JDays Day 1
2015-03-22
About JDays
JDays is a two-day conference held in Göteborg annually since 2012 (I think). It is primarily focused on Java and related technologies. Some language agnostic sessions are also held. This year the conference was held at the Clarion Post Hotel, which I must say had really nice facilities.
The conference was split up into distinct 45 minutes sessions separated by coffee or lunch breaks. Two or three parallel sessions were held simultaneously, so one always had to prioritize which session to attend.
The following text is a summary of what I remember from the sessions that I went to. In the end, there is a summary of the first day.
1. The Future of Programming
Speaker: Ola Bini, Thoughtworks
The keynote given by Ola Bini touched on a wide range of objects. From programming language philosophies to information security and programmer location. Its main focus, however, was to predict how programming would be done in the future. The speaker talked about some of the things he thinks will form the programmer profession in the future. He gave a lot of examples. Some of these were:
- Polyglot programming - using more than one language in the development of a product.
- The continued usage of Java (yeah! ;)
- The importance of resisting government insistence of building in back doors into the products.
Overall, I think that it was an interesting talk from an interesting person. Ola mixed in a joke or two here and there, and the talk touched (briefly) on many different topics. On the downside, I think that the material presented would better have suited a longer session. Perhaps 50% longer or something like that.
Quotation: "Java is the new Cobol."
Summary: Interesting talk touching on many topics. Not much code was shown.
Rating: 4 (Very good English, good content)
2. Testing your Android app
Speaker: Filip Maelbrancke
As I am an hobbyist Android programmer I thought I should attend at least one of the two Android related sessions so I went to the one that appeared first on the schedule. The topic of the session was how one could test ones Android app in various way. Normally testing is not one of my favourite topics, but I must say that I liked this session. It gave an overview of different frameworks that can be used to test an Android app. Both unit test and other types of test was covered.
Some of the tools that were mentioned in the talk were these:
- AndroidJUnitRunner
- Intento
- Espresso - Build on the Hamcrest framework. Includes support for finding views and asserting different conditions.
- Roboelectric - Contains shadow classes of the abstract types in android.jar. Somewhat obsolote now Google has released new test related stuff.
- Monky - generates events among other things. Can be used for stress testing an app. Part of the adb shell.
- AssertJAndroid - includes various assertion mechanisms supporting better error messages.
- Retrofit - for mocking networks.
- MockWebserver
- Spoon - for taking screenshots. Can be used in a CI environment.
The speaker also talked about design patterns that can be used in Android development. Dependency Injection and Model-View-Presenter were mentioned.
Summary: Interesting session mostly describing frameworks and tools that can help you test an Android app in various ways.
Rating: 3 (OK English, OK content)
3. Be a better developer with Docker
Speaker: Niccola Paolucci
As I attended the Docker workshop the previous day, I went to this session to get a repetition of the stuff from yesterday and maybe pick up a new nice trick or two. And that was mainly what I've got.
The session was not primarily targeted at total Docker newbies. The speaker very quickly described his view of what docker is, but that explanation was so brief that if you hadn't played around with Docker before, I think most of the stuff presented was incomprehensible. Luckily, I remembered most of the things that I learned yesterday so I understood most of the things the speaker spoke about.
Niccola presented some advantages of Docker:
- You can try different versions of your tools.
- Security: a program cannot break out of the container.
- There exists a multitude of Docker images (20000+) that can be downloaded and used.
Some tips and tricks that I picked up during the session:
- Use the -v parameter to the Docker command or the VOLUME to share directories between the host and the container.
- Data only containers are nice to have as a data storage.
- The --link parameter to the Docker command updates /etc/hosts
- To promote reusability, put the dynamic commands (the ones most likely to differ between images) in the bottom of the Dockerfile.
- To decrease the size of the images, one can let it be based on Debian instead of on Ubuntu.
- Due to the fact that a new image is created and stored after each line in the Dockerfile, it is advantageous to combine several commands on the same line. E.g. if the Dockerfile contains several
apt-get
commands, these could be combined to be on the same separated by the and operator &&. - The space occupied by the images can be inspected using the
docker image image-name
command. - To recursively list the containers the container is based on, the
docker image --tree
command could be used. - An container could be flattened by exporting and reimporting it.
Finally the speaker talked a little bit about some tools that can be used in conjunction with Docker:
- Docker machine: create Docker containers on for example load supervisors and in the cloud.
- Docker swarm: controls a cluster of docker containers.
- Docker compose: build multi-container applications in a simple way.
Summary: Lots of ticks and tricks for using Docker. Basic knowledge of Docker required.
Rating: 3 (OK English, OK content)
4. The performace-model of streams
Speaker: Angelika Langer
Angelika spoke about how the performance of the new streams
compare to that of old school for-loops. In summary, streams
:s often executes more slowly if only primitives are involved. If proper objects are used, the difference is less. If the computations could be parallelized, streams
:s could perform better that old-fashioned loops.
Summary: Interesting talk about the performance of streams compared to regular for-loops.
Rating: 4 (good English, good content)
5. Android security for developers
Speaker: Filip Maelbrancke
As I went to Filip's first talk earlier on the day and I liked it, I thought I would go to his next one, which should cover Android security, as well. I was not disappointed.
Filip started by saying that he had this definition of security: security == managing risk.
The Android security model is based on these three pillars:
- App signature verification.
- Two levels of sandboxes.
- Enforcing permissions.
The speaker then went on to describe a wide range of tools that can be helpful for when working with security on Android.
- arktool: A reverse engineering tool.
- dex2jar: Translates from dex to java
- jadx: Program for opening up an apk-file and listing its contents. Does have a GUI.
- proguard: Program for obfuscating, shrinking, and optimizing Android code. Included in the Android SDK.
- dexguard: Similar to proguard
Some useful techniques to discover if your app has been tampered with:
- In runtime, check where the app is installed.
- In runtime, check where the app is originating from.
- Check that the debug flag is off.
- Save a hash of the debug certification in code. In runtime, calculate hash and check that it matches the saved on.
- Check if the device has been rooted.
How to protect in app data (in descending order):
- Do not save data locally.
- Set
android:allowBackup
to false. - Save on external server instead of locally.
- Avoid screenshots.
- Log out if the app has been inactive for a certain amount of time.
- Draw a keyboard and use that for input instead of using the default one.
Cryptography related libs:
- Bouncycastle: bundled with Android
- Spongycastle: repackage of Bouncycastle especially for Android.
- GPS (Google Play Services) Dynamic Security Provider
- SQLCipher
Key management: either ask the server for the cert or store in the Android system area.
Keystore provider: Android Keystore, since 4.3, can be hardware backed.
Nogotofail: tool for testing network stuff.
Many good books on Android security (compared to Andoid testing)! E.g. Android Hacker's handbook.
Summary: Really interesting and useful talk about Android security and what tools that exist to help hardening and testing an app.
Rating: 4 (OK English, good content)
6. Java EE vs Spring smackdown
Speaker: Murat Yener/Mert Caliskan
Murat and Mert have written one book each on either Java EE or Spring, so they know a lot about the subject of the session.
The session was set up to be a match between Java EE and Spring to decide which technology is the better one.
The session started with a short description of the different features of Java EE and Spring. The comparison showed that the functionality of the two technologies are rather similar in scope.
Most of the rest of the session was a comparison between two programs constructed to have the same functionality but one written using Java EE and the other using Spring.
One difference that struck me was how much more XML configuration that was needed in the spring version compared to the Java EE version. Otherwise I think the two versions were quite similar.
The smackdown ended in a draw. The conclusion was that the technologies were similar in scope and that they supported roughly the same annotations, but the names of the annotations differed a bit.
It was fairly interesting to witness the Java EE vs Spring smackdown. The authors were humorous and clearly knew their subject very well. The quality of the spoken language was, unfortunately, not perfect, which made the presentation hard to follow from time to time.
Summary: Interesting comparison between Java EE and Spring. Good to know that they are similar in scope. Will be nice to get the slides of the presentation, which will be useful as a translation guide between the annotations of the two technologies.
Rating: 3 (Fairly OK English, OK content)
7. Microservices and modularity or the difference between treatment and cure
Speaker: Milen Dyankov
The session consisted of two parts: first a general discussion about what a microservice is and pros and cons of a microservice compared to a monolith, then a live refactoring of an application from a monolithic architecture, via a "standard" microservice architecture to an OSGi microservice architecture.
If the need for a microservice architecture is not obvious and overwhelming, the speaker recommended starting with a monolithic architecture, but where the monolith is divided into modules which, if the need arises, can be refactored to microservices later on.
The speaker recommened two articles on microservices: Microservices by Martin Fowler and James Lewis and Microservices and Jars by Uncle Bob Martin.
The live coding session took as starting point an example from the Java EE Tutorial of Oracle's. The example program was first modified so that a business logic component was added. As that component did not need/should not have to know about persistency details of the entity model, a separate hierarchy of DTO:s duplicating the entity model was created. When that had been done, the business component could then, quite easily, be refactored out to be a microservice. The speaker then proceeded to refactor the component so that it became OSGi compliant. This step did not seem to be particularly hard to perform either, which was kind of nice to see.
As I haven't been into the microservice world very much, it was interesting to get a short introduction to microservices in general. The live coding session was also interesting, but it is often hard to follow (and even more difficult to remember) all the steps as they often are executed quite rapidly. The main take away from the live coding session was therefore: it does not seem very hard so it should be possible to perform the steps at home. Given a sufficient amount of time...
Summary: Interesting talk and live coding session about microservices. Some materials on OSGi as a bonus.
Rating: 4 (good English, good content)
Summary of Day 1
The first day of JDays was filled with interesting talks. It's a pity that one can only be in one place at any given time. Often I would have liked to attend two or all three of the sessions. I prioritized going to the sessions covering Android and Docker, and this I don't regret. The sessions on microservices and Docker was probably the most useful from a job perspective. The session on the performance of streams was very interesting, but maybe not that useful. I think that if you have the oppertunity to use streams (i.e. if you use Java 8), then you should do it because streams offer a cleaner and more expressive syntax. It does not matter if it is a little bit slower than using old-fashioned for-loops, the more expressive syntax more than makes up for that.
Summary: Really nice first day! Focus was Android and enterprise Java.
Leave a reply