Episode 72

Last week went through stuff from the first day of Geeon 2017 conference, which took place between 17th to 19th May in Kraków. Today we will continue and cover seven talks I’ve been to on day two. There will be a lot of reactiveness, events, architecture, APIs, security and some pretty low level topics.

Jakub Pilimon: Event Sourcing

Command query responsibility segregation, event sourcing and event driven architectures are typical buzzwords on conferences nowadays. Jakub introduced the idea and confronted the approach with relaying on object-relational mapping to do the job. There was quite a lot of live code and Hibernate guts debugging. We heard stories on how Twitter almost collapsed in 2012 due to using the same models for writing and reading data and how to lose a girlfriend due to different projections of event log in the relationship. Due to sequential nature of writes and reads event stores can achieve better performance but event versioning can be painful.

Ondrej Mihalyi: 5 ways to improve your Java EE applications in a reactive way.

Reactive programming is hot topic too. Ondrej presented a reference Java EE application implementation from Oracle. Finding shipment routes is apparently no easy task, and originally it took quite a while before backend responds so that front-end could render something meaningful for the user. In order to improve that, we can use asynchronous callback on server-side, divide processing in chunks and push data as soon as such chunk is ready. Lamda make such code much more readable. Blocking IO calls should be done from separate large thread pools to maximize resource utilization. Context should be propagated as method argument, but beware of thread-bound transactions. Reactive programming tends to introduce complexity, so don’t overuse it.

Josh Long: Reactive Spring.

I think it was the third talk of Josh I’ve been to. After naked Java EE we could examine what Spring has to offer in regard of reactive principles and reactive streams initiative. An example application for storing movies and it’s client were coded lightning-fast. We had producer-consumer model, Mono and Flux explanation, new media types, zipping two streams together, functional reactive configuration, router functions, reactive MongoDB and a bit of specially tailored security at the end. As usual with Josh, everything was very well executed and entertaining. Go see “Silence of the lambdas” if they play it at your cinema.

Jakub Marchwicki and Jarosław Pałka: Stages of maturity on the way to microservices.

Why people are so hyped with microservices? Thrill of the unknown, breaking boredom, frustration with monoliths and hopes for easier development. Every organization has it’s burdens, developers seek elegance, product owners seek features, executives seek business continuity. Legacy code makes money while lonely enterprise architects sit in their ivory towers. Automatic deployments bring down organizational walls. Infrastructure cannot be ignored, black boxes are no good while failure from time to time is ok. Instead of pointing fingers and chasing perfect systems, focus on resiliency, logging and metrics to be able to draw accurate conclusions instead of relying on gut feeling. In addition, things that we learn from microservices can be applied in our old monoliths too.

Marcin Grzejszczak: Consumer driven contracts to enable API revolution.

Web services are getting ubiquitous due to rising level of interconnectedness in the world, decentralization, microservices and the internet of things. APIs evolve and it becomes increasingly difficult to keep track of. Mocking on the consumer side follows “work’s on my machine” principle and leads to problems on production. One of the solution to avoid breaks is to create a common repository with API contracts and use Spring Cloud Contract project. Marcin demonstrated how to create such contracts using Groovy DSL, integrate producer and consumer, generate stubs, tests and documentation. Whenever possible, consumers should take part in API creation.

Charles Nutter: Inside JVM JIT.

Well, I haven’t seen native assembly code for a while and there was a lot of it on this talk. Compilers are getting smarter and smarter and they can compensate for poorly written high-level code. Nevertheless I believe that it’s a good idea to have some understanding of how stuff work under the hood. Charles talked about Just In Time compilation versus Ahead Of Time compilation and presented examples on how Java code is transformed into bytecode and in turn into x86 assembly. Particularly the focus was on static invocations, final fields, lock coarsening and eliding, strings in switches and lambdas. Every feature has its costs.

Steve Poole: Anatomy of Java vulnerabilities.

Cybercrime is huge and organized endeavor, currently worth hundreds of billions of dollars – more than drug industry. And it grows at much larger rate. Trivial and obscure bugs and exploits can be chained together to exploit computers in various ways. People wear white hats and black hats, some large banks systems might be publicly accessible via Java Debug Wire Protocol, certain double value can cause infinite loop when parsed and special jpg images can unexpectedly overflow the buffer. Be careful with untrusted data, serialization and native code execution. Don’t write custom security managers, cryptography and XML parsers. Think of penetration tests and keep stuff up to date. Fortunately, there was significant improvement in Java security within last four years, but a lot of scary stuff is still lurking out there.

More Beer!

In the evening, there was an official afterparty, this time in Forty Kleparz club – formerly a complex of fortifications. Nice climate and free beer can be a deceitful combination, and many people found it difficult to make it to the first talk next day. We will get there in the next episode, stay tuned.

Image sources:

• BliazZz