right way?
In this session, we'll explore several ways that Spring has changed over the years and look at the best approaches when working with the latest versions of Spring.
For a long while, we've built applications pretty much the same way. Regardless of the frameworks (or even languages and platforms) employed, we've packaged up our web application, deployed it to a server somewhere, and asked our users to point their web browser at it.
But now we're seeing a shift in not only how applications are deployed, but also in how they're consumed. The cost and hassle of setting up dedicated servers is driving more applications into the cloud. Meanwhile, our users are on-the-go more than ever, consuming applications from their mobile devices more often than a traditional desktop browser. And even the desktop user is expecting a more interactive experience than is offered by simple page-based HTML sites.
With this shift comes new programming models and frameworks. It also involves a shift in how we think about our application design. Standing up a simple HTML-based application is no longer good enough.
In this session, we'll discuss what the next generation of applications looks like, exploring such things as the mobile web and cloud computing. We'll also dig into some of the technologies and practices such as REST, OAuth, and JavaScript microframeworks that enable us to move forward.
In this session, we're going to start with the basics of how to setup Spring for developing web applications. With that foundation set we'll quickly move into the nuts and bolts of developing web applications that leverage the capabilities offered by Spring MVC, including several new features introduced in recent releases, up to and including Spring 4.0.
From the very beginning, Spring has included Spring MVC, a web framework built around the Spring Framework. Originally based on a rich hierarchy of controller classes, Spring MVC served developers well, but began to look a little long in the tooth compared to other web frameworks.
Fast-forward to 2014. With Spring 4.0, Spring MVC is vastly different than its 1.0 namesake. The annotation-driven programming model has been improved, making it more powerful, more flexible, and incredibly simple to work with.
In this session, I'll show you how to secure your Spring application with Spring Security 3.2. You'll see how to declare both request-oriented and method-oriented security constraints. And you'll see how SpEL can make simple work of expressing complex security rules.
Although we may invite guests into our homes and give someone a ride in our car, we locks and alarms on our homes and our cars to keep uninvited and malicious visitors out. Similarly, we allow people to use the applications that we develop, but we probably want to control the access that they have.
Security is an important aspect of any application. And while we could program security rules into the web controllers and methods in our application, we'd find ourselves cluttering our business logic with repetitive security code. Security is a cross-cutting concern–begging to be handled with aspect-oriented techniques.
Spring Security is an authentication and access-control framework based on Spring that provides security aspects. With Spring Security, you can declare who is allowed to access your application and what they're allowed to see, keeping your application logic focused and uncluttered with security details.
This presentation seeks to provide a solid introduction to the fundamentals of DDD. Learn why modeling a complex business domain in software is so advantageous to your business and ways in which your team can go about delivering software models to give your business a competitive edge.
The philosophy of domain-driven design (DDD) – first described by Eric Evans in his book [of the same name – is about placing our attention at the heart of the application, focusing on the complexity that is intrinsic to the business domain itself. We also distinguish the core domain (unique to the business) from the supporting sub-domains (typically generic in nature, such as money or time), and place appropriately more of our design efforts on the core.
Domain-driven design consists of a set of patterns for building enterprise applications from the domain model out. In your software career you may well have encountered many of these ideas already, especially if you are a seasoned developer in an OO language. But applying them together will allow you to build systems that genuinely meet the needs of the business.
The premise of domain-driven design is two-fold:
Domain-driven design is not a technology or a methodology. It is a way of thinking and a set of priorities, aimed at accelerating software projects that have to deal with complicated domains.
Note: Laptops are not required - there is no hands-on coding for this workshop.
This workshop consists of lecture and participation exercises.
Note that there is no hands-on coding for this workshop so laptops will not be required. Bring materials for taking notes.
Not every part of a software system will be well-designed. How do you know where to put the time and effort to refine the design, or refactor existing code? Learn how strategic Domain-Driven Design (DDD) patterns can show you how to know which parts of your system matter most to your business and how to focus your team's design efforts most effectively.
Context mapping and Core Domain are key concepts in DDD, providing valuable techniques and insights into where to focus your design attention, yet most developers have never heard of them. This session will introduce the tools of strategic DDD and show you how they can shine a light on your design challenges.
Come on a guided tour of how applying Domain-Driven Design (DDD) building block patterns can make your code cleaner, more expressive, and more amenable to change. We cover examples of DDD patterns such as entities, value objects, closure of operations and side-effect-free functions. We will focus particularly on how implementing value objects can lead to more supple design.
When good design really matters, DDD building block patterns enable your design to model the business domain you are working with more richly. They allow you to collaborate with domain experts to build deep, useful models of the domain in your code that solve difficult business problems with elegance and simplicity.
This is a highly interactive modeling session which walks through diagrams and code samples to demonstrate how the application of these patterns to modeling can make writing and reading coding fun again, while improving the effectiveness of the code you write. Come prepared to think, ask and answer questions, and learn how to write the best code where it matters most.
Alternative databases continue to establish their role in the technology stack of the future—and for many, the technology stack of the present. Making mature engineering decisions about when to adopt new products is not easy, and requires that we learn about them both from an abstract perspective and from a very concrete one as well. If you are going to recommend a NoSQL database for a new project, you're going to have to look at code.
In this talk, we'll examine three important contenders in the NoSQL space: Cassandra, MongoDB, and Neo4J. We'll review their data models, scaling paradigms, and query idioms. Most importantly, we'll work through the exercise of modeling a real-world problem with each database, and look at the code and queries we'd use to implement real product features. Come to this session for a thorough and thoroughly practical smackdown between three important NoSQL products.
Neo4j is an open-source, enterprise-class database with a conventional feature set and a very unconventional data model. Like the databases we're already used to, it offers support for Java, ACID transactions, and a feature-rich query language. But before you get too comfortable, you have to wrap your mind around its most important feature: Neo4j is a graph database, built precisely to store graphs efficiently and traverse them more performantly than relational, document, or key/value databases ever could.
Neo4j is an obvious fit to anyone who thinks they have a graph problem to solve, but this is not many people. It turns out that the most interesting property of Neo4j is its architectural agenda. It wants you to think of the entire world as a graph—as a set of connected information resources. Steeped in the thinking of resource oriented architecture, this NoSQL database wants to change the way you look at your world, and unlock new value in your data as a result.
Developing a rich user interface for web applications is both exciting and challenging. HTML 5 has closed the gaps and once again brought new vibe into programming the web tier. Come to this session to learn how you can make use of HTML 5 to create stellar applications.
.
Attendees are expected to pair up and work on the labs. Software requirements:
Learning the syntax of a new language is easy, but learning to think under a different paradigm is hard.
Learning the syntax of a new language is easy, but learning
to think under a different paradigm is hard. This session
helps you transition from a Java writing imperative programmer to a
functional programmer, using Java, Clojure and Scala for
examples. This session takes common
topics from imperative languages and looks at alternative ways of
solving those problems in functional languages. As a Java developer, you know how to achieve code-reuse
via mechanisms like inheritance and polymorphism. Code reuse is
possible in functional languages as well, using high-order
functions, composition, and multi-methods. I show examples from my book Functional Thinking of shifting your perspective on problems, ceding messy details to the language, working smarter, not harder, and how to deal with multiparadigm languages.
Why is Clojure the best new language on the JVM? Come to this session and see why this functional, dynamic Lisp is the best thing on the JVM since Java.
Clojure is the most interesting new language on the horizon, but many developers suffer from the Blub Paradox when they see the Lisp syntax. This talk introduces Clojure to developers who haven't been exposed to it yet, focusing on the things that truly set it apart from other languages. I discuss all of Clojure's syntax (in about 10 minutes), then delve into fascinating features like destructuring, building macros like thread-first
and thread-last
, the Atomic Succession Model of Concurrency, Clojure's use of Protocols
to organize code and solve The Expression Problem, and many more cool features. Come see why some of our most sophisticated projects are using Clojure.
Gradle. Another build tool? Come on! But before you say that, take a look at the one you are already using.
Whether your current tool is Make, Rake, Ant, or Maven, Gradle has a lot to offer. It leverages a strong object model like Maven, but a mutable, not predetermined one. Gradle relies on a directed acyclic graph (DAG) lifecycle like Maven, but one that can be customized. Gradle offers imperative build scripting when you need it (like Ant), but declarative build approaches by default (like Maven). In short, Gradle believes that conventions are great – as long as they are headed in the same direction you need to go. When you need to customize something in your build, your build tool should facilitate that with a smile, not a slap in the face. And customizations should be in a low-ceremony language like Groovy. Is all this too much to ask?
Gradle has received the attention of major open source efforts and has chalked up significant conversions by the Spring Integration, Hibernate, and Grails projects. What do these technology leaders see in this bold new build tool? They see not only a better way to build Java applications, but an extensive ecosystem of connecting to existing Ant and Maven build files while expanding the horizon of test, CI, and deployment automation in an easy manner. Join us for 90 minutes and let us take you on this same walk of discovery of the most innovative build tool you've ever seen.
java -version
and javac -version
reporting back a 1.6.x series version number in both cases.JAVA_HOME
environment variable set to point to the JDK (not a JRE)Google “MongoDB is Web Scale” and prepare to laugh your tail off. With such satire, it easy to pass off MongoDB as a passing joke… but that would be a mistake. The humor is in the fact there seems to be no end to those who parrot the MongoDB benefits without a clue. This session is about getting a clue.
Get past the hype and hyperbole associated with NoSQL. This session will introduce MongoDB through live working sessions demonstrating the pros and cons of MongoDB development. The session will then focus on a recent short project focused on large scale. We’ll discuss database design to support high scale read access. Throughout this case study we will discuss the consequences of the MongoDB choice. The session will finish with a review of the production topology to support growth in scale.
Of all the non-functional requirements of software development, complexity receives the least attention and seems to be the most important from a long term standard point. This talk will look at some of forces that drive complexity at the code level and at a system level and their impact. We will discuss what causes us to over look complexity, how our perception of it changes over time and what we can do about it?
In this session we will break down the meaning of complexity and simplicity and measure the application of those means against the common software development dogma. Looking at common development trends and pressures, we'll discuss where simplify does and doesn't help. We will examine areas of development which at first glance seem to be simple (such as the creation of an equals method in Java), that end up being difficult or impossible based on normal constraints. We will example the drivers of complexity with some discussion on what you can do about it. This session will finish with a discussion around several challenges to high scale software architectures and how to keep it simple.
Time is very precious and is often threatened by phone calls, emails, co-workers, bosses, and most of all, yourself. The Pomodoro Technique reigns in unfocused time and gives your work the urgency and the attention it needs, and it's done with a kitchen timer.
In this presentation we discuss how to set up, estimate time, log time, deal with interruptions, and integrate with Agile as a team. We discuss timer software and even some of the great health benefits of the Pomodoro Technique.
Scala is known for both its clarity in some cases, and its obscurity in others. Well, this presentation sticks with the obscurity. We will cover abstract types, the Predef, implicit conversions, creating infix types, singleton types, type variance, type bounds, type variance, partially applied functions vs. partial functions, type projections, and overcoming type erasure using Manifests.
This presentation is geared in at the programmer level and not at a scientific level, with no type theory or calculus. Basic knowledge of Scala is preferrable, though not required. Asking tough questions is mandatory.
You've heard a bit about Git, Gradle, Jenkins, and Sonar, but are you putting them to use? Are you maximizing what they can offer in terms of standardized project models, faster incremental compiles, automated commit-triggered builds, and rapid source code analysis? In this intense presentation, live demonstrations will be given for all of the latest versions of the aforementioned tools and what they have to offer a highly proficient Java developer.
Don't struggle to get the build out, functioning, and analyzed. Develop, build, analyze and deploy smartly and efficiently with a Build Lifecycle Craftsmanship approach and tooling.
Git is a version control system you may have been hearing a bit about lately. But simply hearing more about it may not be enough to convince you of its value. Getting hands on experience is what really counts. In this workshop, you'll bring your Windows, Mac or Linux laptop and walk through downloading, installing, and using Git in a collaborative fashion.
The workshop style of this class will allow you to observe and discover the value of this new version control tool first hand. You'll be cloning, creating, commiting, and pushing repositories by the conclusion of this session.
git
is on your PATH
(in the environment variable list of paths)Many Git classes successfully focus on the basics for those new to DVCS. However, with Git having 7 years on the street now, there is a growing desire to address the maturing users of this innovative DVCS. This class will take existing Git users and bring them to a heightened level of productivity by leveraging Git's powerful, yet under-used advanced features.
Git has established itself as an important new version control system and many progressive developers have already moved to this exciting system. After a few months of using the basics, passionate developers may begin to wonder what advanced features Git has to offer. These advanced Git usages are scarcely documented, and for the first time in a live class, they are demonstrated in an easy-to-grasp form with the use case, operation, and behavior all thoroughly explained.
Students must have used Git use in the workplace for several months before attending this talk in addition to setting up Git according to http://teach.github.com/articles/github-class-prerequisites/
Many Git classes successfully focus on the basics for those new to DVCS. However, with Git having 7 years on the street now, there is a growing desire to address the maturing users of this innovative DVCS. This class will take existing Git users and bring them to a heightened level of productivity by leveraging Git's powerful, yet under-used advanced features.
Git has established itself as an important new version control system and many progressive developers have already moved to this exciting system. After a few months of using the basics, passionate developers may begin to wonder what advanced features Git has to offer. These advanced Git usages are scarcely documented, and for the first time in a live class, they are demonstrated in an easy-to-grasp form with the use case, operation, and behavior all thoroughly explained.
Students must have used Git use in the workplace for several months before attending this talk in addition to setting up Git according to http://teach.github.com/articles/github-class-prerequisites/
Technology changes, it's a fact of life. And while many developers are attracted to the challenge of change, many organizations do a particularly poor job of adapting. We've all worked on projects with, ahem, less than new technologies even though newer approaches would better serve the business. But how do we convince those holding the purse strings to pony up the cash when things are “working” today? At a personal, how do we keep up with the change in our industry?
This talk will explore ways to stay sharp as a software professional. We'll talk about how a technology radar can help you stay marketable (and enjoying your career) and how we can use the same technique to help our companies keep abreast of important changes in the technology landscape. Of course it isn't enough to just be aware, we have to drive change - but how? This talk will consider ways we can influence others and lead change in our organizations.
Alistair Cockburn has described software development as a game in which we choose among three moves: invent, decide, and communicate. Most of our time at No Fluff is spent learning how to be better at inventing. Beyond that, we understand the importance of good communication, and take steps to improve in that capacity. Rarely, however, do we acknowledge the role of decision making in the life of software teams, what can cause it to go wrong, and how to improve it.
In this talk, we will explore decision making pathologies and their remedies in individual, team, and organizational dimensions. We'll consider how our own cognitive limitations can lead us to to make bad decisions as individuals, and what we might do to compensate for those personal weaknesses. We'll learn how a team can fall into decisionmaking dysfunction, and what techniques a leader might employ to healthy functioning to an afflicted group. We'll also look at how organizational structure and culture can discourage quality decision making, and what leaders to swim against the tide.
Software teams spend a great deal of time making decisions that place enormous amounts of capital on the line. Team members and leaders owe it to themselves to learn how to make them well.
When you want to measure fractions of a millimeter, you get a micrometer. When you want to measure centimeters, you get a ruler. When you want to measure kilometers, you might use a laser beam. The abstract task is the same in all cases, but the tools differ significantly based on the size of the measurement.
Likewise, there are some computations that can be done quickly on data structures that fit into memory. Some can't fit into memory, but will fit on the direct-attached disk of a single computer. But when you've got many terabytes or even petabytes of data, you need tooling adapted to the scale of the task. Enter Hadoop.
Hadoop is a widely-used open source framework for storing massive data sets in distributed clusters of computers and efficiently distributing computational tasks around the cluster. Come learn about the Hadoop File System (HDFS), the MapReduce pattern and its implementation, and the broad ecosystem of tools, products, and companies that have grown up around this ground-breaking project.
In the words of John Gage, “The network is the computer”. At the heart of everything we do is a complex system of infrastructure from which we are often abstracted. For general application development this abstraction provides the convenience of simplifying our efforts. With a growing number of mobil applications with intermittent connectivity and higher latency, and with increased hostility on the network from a security standpoint, there is great value in pulling back the curtain and understanding the details of this computer.
This session will start with the underlying understanding of networking at a low level. At this level we will discuss, IP, MAC, ARP, DNS and DHCP. As we walk up an abstraction level, we discuss sockets, NAT, gateways and firewalls along with the use of TCP and UDP. Spending some time at this layer can make network developers more productive, as we look at tools which help us answer the question, “who owns this port?“, “where is this packet going?” and “What is my latency and why?“.
The session will end with a little fun looking at wifi, where will we sniff, snort, crack:) From a security stand point we will look at the challenges of wifi and how it has become the weakest component on the net.
This session is extremely fast-pace. The attendees will come away with a more enhanced understanding of the this thing we call the internet. It will include through discussion or demonstration tools such as tcproute, tcpdump, nemesis, nmap, tcpmon and wireshark.
The first in a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.
The REpresentational State Transfer (REST) architectural style has emerged as a winning strategy for building scalable, flexible, resilient systems that lead with an information focus. Far from being the simple “Web Services through URLs” idea many people have about them, REST-based systems require a new perspective, a fair amount of consideration and the discipline to look beyond simple point-to-point interactions.
The benefits are exciting and provide a gateway to a whole new world of information technology. This first talk will be an introductory session covering the basics of the REST architectural style.
The second in a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.
People already familiar with REST (or who have attended the first session) will be walked through the deeper topics of building Level 3 Hypermedia-based RESTful systems, security, content negotiation, etc.
The third in a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.
The move to a good REST API yields an explosive combination of options due to content-negotiation and arbitrary workflows. At the same time, the uniform interface you project (representations, how you respond to verbs, response codes, etc.) becomes your contract with your clients. The API itself becomes a completely transportable, reusable bit of organizational knowledge when done well. Testing it sufficiently will give you a safety net but may drive you crazy unless you do it right. We will walk through the use of Behavior-Driven Development (BDD) to test these kinds of APIs.
We will highlight the problems of sufficiently testing REST APIs while providing a rich and relatively straight-forward solution to the problem. We will use a Behavior-Driven Development (BDD) tool like Cucumber to establish reusable steps and comprehensive, but lightweight testing strategies for testing REST APIs.
This talk will not be an introduction to REST. If you have come to the REST I or REST II talk, or have a good understanding, it should be very accessible.
The Web is changing faster than you can imagine and it is going to continue to do so. Rather than starting over from scratch each time, it builds on what has succeeded already. Webs of Documents are giving way to machine-processable Webs of Information. We no longer care about data containers, we only care about data and how it connects to what we already know.
Roughly 25% of the Web is semantically marked up now and the search engines are indexing this information, enriching their knowledge graphs and rewarding you for providing them with this information.
In the past we had to try to convince developers to adopt new data models, storage engines, encoding schemes, etc. Now we no longer have to worry about that. Rich, reusable interface elements like Web Components can be built using Semantic Web technologies in ways that intermediate developers don’t have to understand but end users can still benefit from. Embedded JSON-LD now allows disparate organizations to communicate complex data sets of arbitrary information through documents without collaboration.
Perhaps the concepts of the Semantic Web initiative are new to you. Or perhaps you have been hearing for years how great technologies like RDF, SPARQL, SKOS and OWL are and have yet to see anything real come out of it.
Whether you are jazzed or jaded, this workshop will blow your mind and provide you with the understanding of a technological shift that is already upon us.
In this workshop, we will:
Explain the Web and Web architecture at a deeper level
Apply Web and Semantic Web technologies in the Enterprise and make them work together
Integrate structured and unstructured information
Create good, long-lived logical names (URIs) for information and services
Use the Resource Description Framework (RDF) to integrate documents, services and databases
Use popular RDF vocabularies such as Dublin Core, FOAF
Query RDF and non-RDF datastores with the SPARQL query language
Encode data in documents using RDFa and JSON-LD
Create self-describing, semantic Web Components
Model and use inferencing with the Web Ontology Language (OWL)
The Web is changing faster than you can imagine and it is going to continue to do so. Rather than starting over from scratch each time, it builds on what has succeeded already. Webs of Documents are giving way to machine-processable Webs of Information. We no longer care about data containers, we only care about data and how it connects to what we already know.
Roughly 25% of the Web is semantically marked up now and the search engines are indexing this information, enriching their knowledge graphs and rewarding you for providing them with this information.
In the past we had to try to convince developers to adopt new data models, storage engines, encoding schemes, etc. Now we no longer have to worry about that. Rich, reusable interface elements like Web Components can be built using Semantic Web technologies in ways that intermediate developers don’t have to understand but end users can still benefit from. Embedded JSON-LD now allows disparate organizations to communicate complex data sets of arbitrary information through documents without collaboration.
Perhaps the concepts of the Semantic Web initiative are new to you. Or perhaps you have been hearing for years how great technologies like RDF, SPARQL, SKOS and OWL are and have yet to see anything real come out of it.
Whether you are jazzed or jaded, this workshop will blow your mind and provide you with the understanding of a technological shift that is already upon us.
In this workshop, we will:
Explain the Web and Web architecture at a deeper level
Apply Web and Semantic Web technologies in the Enterprise and make them work together
Integrate structured and unstructured information
Create good, long-lived logical names (URIs) for information and services
Use the Resource Description Framework (RDF) to integrate documents, services and databases
Use popular RDF vocabularies such as Dublin Core, FOAF
Query RDF and non-RDF datastores with the SPARQL query language
Encode data in documents using RDFa and JSON-LD
Create self-describing, semantic Web Components
Model and use inferencing with the Web Ontology Language (OWL)
As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.
This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.
The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.
Attendees will come away with the following skills / capabilities:
Don't be the weakest link on the web!
As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.
This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.
The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.
Attendees will come away with the following skills / capabilities:
Don't be the weakest link on the web!
JodaTime is Java Date/Time and Calendering done right. There are many problems with the original Date/Time API that came prepackaged in the early Java days. There are even
One of the obvious issues is that Calendar is mutable and can unintentionally be changed. Another issue is that constructing Calendars in Java involves setting certain fields at certain times during coding, but not always getting the expected result. Joda Time repairs those issues and offers a robust and immutable date, time, and duration API.
In Joda Time and a Brief History of the World, I provide a quick rundown of calendaring throughout the centuries, describe UTC, compare UTC to GMT, discuss how time is calculated, and then dive into Joda Time in every popular JVM language. The end result provides the audience with compelling proof that Joda Time should always be their Date Time API of choice.
The single most important tool in any developers toolbox isn't a fancy IDE or some spiffy new language - it's our brain. Despite ever faster processors with multiple cores and expanding amounts of RAM, we haven't yet created a computer to rival the ultra lightweight one we carry around in our skulls - in this session we'll learn how to make the most of it. We'll talk about why multitasking is a myth, the difference between the left and the right side of your brain, the importance of flow and why exercise is good for more than just your waist line.
The single most important tool in any developers toolbox isn't a fancy IDE or some spiffy new language - it's our brain. Despite ever faster processors with multiple cores and expanding amounts of RAM, we haven't yet created a computer to rival the ultra lightweight one we carry around in our skulls - in this session we'll learn how to make the most of it. We'll talk about why multitasking is a myth, the difference between the left and the right side of your brain, the importance of flow and why exercise is good for more than just your waist line.
Successful projects require any number of practices but if you don't know who you're building it for or what you're supposed to build, failure is a distinct possibility. How do we capture the who and what? Personas and story maps are two effective techniques that you can leverage. After discussing the basics, we'll break into small groups and you'll have a chance to actually try building a set of personas as well as a story map.
Personas are a time tested technique to help teams understand their users and facilitate building the right interface. While personas are often backed by extensive ethnographic research, they don't require months and months of effort.
Of course just knowing who we're building for is only part of the picture, we have to know what our users are trying to do. Wether you favor use cases, user stories or more traditional requirements documents, at the end of the day our customers are using our application to further some other goal.
The word just came down from the VP - you need a mobile app and you need it yesterday. Wait, you've never built a mobile app…it's pretty much the same thing as you've built before just smaller right? Wrong. The mobile experience is different and far less forgiving. How do you design an application for touch? How does that differ from a mouse? Should you build a mobile app or a mobile web site? This talk will get you started on designing for a new, and exciting, platform. Whether that means iPhone, Android, Windows Phone or something else, you need a plan, this talk will help.
The word just came down from the VP - you need a mobile app and you need it yesterday. Wait, you've never built a mobile app…it's pretty much the same thing as you've built before just smaller right? Wrong. The mobile experience is different and far less forgiving. How do you design an application for touch? How does that differ from a mouse? Should you build a mobile app or a mobile web site? This talk will get you started on designing for a new, and exciting, platform. Whether that means iPhone, Android, Windows Phone or something else, you need a plan, this talk will help.
Mobile is the next big thing and your company needs to there. But what does there actually entail? Should you build a native app? On which platforms? Do you have the skills for that? What about the web? Can you deliver an awesome experience using nothing but a mobile web browser? This talk will help you navigate these treacherous waters. We'll discuss the pros and cons of the various approaches and give you a framework for choosing.
Mobile is the next big thing and your company needs to there. But what does there actually entail? Should you build a native app? On which platforms? Do you have the skills for that? What about the web? Can you deliver an awesome experience using nothing but a mobile web browser? This talk will help you navigate these treacherous waters. We'll discuss the pros and cons of the various approaches and give you a framework for choosing.
Whether you are just getting started, or you’ve made an attempt and well… it could be better… a lot better, this session is for you. Ken has been working on Agile projects as a coach and mentor for a number of years. Come discover the common reasons teams fail to get it right. Bring your own challenges and lets discuss. This is set to be an engaging and illuminating discussion.
This can be a dynamic discussion where challenges facing attendees may have us to focus on some areas and tips of agile development. We will certainly talk about how team or management choices to deviate from core agile practices add risk to a project with suggestions on how to resolve many of these challenges.
Today’s interconnected world requires that organizations rapidly deliver flexible-integrated solutions. The conventional approach is to integrate heterogeneous applications using web services but unfortunately that tends to tightly couple those applications. In this session we will explore several alternatives for achieving Enterprise Integration Agility.
Public Web APIs are increasing at an exponential rate resulting in an ever more connected web. This connected contagion is not just relegated to the domain of Web 2.0 but has infected the corporate world. In fact, companies are becoming more reliant on Software as a Service (SAAS) to provide key business functions.
Combating this contagion requires an approach that provides a type of insurance against constant change and lays the foundation for evergreen enterprise solutions. In this session we will explore three popular architectural styles including Message Oriented, Service Oriented, and Resource Oriented Architecture that are used to achieve Enterprise Integration Agility. In addition, I will provide examples of each architectural style using ActiveMQ/Camel, Mule ESB, and NetKernel.
Spock is a groovy based testing framework that leverages all the “best practices” of the last several years taking advantage of many of the development experience of the industry. So combine Junit, BDD, RSpec, Groovy and Vulcans… and you get Spock!
This is a significant advancement in the world of testing.
This session assumes some understanding of testing and junit and builds on it. We will introduce and dig deep into Spock as a test specification and mocking tool.
This presentation covers the Guava library developed by Google (http://code.google.com/p/guava-libraries/). Guava provides collection extensions to the Java Collection API and, along with this, a cornucopia of time-saving utilities that bring Java as close as possible to some of the more functional and dynamic language competitors like Scala, Ruby, and Clojure.
This presentation focuses on the following topics: how to make Predicates and Functions; how to use new collection constructs that make life easier, including MultiMap, BiMaps, and MultiSets; how to set up and use Guava preconditions; and how to create truly immutable collections, and more. All of this is done with Java.
In this RESTful Imaginarium you will learn about about the core concepts of REST demonstrated through leading RESTful web service frameworks, Jersey (JAX-RS), Restlet, Spring MVC and NetKernel. During this daydream you will learn about the fallacies of URL parameters, the debate of PUT vs. POST and the power of HATEOAS.
RESTful web services have become the preferred approach to synchronously integrate heterogeneous systems. The REST Architectural Style’s success is due in large part to its simplicity and the fact that it is based based on a small set of widely accepted standards, such as HTTP. Furthermore REST requires far fewer development steps, toolkits and execution engines than conventional SOAP web services.
This session covers the core concepts of REST and then walks through how to design and implement RESTful web services using leading RESTful web service frameworks, Jersey (JAX-RS), Restlet, Spring MVC and NetKernel.
Traditional concurrent development on the Java Platform requires in depth knowledge of threads, locks, and queues (oh, my!). Fortunately, new functional languages that run on the Java Platform, such as Scala, have made concurrent programming easier.
An alternate approach is to implement concurrent processes using a resource oriented computing (ROC) platform. At the heart of this ROC platform is a microkernel that allows processing to scale linearly as more CPUs are added. Consequently, developers are freed from the complexity of Java concurrency and functional programming.
In this session, I will provide an overview of resource-oriented concurrent programming using 1060 Research’s NetKernel. I will then present examples that compare and contrast this approach against concurrent programming using Java and Scala.
Winston Churchill famously said, “First we shape our buildings, and afterwards, our buildings shape us.” He was talking about the reconstruction of the House of Parliament, which was damaged in a bombing raid in World War II. There was a debate about how to shape the chamber to best accommodate the deliberative activity of the body that met in it. Churchill was talking about buildings, but it turns out his insight is a very general one indeed.
Developers are constantly debating their choices of language, platform, editor, methodology, and even where to put the curly braces. The robust internal dialog in community is a healthy thing, but our debates are often focused on the wrong topics. Have you ever compared languages by performance benchmarks? Platforms by alleged claims of developer productivity? Methodologies by feature velocity? There is a very good chance you're doing it wrong.
Rather than focus on the material content of our debates—language performance, editor productivity, methodological velocity—we should take Churchill's advice and think about the form of our choices. How will our choice of language influence the way we solve future problems? What assumptions does our methodology make about the nature of work? How will our choice of database affect the kinds of problems we think of as solvable?
Drawing on lessons from building architecture, literature, music, the visual arts, and even software itself, we'll learn the priority of interpreting the form of things before attempting to understand their content. You may never look at software architecture the same way again.
Domain Specific Languages have two main characteristics, fluency and context. Creating external DSLs has the advantage of good validation. However, we have to struggle with parsers. Internal DSLs offer the benefit of using the language as the host and its compiler as the parser. For a language to be a host, it needs two important characteristics: low-ceremony and metaprogramming.
In this workshop you will learn how to create internal DSLs using Groovy metaprogramming and scripting techniques. We will start with a short warmup of metaprogramming techniques and then dive into creating DSLs.
Attendees are expected to pair up and work on the labs. Software requirements:
JavaScript is one of those very powerful languages that is often misunderstood and underutilized. It's quite popular, yet there's so much more we can do with it.
In this presentation we'll deep dive into the capabilities and strengths of this prominent language of the web.
This session will teach you best practices and patterns for doing Continuous Delivery / Continuous Deployment in Cloud environments. You will learn how to handle schema migrations, maintain dev/prod parity, manage configuration and scaling.
This session will use Heroku as an example platform but the patterns could be implemented anywhere.
In this session, we're going to combine the magic of Spring Boot and the magic of Spring Data to yield something even more powerful. You'll see how to quickly build an application's persistence layer, whether it stores data in a RDBMS, Mongo, Neo4j, or several other popular data stores. You'll also see how to create a functioning REST API with nothing more than an interface and a domain type.
Spring Boot dramatically simplifies application development with Spring. But before Spring Boot came along, Spring Data was already making developers' lives easy when it comes to working with data. When combined, Spring Data and Spring Boot can make data persistence the easiest part of your application.
In this session, we'll look at OAuth, focusing on OAuth 2, from the perspective of an application that consumes an OAuth-secured API as well as see how to use OAuth to secure your own APIs.
Web security is nothing new. As users of the web, we're all accustomed to entering our usernames and fumbling to recall our passwords when trying to access private data on one of the many online services we use. But while traditionally web security could be described as a two-party process between a web application and a user, the modern web involves applications that seek to access other applications on behalf of their users. This presents some new challenges in keeping a user's sensitive data secure while still allowing a the third party application to access it.
OAuth is an open standard for authorization, supported by many online services, that allows one application to access a user's data in another application, all while giving the user control of what information is shared.
Have you looked into Scala? Scala is a new object-functional JVM language. It is statically typed and type inferred. It is multi-paradigm and supports both object oriented and functional programming. And it happens to be my favorite programming language.
If you are interested in Scala, how you are planning to learn Scala? You probably are going to pick up a book or two and follow through some examples. And hopefully some point down the line you will learn the language, its syntax and if you get excited enough maybe build large applications using it. But what if I tell you that there is a better path to enlightenment in order to learn Scala?
Scala Koans, a set of test cases that will teach you Scala language. The Scala koans will help the audience learn the language, syntax and the structure of the language through test cases. It will also teach the functional programming and object oriented features of the language. Since learning is guided by failing tests it allows developers to think and play with the language while they are learning.
Namaste,
For those planning to attend the Scala Koans…
Welcome to Scala Koans!
Scala Koans is an interactive session that puts the programming and learning in your hands. Therefore, a laptop is required by all participants. If you do not have a laptop, then perhaps you have a friend with a laptop, is so, well, that would work too. In order to participate in the Scala Koan endeavor, a few things are required:
The process of actually running the koans will be covered during the session. Unfortunately, Internet connectivity is sometimes a dicey affair and at times it can rain on our parade. To avoid having to wait for the install at the conference you can prepare for the koans before the conference! If you don't have the opportunity to do this, we will have either memory sticks or private networks at the conference.
If you want to get started with the set up:
Before attending the koans session, you may want to take the opportunity to load some Scala Plugins onto your favorite IDE and Editor. Below is a list of resources that you can use to enhance your environment so that you can enjoy Scala syntax highlighting and other helpful tools like refactoring, debugging and analysis.
Eclipse - The Eclipse has an IDE plugin for Scala called aptly scala-ide. All the information about the plugin can be found at http://scala-ide.org including an easy to follow along video located at http://scala-ide.org/docs/current-user-doc/gettingstarted/index.html
IntelliJ - IntelliJ has a Scala plugin that can be found by going to Settings -> Plugins, clicking on 'Browse Repositories' button and searching for the 'Scala' plugin on the left. Right click on the 'Scala' and choose 'Install'. IntelliJ will prompt you to restart the IDE, do so, and enjoy.
NetBeans - Currently, Github user 'dcaoyuan' hosts a NetBeans Scala plugin at the address: https://github.com/dcaoyuan/nbscala. I have not tried this out since the number of NetBeans users has shrunk in recent years. If you are an avid NetBeans user, and wish to try it, you can let me know the results during the session. There is additional information at: http://wiki.netbeans.org/Scala
Emacs - Github user 'aemoncannon' has created 'ENSIME' (ENhanced Scala Interaction Mode for Emacs) at the address and has a great following. https://github.com/aemoncannon/ensime with some documentation at http://aemoncannon.github.io/ensime.
VIM - For VIM users you can use https://github.com/derekwyatt/vim-scala as a VIM plugin that offers Scala color highlighting
That is it. Hope to see you soon.
You're all over jQuery - you write plugins in your sleep - and before that, you were a Prototype ninja. Your team treats JavaScript like a first class citizen, you've even written more tests than Kent Beck. Is that all there is in the land of the JavaScript developer? Believe it or not, the JavaScript party hasn't stopped. What other libraries are out there? What do they offer? This talk will survey the field of modern JavaScript libraries getting you up to speed on what's new. We'll dive in just deep enough to whet your appetite on a wide variety of libraries such as Backbone, Underscore, Zepto and more.
You're all over jQuery - you write plugins in your sleep - and before that, you were a Prototype ninja. Your team treats JavaScript like a first class citizen, you've even written more tests than Kent Beck. Is that all there is in the land of the JavaScript developer? Believe it or not, the JavaScript party hasn't stopped. What other libraries are out there? What do they offer? This talk will survey the field of modern JavaScript libraries getting you up to speed on what's new. We'll dive in just deep enough to whet your appetite on a wide variety of libraries such as Backbone, Underscore, Zepto and more.