All The Talks 2020

Description

Integrating microservices and taming distributed systems is hard. In this talk, Bernd Ruecker will present three challenges that have been observed in real-life projects and discuss how to avoid them.

Description

The software has bugs. The systems sometimes fail. People make "mistakes." These are fundamental truths of technology. The 5 whys and other lies you've been told about analyzing system failures are detrimental to learning from these failures. This talk will expose these lies and offer helpful alternatives.

Description

Most developer are continuing to do their job as they always have. Once in a while, however, it makes sense to look and reflect whether you're doing things in the most effective way. This session provides 20 tips to Java developers on how to maximize efficiency. You'll also learn how to improve your IDE usage, command line experience, and automation.

Description

A couple years ago, continuous integration in the JVM ecosystem meant Jenkins. Since that time, a lot of other tools have been made available. New tools don’t mean new features, just new ways. Besides that, what about continuous deployment? There’s no tool that allows to deploy new versions of a JVM-based application without downtime. The only way to achieve zero downtime is to have multiple nodes deployed on a platform, and let that platform achieve that, e.g., Kubernetes. And yet, achieving true continuous deployment of bytecode on one single JVM instance is possible if one changes their way of looking at things. What if compilation could be seen as changes? What if those changes could be stored in a data store, and a listener on this data store could stream those changes to the running production JVM via the Attach API? In this talk, you'll experience a demonstration using Hazelcast and Hazelcast Jet. It’s possible to re-use the principles that will be shown using other streaming technologies.

Description

Java agents and their instrumentation API offer developers the most powerful tool-set to interact with a Java application. Using this API, it becomes possible to alter the code of running applications, for example to add monitoring or to inject security checks as it is done by many enterprise products for the Java ecosystem. In this session, developers will learn how to program Java agents of their own that make use of the instrumentation API.

Description

Join Gene Kim and Jeff Smith as they embark allow attendees from the conference to ask them anything.

Description

Surprisingly, implementing a secure, robust and fast promotion pipelines for container images is not as easy as it might sound. Automating dependency resolution (base images), implementing multiple registries for different maturity stages and making sure that we actually run in production containers from the images we intended can be tricky. In this talk, we will compare different approaches, compile a wish-list of features and create a pipeline that checks all the boxes using free and open-source tools.

Description

Building a web application to solve a business problem is easy in today's world. How about creating an experience that allows your user to spend more time on the service? To do that essentially, we need to equip the application with quintessential features like search. Most of the websites like eCommerce, food delivery, and social media rely on search. Search is omnipresent and one can't ignore the users searching for something on your website. In this talk, we will primarily bring up a search engine and build a React based web app within minutes.

Description

Enterprise Java has come a long way. What does a modern development approach look like in the age of Jakarta EE and MicroProfile APIs? In this session, we'll have a look at supersonic, subatomic Java with Quarkus. If you're familiar with enterprise development with Spring or Java EE, you'll be delighted to see the effective way of working that Quarkus enables. You'll also encounter the benefits of Quarkus for modern, cloud-native microservices in 2020.

Description

This interactive and lighthearted talk, applicable to both Java and JavaScript developers alike, will discuss key benefits of developing software using event-driven design by using a dragon boat race with the talk attendees. Event-driven software design patterns and event-driven communication such as publish-subscribe will be discussed, and their use in modern asynchronous distributed microservice architectures vs. the more traditional point-to-point REST-over-HTTP approach.

Description

With the transition to microservices and cloud platforms, there is an increased need to integrate with services that your team or organization might have limited or no control over. A common pain point experienced in this type of workflow is long wait times while client developers wait for service developers to build their service, and unreliable test suites as integration tests are run against live services which might have test data go missing, be down for maintenance, or slow to respond because they are under a heavy amount of traffic. There has to be a way you can develop services more quickly and have confidence they will work in production. In this presentation, you will learn about the goals and processes behind contract driven development and how they resolve a lot of pain points around developing in a microservices/cloud world.

Description

Continuous Integration and Continuous Delivery both brought fundamental changes to how we build, operate, and maintain infrastructure at scale. Our knowledge of systemic properties of complex systems has improved, leading us into a new era of Continuous Verification. Much of this knowledge has been at the expense of reliability "best practices" that feel very intuitive, but are not backed up by data. Forward-looking enterprises reject those myths and are now discussing their CI/CD/CV strategy.

Description

The COVID-19 pandemic affects every one of us and we are just beginning to understand the potential impact of this crisis. Today, we are a global community, interconnected in a myriad ways. How can we band together to keep the world safe and protect the vulnerable?

Description

Nothing compares to Mob Programming for making the DevOps dream a reality in your org. While ops specialists, security personnel, testers, and developers all working on the same cross-functional team was a great leap forward, mob programming takes it to next level by having "All the brilliant minds working together on the same thing, at the same time, in the same space, and at the same computer." What sounds like madness to some has proved to be instrumental for many achieving the lofty goals of continuously delivery, zero bugs, no silos, and a highly collaborative culture. This talk aims to help learners understand: DevOps/DevSecOps, mob programming, and how DevOps mobs achieve the lofty goals of continuously delivery, zero bugs, and a highly collaborative culture for the development, testing, and operations disciplines, gain tools to effectively experiment with DevOps mob programming in your context, and experience DevOps mob programming in a feature code and IaC exercise.

Description

As serverless computing is gaining momentum, you have to make some hard choices and answer some fundamental questions. What is serverless, and why do you want it? Are cloud vendors like Amazon, Google, and Microsoft the only places where it makes sense to run serverless applications? Which types of applications are good candidates to become serverless? Should you use Kubernetes as the platform to run serverless deployments? How do you manage the lifecycle of our serverless applications? This talk with try to answer those and quite a few other questions and present Knative as one (out of many) possible platforms you can use to run serverless applications. You'll see a demonstration of the Knative project and learn how to use Jenkins X to manage the lifecycle of your serverless applications.

Description

For the most part, machine learning is similar to traditional software development and most of the principles and practices that apply to traditional software development also apply to machine learning. However, are certain unique challenges that come with deploying ML models to production. In this presentation, you will look at the top challenges you face deploying machine learning models to production and how to tackle those challenges using MLOps. Key takeaways include: How machine learning differs from traditional software development, the top challenges when deploying ML models to production, what MLOps is and how to tackle ML specific challenges, and anecdotes from deploying ML models using industry principles and best practices.

Description

In this session, Aaron will uncover the importance of using chaos engineering in developing a learning culture in a DevSecOps world. He will walk you through how to get started with chaos engineering for security and how it can be practically applied to enhance system performance, resilience, and security. Security focused chaos engineering allows engineering teams to derive new information about the state of security within their distributed systems that was previously unknown. This new technique of instrumentation attempts to proactively inject security turbulent conditions or faults into our systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain. During this session, you will learn some key concepts in safety and resilience engineering and how new techniques, such as chaos engineering, are making a difference in improving our ability to learn from incidents proactively before they become destructive.

Description

Retry mechanisms are common in microservices and particularly in cloud applications. They are an easy choice when it comes to software architectures with many services. Since every service is independent and you don’t know what is going on inside, retries are a “best-effort” approach which can help to recover from errors. Because every service is very small, the amount of services goes up and retries are chosen more than ever as the “right solution” for handling errors. But is it really the case? In a stateless world, retries can potentially cause unwanted behaviors and unexpected flows in the application, and they need to be dealt with a lot of thought.

Description

Everyone has a failure story and every epic failure is an excellent opportunity for learning. In this fun session, you're going to hear some epic failure stories from some of the best in the industry. We're all human and you'll be better prepared to face your next failure as a growth opportunity.

Description

One of the most intriguing classes in the JDK is the collectors utility class with a collection of some highly powerful functions that are useful during the reduce operation of streams. The functions that are in this class have so much to offer. Due to their complex nature, however, they often are not used as much as they should be. Using well defined live coded examples, we will take up several common programming problems, discuss, and drive the implementation using the collectors methods. By the end of this presentation, you will thoroughly know the power of collectors and how to apply the methods.

Description

Using feature flagging for releases is becoming the norm. It's an innovative way to ship and test software. However, when you have a ton of feature flags, it can be overwhelming. How do you handle it? In this session, we'll go through the entire feature flag life cycle, including creation, naming conventions, workflows, testing, and removal.

Description

Even when we automate all the things that are possible to automate, in most contexts, some human-centric testing is needed that is not automatable. Examples include exploratory testing, accessibility testing, and user acceptance testing. Jez Humble and David Farley included these manual stages in the CI pipeline in their Continuous Delivery book. How can these testing activities get completed without blocking the pipeline? In this session, you'll learn about ways to integrate all testing stages into a pipeline without causing bottlenecks.

Description

Over the last few years, Mya Pitzeruse has written and deployed many services to production using gRPC. These systems have run across different runtimes, including Apache Mesos, Hashicorp Nomad, and Kubernetes. To help keep this talk focused, Mya will use Kubernetes for demonstration. In this talk, you'll gain context you need to get started using gRPC on Kubernetes. You'll walk through setting up liveness and readiness probes, configuring several service addresses and discussing how they differ, and deploying a client that uses the service addresses to perform a variety of workloads.

Description

In the last few years, more responsibilities have shifted to development teams. With the widespread adoption of Kubernetes, configurations become a developer issue first and foremost. This responsibility means that developers need to be aware of the security risks involved in their configurations. Just by themselves, those configuration security risks might not be so harmful, but with other vulnerable components in the production environment, like the libraries used in the application, or a malicious container, potential attackers can build a multi-steps attack vector, using all of these risks together. Developers should give the necessary attention to those risks and make sure that our applications and clusters are as secure as possible. In this hands-on presentation, you’ll see a demonstration on some of the key security issues that affect your Kubernetes configuration. You'll hear what they actually mean, what an attacker can do to your cluster and howto fix them.

Description

Until outages and other incidents are a thing of the past, organizations need to invest in a way of dealing with them that won’t lead to burn-out. In this session, you’ll learn how to combine the latest tooling with DevOps practices in the pursuit of a sustainable incident response workflow. It’s all about transparency, actionable alerts, resilience, and learning from each incident.

Description

DevOps practices have helped businesses think differently about building systems in more reliable and resilient ways for 10 years. Standard GRC approaches haven't quite evolved to complement DevOps concepts. I’ll talk about ways to calibrate GRC and DevOps needs so that they can work in reciprocal ways that benefit each other and not just meet their own goals in disconnected ways.

Description

This talk will describe what you can do differently in the industry on this front, based on foundational methods from cognitive systems engineering, human factors, and resilience engineering.

Description

Containers are ubiquitous, but writing (and maintaining) Dockerfiles can be tedious, scary, or simply yet-one-more-thing-you-have-to-care-about. Enter, Cloud Native Buildpacks (CNB), a CNCF project. The CNB project aims to radically simplify the process of building containers. CNB takes the best of developer experience from PaaS platforms like Heroku and Cloud Foundry, and combines it with modern container standards to achieve a new paradigm in simplicity and transparency. Are you a developer who’s taking apps to production in containers? Are you a DevOps person looking for a new way of building container images for teams? Are you DevSecOps and care about keeping your OS base images and applications up to date or what goes into your container images? Come to this talk to learn how Cloud Native Buildpacks can help you build Docker images without Dockerfiles, how you can keep everything up to date, and how to keep your security and DevOps folks happy.

Description

Monica will discuss the principles (scavenging, marking, sweeping, compaction, etc.) of garbage collection and discuss details of certain collectors in OpenJDK.

Description

Kubernetes operators are the next phase of the journey towards automating complex applications in containers. The Kudo project introduces an easy way to build Kubernetes operators using declarative YAML. Many operators that exist today handle initial deployment, but they don’t provide automation for tasks like binary upgrades, configuration updates, and failure recovery. Implementing a production-grade controller for a complex workload typically requires thousands of lines of code and many months of development. As a result, the quality of operators that are available today varies. The Kudo project provides a universal operator to enable automated creation of operators for Kubernetes, in most cases just using YAML. In this talk, Matt Jarvis will introduce the Kudo project and demo the creation of a Kubernetes operator using Kudo.

Description

Major efforts went into Istio over the last year. These efforts focused on seamless experience to adopt, performance and scalability for massive workloads, smooth upgrades, and powerful extensibility. This session will provide an overview of the new features and a glimpse into what to expect in 2020.

Description

In this talk, Nicolai Parlog will update a simple Java 8 code base to Java 14 and refactor it to use the new language features and APIs.

Description

Java 14 brought Records as one of the preview features. For many it was reasonable to say "no more JavaBeans code generation" or "Lombok is dead." Is that really the case?

Description

In this session, you'll learn about the most important things you should consider to run Kubernetes in production successfully. We will look at the operational concepts that make Kubernetes so powerful and how they help (or hinder) troubleshooting clusters. Equipped with this understanding, we will then look at some of the most important additions you should consider to turn your cluster into a reliable, production-ready workhorse. Next, we’ll talk about managing deployments and how to provide observability of your deployed payloads before finally closing with an attempt to answer the age-old question: “Should you roll your own instead of using GKE or EKS?” For this session, you should have a passing familiarity with Kubernetes, kubectl, and cloud infrastructure providers like AWS and GCP.

Description

This session is for professionals building Java applications for desktop, mobile, and embedded devices in the Cloud age. It will help you build enhanced visual experiences and deploy modern, easy to maintain, client applications across a variety of platforms. These applications can take advantage of the latest user interface components, 3D technology, and cloud services to create immersive visualizations and allow high-value data manipulation. Learn how to leverage the latest open-source Java client technologies to build rich, responsive, and modern UIs from the authors of the definitive Java Client reference.

Description

How many different paging alerts wake up your team from how many different systems? Many teams have too many paging alerts for them to usefully manage today, and most teams are hurtling toward an unsustainable future. It is a paradox of scale: The bigger and more complicated your systems get, the fewer paging alerts you should have. The good news is that most teams who move from a monitoring model to observability are able to delete about 90% of paging alerts while increasing reliability from the customer’s perspective. SLOs and observability are the key to a safe, sane on call rotation that is not severely life-impacting — a rotation your senior engineers will be proud to join, not one staffed by everyone who isn't yet influential enough to get out of it. In this session, Charity Majors will tell you how to get there.

Description

As we migrate toward distributed applications, it is more than just our architectures that are changing, so too are the structures of our teams. The Inverse Conway Maneuver tells us small, autonomous teams are needed to produce small, autonomous services. Architects are spread thin and can’t be involved with every decision. Today, we must empower our teams, but we need to ensure our teams are making good choices. How do we do that? How do you put together a cohesive architecture around distributed teams? This talk will discuss creating “paved roads,” well worn paths that you know work and can support. It will also explore the importance of fitness functions to help our teams adopt appropriate designs.

Description

This example driven talk will guide you through concrete approaches to using continuous profilers in a production environment. After attending this talk you’ll better understand: Common profiling visualizations and reports, how to use profilers to solve performance problems, the benefits of continuous, exploratory, profiling, and how to improve scalability to create happier customers and reduce infrastructure costs.

Description

Security is often spoken of in absolutes. Is this secure? Is that insecure? The reality is that security is a spectrum. It is a series of implicit and explicit decisions made to meet the business needs within an acceptable risk tolerance. What is an acceptable risk? How can you determine what threats pose a risk to your work? How likely are those threats to occur? Is there data available to support these determinations? The answers to these questions are vague at best. This leads a lot of teams to practice security as a set of “best practices” with little understanding of what risk a control or process is supposed to address. In this talk, Mark Nunnikhoven will examine the challenge around identifying realistic threats to your work, various risk assessment models, and how to take a reasonable approach to making risk decisions with insufficient data.

Description

Garrett Gross, a Rapid7 Technical Advisor for Application Security, and Alyssa Miller, a Snyk Application Security advocate, come together to share how application security is evolving. You constantly hear about security shifting left in the SDLC, but what about development pushing right as teams continue to deploy apps using cloud and container technologies? In order for modern day application security programs to achieve success, there is a need for shared responsibility across development, security, and operations teams. By integrating security earlier with a developer-centric mindset, development teams can trust that their ops and security peers share in their mission to release good software, fast.

Description

Site Reliability Engineering (SRE) is a set of principles, practices, and organizational constructs that seek to balance the reliability of a service with the need to continually deliver new features. An error budget is the primary construct used to help balance these seemingly competing goals. This is an introduction to error budgets and their components: service level indicators (SLIs) and service level objectives (SLOs) in which Nathen Harvey will share the art of creating and implementing SLOs.

Description

Over the past 8 years, Puppet has surveyed more than 30,000 technical professionals around the world in the most comprehensive and longest-running study on the topic of DevOps. The 2019 State of DevOps Report looked specifically at how organizations are integrating security into the software delivery lifecycle. We also recently collaborated with Snyk on the DevSecOps Insights Report, which cross-analyzes the data from the State of DevOps Report and Snyk’s State of Open Source Security Report. This presentation will showcase some of the common patterns and practices that highly evolved DevOps shops have in place to enable tighter integration with security. The talk will provide a practical roadmap for adopting and expanding DevOps success and focus on: How executing well on DevOps is key to enabling DevSecOps, the top 5 practices that increase your team's confidence in your security posture, and common challenges of integrating security into the development lifecycle, especially in the middle phases where things tend to get messy.

Description

As a developer advocate working with customers, Ray has seen all sorts of issues due to dependency conflicts. Dependency conflicts come in many different forms and have different impacts on your applications. This presentation examines common causes of a dependency conflict, how you can mitigate it as a library developer, and how end users can resolve it. It also discusses what Google has been documenting in terms of best practices and what tools it has created to help based on learnings.

Description

Watch this session for an overview of garbage collectors in Java, and to learn what new garbage collectors bring to the JVM.

Description

This talk digs into the fundamentals of DevSecOps, exploring the key principles required to advance your security practices. Considering the changes in culture, methodologies, and tools, it will demonstrate how to accelerate your team's journey from endpoint security to built-in security and how to avoid the common mistakes faced when implementing your chosen DevSecOps strategy.

Description

In this talk, Anne Currie will discuss tech ethics in the middle of an event.

Description

An API gateway is at the core of how APIs are managed, secured, and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud native space, and many engineers are confused about how a cloud native API gateway relates to Kubernetes Ingress or a Service load balancer. Join this session to learn about the evolution of API gateways over the past ten years, and how the original problems they were solving have shifted in relation to cloud native technologies and workflow, current challenges of using an API gateway within Kubernetes: scaling the developer workflow; and supporting multiple architecture styles and protocols, strategies for exposing Kubernetes services and APIs at the edge of your system, and a brief guide to the (potential) future of cloud native API gateways.

Description

Spring Boot, the new convention-over-configuration centric framework from the Spring team at Pivotal, marries Spring's flexibility with conventional, common sense defaults to make application development not just fly, but pleasant! Spring Boot aims to make address the common functional and non-functional requirements that gate quickly moving to production.

Join Spring developer advocate Josh Long for a look at what Spring Boot is, why it's turning heads, why you should consider it for your next application (REST, micro services, web, batch, big data, integration, whatever!) and how to get started.

Description

In this talk, you'll learn about the goals and aspirations for The Unicorn Project, the Five Ideals, and why DevOps will be one of the most potent economic forces for decades to come.

Description

With the advances in multicore hardware and virtualization technologies and the demand for highly responsive, resilient, and elastic systems and increasingly sophisticated applications, an array of reactive data stream processing libraries have been born to address the needs. Reactive Streams is an initiative to provide a standard for asynchronous stream processing with non-blocking back pressure. This encompasses efforts aimed at runtime environments that include JVM and Javascript, as well as network protocols. So, how do the various library implementations of Reactive Streams, such as Spring Reactor, Reactive Extension (Rx)'s Observables, and RSocket, stack up against each other? This presentation will go into some details on how streams leverage on the underlying multicore processor to achieve parallelism. It will then explain the push vs. the pull streaming model. Finally, you will experience a simple use case with code examples to illustrate the different API usages, as well as runtime processing analysis between a few popular Java implementations of Reactive Streams.

Description

Developers were used to debugging applications one thread at a time. However, with the advent of microservices architectures, what used to be a single stack trace in a single machine became many stack traces spread among computers. Come to this session to see how to perform a distributed tracing in your application using Jaeger with Opentracing.

Description

We've all the tools today to do high frequent deliveries in high quality. Yet, many team struggle with getting into fast feedback loops with their customers as their culture is not fast and responsive enough. Trust can help as trust makes a team fast. We need to make trust the foundation of DevOps. DevOps requires a cultural change. How can a DevOps transformation work (especially in large enterprises)? Observing many teams at several occasions, Dirk noticed that trust can be seen as the foundation of DevOps. Giving examples and concrete actions, this talk shows you how to foster trust in your team so applying DevOps becomes a success. The talk also tries to explain the science behind trust and how that knowledge can be applied to help understand how to foster trust in a team.

Description

Many teams and organizations are seeing positive outcomes from focusing on value and flow in their teams, but how do you actually do that? Value Stream Mapping (VSM) aims to do exactly that, but coming from physical manufacturing and being decades old is not helpful in today's tech teams. Most Value Stream Maps you'll see are messy, jargon-filled diagrams only a consultant could read. In this talk, Steve Pereira will give you the 20% of value stream mapping (VSM) goodness that produces 80% of the value and share specific examples of how to create and use a VSM to debug workflows and save time, frustration and waste. You'll hear about why Value Stream Mapping is useful, how it's done and how you can do it, where it applies, what challenges it addresses, and the common outcomes and ROI.

Description

This talk will take you on a journey through a typical software development process, showing you where music and software cross paths.

Description

In this talk, Jayashree S. Kumar will cover what Kotlin functional programming is, why you might use Kotlin functional programming, and favorite functional programming concepts.

Description

In this talk, you'll learn why it’s the people and culture that matter most and how to leverage DevOps best practices and processes to make the most out of your DevOps journey.

Description

DevOps is about people, empathy, relationships, and collaboration. And science supports that - Studies have shown collaboration is critical to effective software development and software operations. Many times, collaboration is easier said than done, which raises the question: “How do we work with talented people who have different communication styles and points of view?" Don’t worry, you can learn to improve our human interactions. Over time, Matt Stratton has learned some techniques and approaches to enhance collaboration and interaction, which he'll share so you can put them into practice yourself. This session will cover topics like de-escalating conflict, facilitating effective meetings, how to productively have difficult conversations, and fostering psychological safety in teams.

Description

This session will share how to take the first steps toward increasing trust and reducing fear using nothing a sheet of paper and techniques like test-driven development for people and directed opportunism.