RSS

Monthly Archives: December 2016

From Java Source to Bare Metal, Part Two: The Desolation of Bytecode

Episode 50

In the previous episode, we started a journey through layers of abstraction of modern back-end web application. As a response to unexpected request, a Hobbit object is going to an adventure, and must travel safely across the technology stack. We seek an answer to the question what happens between Java code and the physical machine. Perhaps, even further.

Our Hobbit leaves the, yet familiar, plain of web framework and goes deep down under the Misty Server Mountains.

Riddles in the Dark: The Server

The code sits atop of web framework, and web framework sits atop of web server. That was mostly true until recently. Now, with Spring Boot, it is common that instead of deploying packed application to the server, there is a fat jar that contains embedded server inside an application. No configuration, no deployment, just running a single jar. Simple solution for simple problems, but of course it’s no silver bullet and might not fit everywhere. How does the server and the application fit together?

bilbo_in_gollums_cave

There are different tiers of servers, as I wrote some time ago. The largest that we care about are application servers, like Read the rest of this entry »

 
3 Comments

Posted by on December 29, 2016 in Technology

 

Tags: , , , ,

From Java Source to Bare Metal, Part One: An Unexpected Request

Episode 49

Imagine you are developing a web application based on a typical modern technology stack. In essence, the goal is to create something that receives requests from the network, processes them, and responds to them with some kind of structured data. It can be a fancy HTML webpage to be displayed in client’s web browser or it can be a raw text object to be consumed by another application web API. Have you ever wondered what exactly is going on behind the scenes? What is happening between the moment when the code you wrote is executed and the moment when electrical impulses jumps the network cable sticking out of that metal box in the data center? Let me take you on the journey along numerous layers of abstraction in modern software stack that must be bypassed to make things happen.

There and Back Again: Abstractions

Programming is all about abstractions. We endlessly put one layer above the other in order to deal with tremendous complexity of software and hardware. Often, we ignore most of the layers to focus on solving the actual problem at hand. In principle, sending a JSON object over the network might seem like an easy task with modern tools and frameworks. You generate the project, tweak just a little bit here and there, write one method with few annotations and there you go, it works. But the engineering problem of making this possible in an easy, fast, secure, reliable, scalable and manageable way is gargantuan. Looking at the big picture, it’s probably an effort of hundreds of thousands of software developers, architects, electronic and electrical engineers, computer scientist and mathematicians, spanned over several decades of work. All that, to let you do the job in a single pomodoro.

248900

Of course, to develop decent software, you don’t necessary have to understand exactly how all this works, it’s probably not even possible for a single human being to grasp all that in every detail. I believe however Read the rest of this entry »

 
5 Comments

Posted by on December 22, 2016 in Spring, Technology

 

Tags: , , , , ,

Software Talks Rzeszów Dec 2016 and banking apps security

Episode 48

Software Talks is a recurring event organized by PGS Software, consisting of tech talks, beer, pizza and a lot of fun. Some time ago I wrote about the two September editions in Wrocław and Gdańsk, in which I took part as a speaker. On December 8th there was another event, this time in Rzeszów, a city located in south-eastern Poland. I was a speaker for the third time in a row, but for the first time with my colleague Tomasz Zieliński, who recently made a lot of noise in Polish banking environment, preparing a report, which exposed several critical security issues and other major problems in their mobile banking applications. If you read my article about working for different types of companies, you might have noticed that I’m not a big fan of banks’ approach to software development, so I’m going to elaborate on Tomasz findings without mercy.

Background

Last time on Software Talks I spoke with Piotr Konieczny, Polish security expert. This time there was an idea to focus more on Java / software development topics, so I was on a mission to find a second Java speaker. I found one, but at the last moment some issues appeared and he couldn’t make it, so his place was taken by Tomasz, who is actually our Android expert.

15192729_1352447311446640_7009143606265597268_n

It was kind of a busy week for me, as I was three days in Berlin with our client, arrived in Wrocław on Wednesday evening, and an hour later I was in a car with Read the rest of this entry »

 
Leave a comment

Posted by on December 15, 2016 in News, Technology

 

Tags: , , ,

API management tools

Episode 47

Long time ago, the Internet was full of proud and secluded applications, that relied on themselves to provide service. However, services were becoming more and more complicated, also technologies and protocols for connecting with other applications became more standardized. It became obvious that collaboration and specialization is required to survive. Applications thus started to be more specialized, talk to each other much more, and the level of digital interconnection skyrocketed. Along with that, did the market of solutions for managing web APIs.

Do I need API?

Most likely you do. Imagine a big corporation that is building HR system. They want the module related to business travel for planning and reporting. Is there a point in writing everything from scratch? If you plan travel, let’s ask someone who is already good at it. If you want to buy a ticket from A to B, there are companies that provide travel meta search service, both via website and API.

internet-of-things_high_res.jpg

Those companies need data, so they ask someone who possess it – bus and train operators, airlines, car rentals and perhaps other travel meta search companies. Maybe, when planning travel, especially the end points, we might want to specify an address. How do we know that address is correct? We should ask someone who Read the rest of this entry »

 
2 Comments

Posted by on December 8, 2016 in Technology

 

Tags: , , , ,

FutureDevDay Gliwice 2016

Episode 46

On November 25th I attended a small conference organized by Future Processing in Gliwice. We get there, me and my two friends, in less than two hours of driving from Wrocław. The conference was held in a really lovely building within a complex of Upper Silesian Agency for Entrepreneurship and Development. Few hundred developers gathered for a single track composed of 11 talks 25 minutes each and finally a special guest talking for an hour.

fdd

At the end, there was an after party in a nearby bar (called “progress bar”, how cute!) with three discussion panels, food and beer.

Talks

Talks were grouped thematically into categories composed of two or three each. First were architectural ones, then frontend, cloud and finally big data. I decided to write more about few sessions I liked the most and to take liberty at titles translation, if required. Let’s start with Read the rest of this entry »

 
Leave a comment

Posted by on December 1, 2016 in News, Technology

 

Tags: ,