By Ben Hale
In this day and age, it's pretty hard to be a Java developer and not have heard of the Spring Framework. The question is, what exactly is Spring? Well, you don't have to look any further. This session aims to answer the questions of what Spring is as well as why you might want to use it and what it can do for you.

The session will start by focusing on what Spring is, and what it is not. It'll help you understand some of the big-picture problems facing Java developers today and how Spring helps solve them. After we've covered the basics, we'll start a whirlwind tour of the support facilities Spring provides and how they can help you build a robust application in a short amount of time.

Even if you don't know how Spring can help you, come by and take a look. Spring is incredibly broad, there really is something for everyone.

By Ben Hale
In this interactive session Ben walks you through the experience of building a simple Spring-powered application from the ground up.



You will learn how to use Spring to assemble an application system from a set of focused, loosely-coupled components. You'll see how Spring enables agile development by allowing you to start simple, validate architectural choices early, and scale up infrastructure as requirements demand.

Expect live coding with a supporting business case. This "big picture" session focuses on teaching how to get the most mileage out of the Spring Framework as you can.

By Ben Hale
In this interactive session Ben walks you through the experience of building a simple Spring-powered application from the ground up.



You will learn how to use Spring to assemble an application system from a set of focused, loosely-coupled components. You'll see how Spring enables agile development by allowing you to start simple, validate architectural choices early, and scale up infrastructure as requirements demand.

Expect live coding with a supporting business case. This "big picture" session focuses on teaching how to get the most mileage out of the Spring Framework as you can.

By Ben Hale
Have you ever developed a web application with a long user action based on form input? Did you curse the Java community for their inability to address this very common application type? Well, attend this session about Spring Web Flow and you'll curse no more.

In this session we'll learn about a new(ish) Spring sub-project, Spring Web Flow. Spring Web Flow is an innovative new framework for declaratively modeling web application user interactions. We'll start with an exploration of some web development issues and then take a look at the value proposition that Web Flow brings to the table. Once everyone is comfortable with that, we'll jump straight to code. We'll start by exploring some of the features that SWF has and then we'll finish with a live coding example where the audience will help write the application.

By Brian Goetz
The Java language included support for threads and concurrency from day 1, but writing correct multithreaded programs is not easy. This session will cover the how and why of using threads in Java.

Programming is hard, but concurrent programming is harder. Concurrent programs are at risk for all the safety, liveness, and performance hazards that sequential programs are. But there are also many hazards that apply exclusively to multithreaded programs, such as race conditions, stale data, and deadlock.

If an object is going to be accessed from multiple threads, it should be thread-safe. The requirement for thread-safety is often introduced into Java programs not by explicit use of threads within the program, but by the use of frameworks, such as Servlets and Swing, which create threads and call application components from those threads.

This class will cover what is thread safety, how to create thread-safe classes, and what costs and benefits you can expect to encounter by using threads in your programs.

By Brian Goetz
JDK 5.0 is a huge step forward in developing concurrent Java classes and applications, providing a rich set of high-level concurrency building blocks.

Prior to the release of JDK 5.0, the Java platform provided basic primitives for writing concurrent programs, but they were just that -- primitive -- and difficult to use properly. Building multithreaded applications on the Java platform's low-level concurrency primitives posed many traps for the unwary, and many developers were forced to reinvent the wheel by writing their own classes for thread pools, semaphores, and task schedulers.

To help users create robust, scalable, and (most importantly) correct multithreaded applications, JDK 5.0 includes a rich set of high-level concurrency constructs, such as thread pools, semaphores, mutexes, barriers, and high-performance concurrent collection classes. Using these concurrency utilities will, in most cases, make your programs clearer, shorter, faster, easier to write, and more reliable. This session provides you with an overview of the new high-level concurrency utilities in the new java.util.concurrent package in JDK 5.0.

By Brian Goetz
Performance myths about the Java platform abound, from the general "Java is slow", to the more specific "reflection is slow", "allocation is slow", "synchronization is slow", "garbage collection is slow", etc. Many of these myths have their root in fact (in JDK 1.0, everything was slow); today, not only are many of these statements not true, but Java performance has surpassed that of C in many areas, such as memory management.

In this class, we'll look at some common Java performance myths, identify where they came from, and explore the platform changes that have rendered them no longer true. Many common performance hacks don't actually help, and some can seriously hurt performance. The result is that clean code that follows common usage patterns generally shows far better behavior on modern JVMs than code laden with tweaks designed to "help" the JIT or garbage collector. More often than not, this well-intentioned assistance has the unfortunate effect of undermining many common JIT optimizations, resulting in slower -- not faster -- code.

By Brian Goetz
What's the worst thing that can happen when you fail to synchronize in a concurrent Java program? Its probably worse than you think -- modern shared-memory processors can do some pretty weird things when left to their own devices.

Java was the first mainstream programming language to incorporate a formal, cross-platform memory model, which is what enabled the development of write-once, run-anywhere concurrent classes. It is the Java Memory model that defines the semantics of synchronized, volatile, and final.

However, because the most commonly used processors (Intel and Sparc) offer stronger memory models than is required by the JMM, many developers frequently use synchronization and volatile incorrectly, but have been insulated from failure by the stronger memory guarantees offered by the processor architecture they happen to be deploying on. (The infamous “double checked locking” idiom is an example of this sort of error.)

JDK 5.0 incorporates JSR-133, a revision of the Java Memory Model, which refines the semantics of synchronization, volatile variables, and final fields. Additionally, the new JMM provides a new safety guarantee – initialization safety – that allows immutable objects to be shared among threads without synchronization, if certain requirements are met. This talk describes the updated Java Memory Model for programmers who are familiar with the multithreading primitives in Java (synchronized and volatile.)

Understanding the Java Memory model is key to using the core concurrency primitives (synchronized and volatile) to develop thread-safe, efficient concurrent classes. We’ll cover what a memory model is, what synchronization really means, what was broken about the original Java Memory Model, and how the memory model changed in JDK 5.0.

By Brian Goetz
Does your program have bugs, despite unit tests, integration tests, and code reviews? You bet. Are you using static analysis as part of your QA process? If not, you're probably missing out on some bugs that can be caught before they bite your customers.

The cost of finding a bug increases dramatically the longer it lurks without being discovered. Fortunately, today?s development tools (IDEs and compilers) can identify many potential bugs within a few seconds of their creation, resulting in higher quality code and more productive programmers. However, even the best programmers can create bugs that are very hard to spot if they make it through their first few minutes of their existence.

Until recently, automated code analyzers have not been very useful for mainstream developers. Most code analysis packages focused either on stylistic issues (such as indenting and variable naming), or on formal correctness proofs (which require an investment in specification that few developers can afford to make.)

FindBugs, an open-source tool developed by Bill Pugh and David Hovermeyer of the University of Maryland, has raised the bar for ease-of-use and effectiveness of automated code analysis for finding bugs. FindBugs has been able to find many serious bugs in production software, including Eclipse, JBoss, Apache Tomcat and Sun's JDK implementation, with an impressively low false-positive rate compared to other approaches.

This session will explore how static code auditing tools work, how it is easy to write bug-detector plugins to find new bug patterns, presents some common bug patterns and fun "find the bug" puzzles, and shows how code auditing tools can easily identify them.

Every developer will want to have these tools in their toolbox.

By Brian Sletten
Imagine the simplicity of REST married to the power of Unix pipes with the benefits of a loosely-coupled, logically-layered architecture. If that is hard to imagine, it may because the architectures available to you today are convoluted accretions of mismatched technologies, languages, abstractions and data models.

NetKernel is a disruptive technology that changes the game. It has been quietly gaining mind share in the past several years; people who are exposed to it don't want to go back to the tired and blue conventions of J2EE and .NET. Not only does it make building the kinds of systems you are building today easier, it does it more efficiently, with less code and a far more scalable runway to allow you to take advantage of the emerging multi-core, multi-CPU hardware that is coming our way.

Come see how this open source / commercial product can change the way you think about building software.

NetKernel makes the things you are doing now easier, but also makes new types of systems possible.

A wise man once said, "XML is like lye. It is very useful, but humans shouldn't touch it." If you've had to incorporate XML into your project by hand, you have probably been burned by getting too close. NetKernel turns this wisdom on its head and encourages you to use XML like the liquid data stream you want it to be.

But, XML is only part of the story. Resource-oriented computing is a generalized and revolutionary approach to modern, flexible systems. There is less code to write, but it is more fun to do. Orchestration of existing services and data sources is faster, easier and more encompassing than with more conventional technologies.

This talk will help explain what NetKernel is (app server? pipeline tool? embedded SOA?) and, through a comprehensive set of examples, give you a glimpse at a deeper software reality than you might have thought possible.

Disclaimer: There will be no blue pills given to you to make you forget what you have seen. Come with an open mind.

By Brian Sletten
REST sounds like such a simple thing. But, what is it really? How do you convince your boss to let you try it when she has been sold on the equation SOAP = SOA + P(rofit)? How do you go about building, deploying, publishing and orchestrating web services without the (Un)Holy Trinity of SOAP, WSDL and UDDI?

This talk will thoroughly examine this REST phenomenon in terms of its history, its goals, its consequences and where it fits into the Big Picture of SOA. We will also look at exposing existing tools/APIs through RESTful APIs.

If you find yourself interested in talking about REST without people dismissing it as trivial (yeah, but what is it?!?!), unsaleable (yeah, but I am trying to solve problems, not buy tools!) or not SOA (<insert your own joke here -- that one leaves me speechless>), come on by.

By Brian Sletten
Just about every modern software developer has a copy of the Gang of Four "Design Patterns" book sitting on a shelf; many of them have actually read it. The dark secret of the patterns community is that there is often a large gulf between whiteboard simplicity and real-world complexity. Language choice plays a part in the design (and even importance) of patterns. The situation is made even more confusing by the fact that many of the core patterns have now been "voted off the island" for one reason or another. This talk will give a pragmatic overview of the motivations behind design patterns and will focus on applying a handful of the GOF patterns to example scenarios in Java, Ruby and C#. A quick introduction to the role AOP plays in changing the patterns landscape will also be covered.

Attendees will learn about
The benefits and history of patterns in software
How language choice affects pattern implementations
Applying a handful of GOF patterns in code examples
Why there is no DP4J available

Rating: Intermediate
Category: Architecture/Languages, Core Java, .NET
Prerequisites: Basic Java or C# skills

By Brian Sletten
Just as the world is feeling comfortable with the Web, Tim Berners-Lee et al inform us that what we have seen so far is just the beginning. His original plans at CERN were larger and grander. The Semantic Web is the new vision of machine-processable documents and metadata to improve search, knowledge discovery and data integration and management. While there are many naysayers chiding such grand visions, there are also pragmatic and useful technologies emerging that can be applied today.

Attendees will learn:

The history and motivations behind the Semantic Web
The technology stack that will make it happen (including RDF and OWL)
An overview of tools and technologies that are beginning to satisfy the vision

This talk stands on its own, but feeds into the "Experiencing the Semantic Web" talk which is more hands on.

Rating: Intermediate
Prerequisites: This is all so new, most engineers will find something to excite them.

By Bruce Tate
In this session, we'll review the new features of Spring 2.0. If you've been using Spring 1.x, you'll want to hear about the improvements.

This material comes directly from Interface21. The SpringFramework version 2.0 brings tremendous maturity to one of the most successful Java projects of our time. In this session, you'll see

- Radical improvements in the simplicity of context definitions
- Much better AspectJ integration
- Unified user interface strategies, and the continued emergence of WebFlow.

By Bruce Tate
Most conferences will try to tell you that the secret to good software development lies with a process, or a technology, or an architecture. Here's a dirty little secret. You can build working software with an outdated two tier archtiecture, a waterfall process and COBOL. How? By building a great team. These techniques were used to build one of the most unique and complex up and coming Ruby on Rails sites.

By far, the biggest factor in the success or failure of a software project is the quality of your team. Build a great team first, and great software will follow. In this session, we'll explore ways to build effective teams for modern software development. Whether you're a project manager or a technical lead, you need to know how to build the most effective team possible. In this session, we'll look at all aspects of team building, including

- What team sizes are optimal for software projects?
- What tools can help your team communicate?
- How does development process come into play?
- How do you build better software faster?

By Bruce Tate
The state of the art is progressing rapidly, and dynamic languages are driving the revolution. Find out about these topics that will be central to programming. We'll discuss continuation servers, metaprogramming frameworks and functional langauges.

Seaside provides a much richer web development experience than you can find in Java today. Learn how continuations can radically improve your web development experience, and learn what Java frameworks are doing about it.

The programming world is abuzz over the Rails framework, but how many of the ideas are exclusive to Rails? We'll look at Active Record, and discover the fundamental innovations that let it happen. What improvements might be made by Java persistence frameworks, and where does Active Record come up short?

Concurrent programming will come to a head with the introduction of multiprocessor systems. We'll discover just how broken conventional langauges are. Also, see how functional languages solve this problem.

By Bruce Tate
Agile programming is a collection of core principles and techniques that allow software developers to create lighter, more responsive applications, and to have fun doing it. Many established organizations are either openly or sub-conciously hostile to many of the principles of Agile development.

We'll explore the intersection of these new practices and old-world sensibilities, relying on real-world case studies to illustrate some of the compromises that are necessary to bridge the gap. In addition to technical and process aspects, we'll also spend some time talking about the business aspects, such as how Agile development affects contracts.

By Bruce Tate
You can have rapid web development with Rails without losing access to your critical Java code. With the explosion of the Ruby programming language, more developers will need a strategy for letting Java and Ruby interoperate. This session explores two strategies: JRuby and Rails-based web services.

Both Java and Ruby do certain things well. Ruby tends to build web based user interfaces, complete with AJAX integration, very quickly. Java has thousands of libraries and millions of lines of legacy code. How can you combine the two? We'll explore three approaches.

An ambitious integration framework is also under development. The JRuby project recognizes the value of the best possible integration between Java and Ruby. As of today, 90% of the test cases for the Ruby language are passing for JRuby. How much is possible, and what's missing?

Finally, closures and a fantastic XML API make Ruby a fantastic framework for doing integration work with web services. Often, coarse grained integration is enough.

Come learn how to have your cake and eat it too.

By David Geary
In April 2005, annual growth rates for jobs in JavaServer Faces, Struts, and Ruby on Rails were all at about 0%. Today, Struts' growth rate still hovers around 0%, but JSF and Rails have taken off. At the end of 2007, both JSF and Rails were growing at a rate of between 400-500% annually (according to indeed.com).

JSF has passed the adoption tipping point, and is now the Java-based framework of choice, as is evidenced by its ecosystem. From vendors such as MyEclipse and RedHat to open source projects such as Seam, Facelets, and Ajax4JSF, JSF is where the action is.

Come see why JSF is so popular. In this code- and demo-intensive session, I'll show you the fundamentals of JSF.

This session is taught by a member of the JSF Expert Group for JSF 1.0 and 2.0., and co-author of the best-selling book on JSF: Core JavaServer Faces. David will take you through a whirlwind introduction to JSF including what JSF is, how it was developed, and how you can best take advantage of the technology. Here is a list of topics:

Components, managed beans, value expressions, and static navigation
i18n, CSS, and actions
The Faces Context and Faces messages
The JSF Event Model
Using JavaScript with JSF

This introduction to JSF also contains 5 live-code demos, where David will develop a simple, but robust application during the course of the session.

Prerequisite: Some knowledge of Java-based web applications, such as Struts, is a plus, but is not required. If you have a significant experience with JSF, you probably already know most of what's covered in this session.

By David Geary
In 2005, JSF hit its stride, as evidenced from overwhelming support from both vendors and the open-source community. JSF 1.0 had plenty of holes, but open-source projects have arisen to address those needs. This session takes a look at three of those projects: Tomahawk (MyFaces component library) FaceletsSeam

MyFaces is an open-source implementation of the JSF spec. In addition, MyFaces developers got a little carried away and also developed a useful set of custom components that you can use in your own applications, regardless of whether you use MyFaces as your JSF implementation. Those components are now packaged separately from MyFaces under the name Tomahawk.

Facelets is an open-source project from java.net that lets you implement views with Tapestry-like HTML pages. That technique is a powerful feature that lets graphic designers and software developers work separately in parallel.

Seam is a framework from JBoss that provides a component model that unifies the EJB and JSF component models. Seam makes great use of annotations to meld EJBs and JSF components in a seamless fashion (thus the name).

Lots is happening in the JSF space. Come to this talk and learn about these three exciting open-source projects.

By David Geary
JavaServer Faces is a perfect platform for implementing Web 2.0 interfaces with Ajax. This session explores how you can use these two potent technologies--JSF and Ajax--together to create applications that look and behave like desktop applications but run in the browser.

JavaServer Faces, with a mature component model and flexible lifecyle, is a perfect platform for implementing Web 2.0 user interfaces with Ajax. This session explores using JSF and Ajax to create applications that act like desktop applications but run in a browser.

We'll start with a quick look at implementing basic Ajax in a JSF application. Then, once your bloodthirst has been slaked, we'll dive deeper into Ajaxian Faces dynamics with a form completion demo that requires its implementor to understand two simple, but vital facts about JSF.

If you're savvy, you probably use client-side validation to augment your server side validation logic, which parenthetically, is no no-brainer in either of the leading web application frameworks, JSF or Rails. But anyway, client-side validation is old school. All the cool developers nowadays use Ajax to implement realtime validation, where you sneak a trip to the server as an unwary user types into your input fields. But to accomplish that, we'll have to dive even deeper into JSF, with concerns such as accessing view state and accounting for client-side state saving.

All of this Ajax development is great fun, but most of it is best relegated to components and frameworks, which are the topics that will wrap up our session. We'll see how to keep your JavaScript separate from your JSF components and how to pass JSP tag attributes all the way through to JavaScript. Finally, we'll take a look at Ajax4jsf, a JSF component library with a tag library that blends Ajax into JSF in a natural, intuitive way without having to write JavaScript.

As web developers, we've been handcuffed long enough by the shackles of Web 1.0 development. Come to this session and see the brave new world of Web 2.0 development with one of the hottest web application frameworks.

By David Geary
Developing highly interactive web applications, for the most part requires knowledge of a wide array of technologies: HTML, CSS, JavaScript, XMLHttpRequest, JSP, JSF, etc.

With the Google Web Toolkit (GWT), Google turns that notion of development on its head. Instead, you implement Ajax applications by writing almost entirely in Java. You use an AWT-like API, which the Google compiler compiles to JavaScript that runs on the client.

In the early days of Java, application development with the AWT was relatively simple. You had to have a decent understanding of Java and AWT fundamentals, but once equipped with such knowledge, you could dive in and develop some impressive applications.

Ten years later, we have, in so many respects, gone significantly backwards. We've shoehorned technologies such as HTML into shoes for which they were never intended, and for our efforts, we have a mismatch of disparate technologies that one needs to knit together for a truly interactive web application.

This is the first session of a two-part presentation on the GWT, where I'll concentrate on GWT basics: implementing Ajax-enabled applications in Java, internationalization, testing, and remote procedure calls.

By David Hussman
The participants of this session will become agile customers and product owners, using personas to create stories for a sample product development.

The questions around user stories are many, and the list grows larger as their popularity of increases. Many organizations are on their path to adopting stories as requirements vehicles, possibly struggling with story writing as well as finding a way to fit them into their organization. Along with writing stories, this session will cover connecting with product owners and a short review of several tools for tracking and managing user stories.

By David Hussman
This session will focus on tools and techniques for tracking an agile project plan from creation to project completion.

As agile grows, so too do the questions for how to track and communicate progress within the project community as well as to upper management and others interested in progress. We will create a simple plan in a planning tool, and run a mock project, showing how to estimate and use agile planning to communicating progress, addressing missed estimates, scope modifications, and more.

By David Hussman
The presentation will briefly discuss stories, the origin and authoring of story tests, and a demonstration of how FIT and FitNesse (FIT living within a Wiki) can be used to automate acceptance tests.

Agile communities consider stories “done” when the acceptance tests (also called story tests) are shown to the customer. Originally, this was a manual process, but in recent years, several frameworks have been created to automate this process, providing acceptance testing all the benefits of automated unit testing. One of the most popular of these if called FIT, created by Ward Cunningham.

By David Hussman
As with many methodologies, moving agile into an organizations poses larger challenges. Before jumping in, it helps to ask a few questions before "racing toward agility". This session will provide 3 tactical steps that can help your adoption of agile.

There are many factors outside the developer world that can crash all the benefits of agile without regard to its success. This session will provide ways to select agile practices, create a transition plan for adopting agile, and bring people together before trying to adopt new techiniques that are part of agile development. Various tools and techniques will be discussed, and at least part of the session will include Q/A for the presenter to field specific questions about your organization.

By David Hussman
Adopting agile is different for each company, but most companies will go through some amount of change during the adoption of agile.

This session will discuss some of the most common difficulties for adopting agile and provide various plans of attack. The session will start with a listing of issues for the session participants, and some portion of the session will be dedicated to an open forum where the presenter will address the issues collected.

By Jason Hunter
Java's new Metadata facility introduced in J2SE 5.0 defines a way to attach decorations to classes, fields, methods, and even packages that can be extracted by the compiler or runtime tools to provide advanced functionality. Think of metadata as an extended @deprecated flag, or think of XDoclet++. In this tutorial session you'll learn how Metadata fits in the Java platform (and how it compares to the C# platform). We'll cover how to use the metadata attributes provided in the core J2SE libraries and how to write your own. We'll also show a bit of what's coming in JSR-181, tasked to define standard metadata attributes for web services.

Attendees should be skilled Java programmers ready to see what's possible in the latest release and learn to make the most of it.

By Jason Hunter
Greasemonkey is a Firefox extension with a hook to let you run your own JavaScript after each page loads. People have written hundreds of Greasemonkey scripts, each using Ajax techniques, to do everything from making a static page dynamic to changing a page's style to integrating comparison pricing on Amazon pages and giving Google search results easy keyboard shortcuts. Greasemonkey lets you take back control of the web browsing experience -- and teaches you Ajax while you're at it.

In this talk we'll look at about a dozen useful Greasemonkey scripts. Each script provides a benefit in its own right, but like good engineers we'll dissect them to see what makes them tick.

Some scripts we'll cover:

* Tracing XMLHttpRequest activity on a page
* Avoiding the Slashdot effect with auto-links to mirrors
* Replacing a page's CSS design
* Making hidden form fields visible in the page
* Auto refreshing pages
* Browsing the web through Google's cache
* Adding keyboard shortcuts to Google's search results
* Auto-selecting ad-free print versions of online articles
* Working around Google's protection of Google Book Search images
* Comparing book prices inline
* Downloading all the images behind thumbnails
* Using Platypus for graphical page editing of pages you don't own!

Attendees leave this talk having more power over their web browsing and a great tool to get going with Ajax for one.

By Jason Hunter
Web Caching is very important for high traffic, high performance web site but few people know all the professional-level strategies. In this talk I'll share some of the tricks of the trade, including advanced tips from Yahoo's Mike Radwin.

We'll start with the basics: using client-side caches, conditional get, and proxies. Then we'll talk about more advanced features: how best to handle personalized content, setting up an image caching server, using a cookie-free domain for static content, and using randomization in URLs for accurate hit metering or sensitive content.

Attendees should have experience or interest in how the web works and in cajoling the web into doing their bidding.

By Jason Hunter
Open source isn't about a license, it's about human interaction and individual motivation. I've seen open source from all sides. I've been an individual contributor and a project leader. I've worked on commercial and open source efforts, and have both helped commercial projects go open and designed ways for open projects to absorb commercial codebases. I've been on the front lines in the Apache/Sun negotiations on open source Java that ended on the JavaOne keynote stage with Scott McNealy. In this talk, I'd like to share my favorite stories in and around open source and the lessons they teach us.

* What it was like to take the servlet engine Tomcat from a Sun internal project to an Apache open source project

* How Jakarta changed Apache's character

* How *not* to think about Apache

* The pros and cons of leading the JDOM project

* Why JDOM is not part of Apache

* Why my latest coding work isn't open source

* How companies can best utilize open source and open source ideas

* The past, present, and future of open source Java

By Jason Hunter
The new Java 5 release introduces a number of significant Java language enhancements: generics, typesafe enums, autoboxing, an enhanced "for" loop, a static import facility, and a general-purpose metadata facility. This talk gives an overview of the changes and helps you understand what all the funny new syntax means.

The main new language topics covered:

* Generics, also called "parameterized types", which let you specify the type of objects used in a collection, among many other things.

* Autoboxing, that lets you implicitly convert from primitives to reference types, and vice-versa.

* An Enhanced For Loop, that lets you iterate over arrays or collections with half the code as before.

* Typesafe Enums, to create object-oriented, extensible enumerated values.

* Static Imports, to put into scope static methods and fields.

* Varargs, that allows methods to accept an arbitrary number of parameters.

* A Metadata Facility, allowing decoration to classes and methods for later tool consumption. Covered in more depth in the "Java Metadata" talk.

* Random new Library Features, like the ability to control external process launching, output formatting, and input scanning.

This talk describes the proposed changes and shows how they work together to improve the Java language. We also take breaks to see how closely Java matches the C# designs!

Attendees are assumed to be competent Java programmers.

By Nathaniel Schutta
Seemingly overnight, Ajax has gone from an obscure acronym to, well, having conferences devoted to it. People are often surprised when they learn that Ajax isn't really anything new - so if it's yesterday's technology, why all the hype? This talk will examine the course of events that led up to the current love affair with richer client applications. We'll talk examine the technologies that power an Ajax application and discuss how to work with them - and then we'll examine a number of frameworks that will do much of the heavy lifting for us!

Once we understand the techniques of Ajax, we'll touch on where (and where not) it's appropriate for your application finishing off with some common gotchas.

By Nathaniel Schutta
While some companies have the luxury of a full time usability team, most of us have to make do on our own. Sure, it might be easier (and more comfortable) to focus on all the hip back end goodness, but if your user interface makes users yack, your product is doomed.

This talk will provide an overview of usability from the perspective of the software engineer.

By Neal Ford
This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques.

Building secure web applications is difficult. Common trivial mistakes in other programming environments break web applications. This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques. The material in this session is derived from the Open Web Application Security Project (OWASP) and other sources. It covers the OWASP top 10 list of vulnerabilities (including examples). It also demonstrates some (legal!) hacker tools that malicious developers use against you. This session includes case studies showing complete attacks, from vulnerability acquisition to compromise. It also covers open-source tools (such as Stinger) that automate some of the security jobs for developers. This session is designed to scare you – but in a good way!



Key Session Points:

* OWASP List of Vulnerabilities

10. Insecure configuration management
9. Denial of service
8. Insecure storage
7. Improper error handling
6. Injection flaws
5. Buffer overflows
4. Cross site scripting flaws
3. Broken authentication and session management
2. Broken access control
1. Unvalidated input

* Security Tools and frameworks
* Case Study: Hacking Oracle through a browser
* Case Study: Cross-site scripting
* Case Study: SQL Injection

By Neal Ford
This session delivers 10 techniques for improving your code, whether you are freshly graduated or a grizzled veteran.

Even the most competent programmer falls into habits and coding ruts. This session delivers 10 techniques for improving your code, whether you are freshly graduated or a grizzled veteran. It is derived from many sources, including other languages (Smalltalk, Lisp, Java, and others), and techniques and idioms we have developed teaching developers. It also consolidates information from books that delve into the craft of writing good software. The goal is to create code that is easier to read, maintain, debug, and enhance.

Key Session Points:

1. Names of Things


2. Composed Method


3. Apply the Unix Philosophies


4. Syntactic Stuff




• Constants


• Enumerations


• Common Methods: equals() && hashcode()




5. Orthogonality


6. Compactness


7. The Pragmatic Rules


8. Template Method


9. Bad Inheritance


10. Decoupling with Interfaces

By Neal Ford
This session discusses techniques and tools for debugging enterprise applications (without using System.out.println()!)

It's an interesting dilemma – we have the best tools for software development ever, yet developers are still debugging enterprise applications using ystem.out.println()! This session discusses techniques and tools for debugging enterprise applications. It shows how to perform remote debugging through all the major IDEs, either on the same machine or across a network. It also shows how to debug using the command-line jdb debugger (the only one guaranteed to always be available).This session shows how to debug web, EJB, and lightweight enterprise applications. It discusses class loaders, interactive enterprise debugging with Groovy, and how to automate repetitive tasks using JWebUnit and Selenium, making the computer do work for you instead of vice versa (how many times do you have to walk multiple pages through a web application to get to the point where you can debug it?). This session shows you how to automate these and other common debugging tasks. The goal is to make hunting and eliminating bugs in complex applications much easier.

Key Session Points:
• Setting up remote debugging in IDE's
   o Eclipse
   o IntelliJ
• Effective remote debugging
• When it's all you've got: jdb and enterprise applications
• Forensic debugging using loggers
• Debugging web applications
   o Inspector
   o Bookmarklets
• Debugging EJB
• Debugging in lightweight frameworks
• Interactive Debugging with Groovy
• Automating debugging tasks
   o JWebUnit
   o Selenium

By Neal Ford
Is Service Oriented Architecture the next wave of distributed computing or just the same old crap in a shiny new package? This session provides an overview of what most people agree is the definition of