Ken Sipe

Presentations

Debugging your Production JVM

So your server is having issues? memory? Connections? Limited response? Is the first solution to bounce the server? Perhaps change some VM flags or add some logging? In todays Java 6 world, with its superior runtime monitoring and management capabilities the reasons to the bounce the server have been greatly reduced.

Combined with proper JMX instrumentation, the need to bounce the server may be eliminated for all but the rarest of cases.

This session will look at the Java 6 monitoring and management capabilities, which includes the ability to make VM argument changes on the fly. In addition to what is provide in the JDK, a number of freely available management tools will be demonstrated.

Enterprise Security API library from OWASP

When it comes to cross cutting software concerns, we expect to have or build a common framework or utility to solve this problem. This concept is represented well in the Java world with the loj4j framework, which abstracts the concern of logging, where it logs and the management of logging. The one cross cutting software concern which seems for most applications to be piecemeal is that of security. Security concerns include certification generation, SSL, protection from SQL Injection, protection from XSS, user authorization and authentication. Each of these separate concerns tend to have there own standards and libraries and leaves it as an exercise for the development team to cobble together a solution which includes multiple needs.... until now... Enterprise Security API library from OWASP.

This session will look at a number of security concerns and how the ESAPI library provides a unified solution for security. This includes authorization, authentication of services, encoding, encrypting, and validation. This session will discuss a number of issues which can be solved through standardizing on the open source Enterprise Security API.

Agile Velocity

The agile development process is all about early and often feedback. One aspect of feedback is how is the team doing... Are we accurate in our estimates? Are we consistent in our velocity? As velocity varies, what is it telling me?

This session will focus on the art of estimating project stories and look at several techniques of assigning "points" to stories. We will discuss the advantages and disadvantages of the various approaches of point assignment. Regardless of the point system, the end result at the end of the iteration is a number... velocity. We will look at the value of velocity and contrast that with other feedback loops with the agile process.

Spock - Unit Test and Prosper

Spock is a groovy based testing framework that leverages all the "best practices" of the last several years taking advantage of many of the development experience of the industry. So combine Junit, BDD, RSpec, Groovy and Vulcans... and you get Spock!

This is a significant advancement in the world of testing.

This session assumes some understanding of testing and junit and builds on it. We will introduce and dig deep into Spock as a test specification and mocking tool.

Web Security Workshop

As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.

This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.

The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.

Attendees will come away with the following skills / capabilities: - threat modeling - security audit plan - introduction to Pen testing - key / certificate management - fixing web application security issues

Don't be the weakest link on the web!

Continuous Delivery Best Practices

There is a new “movement” in software development circles called DevOps. It is about the automation of development best practices as well as the automation of the deployment pipeline. Answer this question, “How long does it take your organization or team to push 1 line code of change into production?” That’s what this session is all about.

See what LinkedIn is doing… a company who is pushing production releases multiple times a day. Their approach may not be best for you, but we can learn from it. This session will look at all aspects of automating the delivery pipeline with a focus on “Continuous Delivery”, a term coined in the Agile Manifesto.

Getting Agile Right!

Whether you are just getting started, or you’ve made an attempt and well… it could be better… a lot better, this session is for you. Ken has been working on Agile projects as a coach and mentor for a number of years. Come discover the common reasons teams fail to get it right. Bring your own challenges and lets discuss. This is set to be an engaging and illuminating discussion.

This can be a dynamic discussion where challenges facing attendees may have us to focus on some areas and tips of agile development. We will certainly talk about how team or management choices to deviate from core agile practices add risk to a project with suggestions on how to resolve many of these challenges.

MongoDB: Scaling Web Applications

Google “MongoDB is Web Scale” and prepare to laugh your tail off. With such satire, it easy to pass off MongoDB as a passing joke… but that would be a mistake. The humor is in the fact there seems to be no end to those who parrot the MongoDB benefits without a clue. This session is about getting a clue.

Get past the hype and hyperbole associated with NoSQL. This session will introduce MongoDB through live working sessions demonstrating the pros and cons of MongoDB development. The session will then focus on a recent short project focused on large scale. We’ll discuss database design to support high scale read access. Throughout this case study we will discuss the consequences of the MongoDB choice. The session will finish with a review of the production topology to support growth in scale.

Groovy Power Tools

Groovy has been around for some time and is generally recognized as a highly productive object-oriented language with a tight association with Java. Groovy seems to be going through a second wave of popularity with a more diverse repertoire of benefits, including building, deploying and testing, in addition to rapid web development. The fastest growth of productivity tools are all powered by Groovy. Discover the Groovy Truth!

This session will start with a short introduction to Groovy and will walk through a number of groovy tools that can increase the speed of delivery of any Java software development shop. We will review the following Groovy Power Tools: - Spock - the best unit testing and mocking tool available to a Java developer leveraging the value of a testing DSL - Gradle - the fasting growing build tool for compiling and building Java-eco system projects. - Geb - A groovy DSL on top of Selenium for driving web testing - Glu - The groovy way to deploy and manage Java deployments in production - Grails - The groovy way to develop a web application against a relational database

Exploring the Amazon

developing leveraging amazon services - s3 images, and storage - ec2 - oauth

coming

Gradle Plugin Development

Deep Dive into Plugin development...

coming

Complexity of Complexity

Of all the non-functional requirements of software development, complexity receives the least attention and seems to be the most important from a long term standard point. This talk will look at some of forces that drive complexity at the code level and at a system level and their impact. We will discuss what causes us to over look complexity, how our perception of it changes over time and what we can do about it?

In this session we will break down the meaning of complexity and simplicity and measure the application of those means against the common software development dogma. Looking at common development trends and pressures, we'll discuss where simplify does and doesn't help. We will examine areas of development which at first glance seem to be simple (such as the creation of an equals method in Java), that end up being difficult or impossible based on normal constraints. We will example the drivers of complexity with some discussion on what you can do about it. This session will finish with a discussion around several challenges to high scale software architectures and how to keep it simple.

Networks for Programmers

In the words of John Gage, "The network is the computer". At the heart of everything we do is a complex system of infrastructure from which we are often abstracted. For general application development this abstraction provides the convenience of simplifying our efforts. With a growing number of mobil applications with intermittent connectivity and higher latency, and with increased hostility on the network from a security standpoint, there is great value in pulling back the curtain and understanding the details of this computer.

This session will start with the underlying understanding of networking at a low level. At this level we will discuss, IP, MAC, ARP, DNS and DHCP. As we walk up an abstraction level, we discuss sockets, NAT, gateways and firewalls along with the use of TCP and UDP. Spending some time at this layer can make network developers more productive, as we look at tools which help us answer the question, "who owns this port?", "where is this packet going?" and "What is my latency and why?".

The session will end with a little fun looking at wifi, where will we sniff, snort, crack:) From a security stand point we will look at the challenges of wifi and how it has become the weakest component on the net.

This session is extremely fast-pace. The attendees will come away with a more enhanced understanding of the this thing we call the internet. It will include through discussion or demonstration tools such as tcproute, tcpdump, nemesis, nmap, tcpmon and wireshark.

OOP Principles

For decades object-oriented programming has been sold (perhaps over sold) as the logical programming paradigm which provides “the way" to software reuse and reductions in the cost of software maintenance as if it comes for free with the simple selection of the an OO language. Even with the renewed interests in functional languages, the majority of development shops are predominately using object-oriented languages such as Java, C#, and Ruby. So most likely you are using an OO language… How is that reuse thing going? Is your organization realizing all the promises? Even as a former Rational Instructor of OOAD and a long time practitioner, I find great value in returning to the basics. This session is a return to object-oriented basics.

This session is intended to balance the often-touted theoretical object-oriented practices with lessons from the real world. The session will start with a review of some of the basics regarding abstractions and encapsulation. Although simple concepts, we will push the boundary of how these techniques are applied. We will discuss the difference between analysis and design and how that is reflected in our code. We will also look at the limitations of Java the language as outlined in Josh Block’s book “Effective Java”. The session will go past the basics of object-oriented principles and into what our true goals of development really are.

Intro to Kotlin

JetBrains

coming

Hacking Workshop

The net has cracks and crackers are among us. With all the news of security failures, it can be a challenge to know what is FUD and what is really at risk and to what extent. This session isn’t about hacking an application together nor is it about coding a solution. It is about looking at the network and network infrastructure and understanding some of its weaknesses. This workshop is a 50% mix of lecture / discussion and hands on attacking in order to best understand the challenges.

The labs will require the use of: - a virtual machine with BackTrack 5 - a wifi adaptor - and a laptop.

We will have ISO installations of BackTrack 5 for you to install on your VM. It is best if you have this pre-installed, it can be downloaded at http://www.backtrack-linux.org/ . In order to run backtrack, you will want to install this to a virtual machine, if this is new to you, pick up virtualbox or vmware.

The wifi adaptor needed is an Alfa AWUS036H or Alfa AWUS036NHA. You will need 1 of these external adaptors. There are ~ $30 at amazon.

Through the labs we will: - Disassociate wireless traffic - Crack a WEP key - Learn to break through a WPA device - Scan for open ports

The Elusive Truth and False Dichotomies in a Broken Reality

"To say of what is that it is not, or of what is not that it is, is false, while to say of what is that it is, and of what is not that it is not, is true" -- Aristotle

This talk is a fun look at what is true, or what we think is true... how we know what we know or think we know and what it depends on. Through the evening we will learn about every day dichotomies that can lead to black and white thinking. We will use a dichotomous key to learn such things as; is a tomato a vegetable or a fruit? Is a carrot a vegetable or a fruit? As we reveal the truth, we will see how the perceived norms of the world are broken and in what way they are broken. With this new found knowledge we will discuss how to detect it and correct it. These are the foundational skills of the master craftsman... and that's the truth!

GCD: Groovy

Groovy Continuous Delivery Series on Groovy.

TBD

GCD: Testing and Quaity

Groovy Continuous Delivery Series on Unit Test, Continuous Integrations and Code Quality applied to a Java Web Development Environment.

TBD

GCD: Building

Groovy Continuous Delivery Series on Building a Java Project. This is a session on Gradle.

TBD

GCD: Deployment and Monitoring

Groovy Continuous Delivery Series on Deployment and Monitor though groovy scripts and GLU.

TBD

Groovy Meta-Programming

Advanced groovy techniques

TBD

Making Testing Groovy in a Java Development World

intro to spock

tbd

Mocking, Stubbing and Spying with Spock

The Spock unit testing framework is on the verge of a 1.0 release and has already proven itself to be the next generation thinking on how to test Java production code. One of the many ever present challenges to testing code is the ability to Mock classes which has simplified by Spock from a very early release. Recently added to Spock is the notion of Stubs and Spies.

This sessions is designed to demonstrate proper unit testing technique showing off these new features along with a number of advanced Spock features.

Spock Workshop

applying spock in a work shop, from adding the dependencies in the build script to writing unit tests against a java project.

tbd

Gradle Workshop

hands on the gradle

tbd

Architectural Case Studies

There is nothing better than looking at real-world examples to understand project failures and project successes. This session is intended to be an open conversation, based closely to a birds of a feature (BOF) session, however it will have a series of "that happened to me" topics throughout discussed from the perspective of technology.

Discussed will be a clients dating back from 2005. The actually client and there name will not be revealed, but the industry, the contraints and some of the outcomes will.