Ken Sipe

By Ken Sipe

You are using Java, whew!!! No need to worry about memory, the garbage collector will handle that. Those who have had a memory issue in Java are not so naive any more. Often memory utilization and heap sizes are an after thought and are not recognized until the application is in production, often caused by application uptime, production request volume or production sets of data. When the OutOfMemory Error occurs, often the science of development seems to brake down and knobs are turned. First the (-mx) maximum heap space gets adjusted... More is better right. The next OutOfMemory, heads start scratching, code reviews start in earnest, and Google gets several new hits. Did you know that it is possible to get an OutOfMemory error without running out of heap space?

This talk will walk through the underlying details of memory management in the JVM with a focus on VM flags available to help configure the VM. However we can't configure the VM without a detailed understanding of what is going on inside the VM. We'll focus on tools available for analyzing the memory in a running VM. Two actual client case examples will be presented. We'll discuss the differences between the two cases and why the end configurations were quite different.

By Ken Sipe

A live Hacking demonstration exposing the tools and techniques used by Hackers.

A look at the growing space referred to as ethical hacking or penetration testing. We'll look at example attacks which include: Client-side exploits Sql-Injections Brute force attacks Man-in-the-middle attacks Key logging

By Ken Sipe

Spring 3 pushes the use of annotations to another level, through the recognition of industry standard annotations and the introduction of spring specific annotations. The heavy use of annotations comes with new design approaches to software development, which I call Annotated Driven Development (ADD). Whither you have ADD or what ADD, this session will focus on the new dynamics of annotated development.

This session will focus on how Spring 3 and annotations easy some pains in software development. In this session we will build a demo application using an ADD approach.

Prerequisite: java 5

By Ken Sipe

So your server is having issues? memory? Connections? Limited response? Is the first solution to bounce the server? Perhaps change some VM flags or add some logging? In todays Java 6 world, with its superior runtime monitoring and management capabilities the reasons to the bounce the server have been greatly reduced.

Combined with proper JMX instrumentation, the need to bounce the server may be eliminated for all but the rarest of cases.

This session will look at the Java 6 monitoring and management capabilities, which includes the ability to make VM argument changes on the fly. In addition to what is provide in the JDK, a number of freely available management tools will be demonstrated.

By Ken Sipe

This session is a quick look at all aspects of being a corporate software architect. Whither you are a developer looking to move into the role of architect, needing to have an understanding of what is expected or already in the role of software architect looking for new and interesting ideas, this session is for you.

This session is designed to be a jam session on all aspects of software architecture and many of the roles of software architect. The The following subject areas will be covered: - Software Development Process - Project Key Mechanisms: Languages and Frameworks - Security: Threats, Securing Code Review, Adding Security to you process - Layers, Partitions and Topologies - VM Optimizations - Usability and User Experience - Optimizing the Web - Ready for Production: Monitoring - Integration - Data Modeling

By Ken Sipe

The Spring Framework has led the industry in innovation for years. Starting with dependency injection and promoting testing through removal of framework dependencies. Spring 3.0 continues that innovation in a way that takes full advantage of the Java 5 platform. There are a number of significant changes to the framework. So whither you are new to the framework or an experience Spring developer, this is a great session to come up to speed on the latest from SpringSource.

This will cover all the new features in Spring 3 complete with demos. This will include a look at the following: - Spring MVC - Spring REST - Spring EL - Spring Portlet - Spring Declarative Validation

Prerequisite: Java 5

By Ken Sipe

The agile focus of software development puts heavy focus on user requirements through user stories. However we can not lose sight of the non-functional requirements as well. The software could be written to the exact specification and desire of the user, however if it takes 5 minutes for a request response, or it only supports 2 users or it isn't secure, then we still haven't done our jobs as developers.

This session will focus on the non-functional requirements of software development, namely: Performance, Scalability, Security, and Software Monitoring and Management. Each subject area discussion will include, goals, design practices, tools, and where it fits in the software development life-cycle.

By Ken Sipe

As you rise through the organization from developer to architect or manager, there are different skills which must be honed in order to maximize your influence. As evident by the open source community, technical leadership is more dependent on influence then it is on authority. This session will focus on skills development, dynamics in a corporate environment and community building.

This session will discuss key interpersonal skills and how they can affect your projects and career. We cover how to positively connect with humans, how to participate in and influence the business processes you support, and how to transcend your technical role and maximize your connections with all members of your organization.

We'll examine the dynamic nature of large organizations – their structures, decision making processes, and political landscapes. We’ll discuss the goals of key business and technical decision makers and their influence on architects and software projects. We’ll conclude with some strategies for maximizing the soft skills to ensure successful outcomes for your projects and career.

By Ken Sipe

The number of options for web frameworks seem to be consolidating. From the start, Spring MVC was a contender but was a "me too" in a sea of framework options. It was an obvious choice for request centric shops which are ready were committed to Spring. Spring 3.0 MVC with web development through annotations changes the game completely.

This session is focused completely on developing web development through Spring annotations. This includes Spring MVC, working with forms, along with solutions which were not easily possible with Spring without annotations. Additionally we will look at Spring JavaScript and the AJAX solutions Spring brings to the table.

Prerequisite: Java 5

By Ken Sipe

This session describes management of Java resources using the Java Management Extensions JMX API. JMX provides a unified framework to instrument Java systems with monitoring and management capabilities.

This session covers JMX 1.2 specification, system monitoring, management needs, and the creation of agents which dynamically manage resources based on monitoring. We cover many of the new features of the Remote JMX access.

The JMX support in Spring provides features to easily and transparently integrate Spring applications into a JMX infrastructure. Some of the tougher tasks of JMX develop are made easy with Spring. We'll look at automatic ObjectNames, automatic registration and remote connector proxies as we review Spring's JMX features.

By Ken Sipe

Spring 3 is brand spanking new, with a number of fantastic features. With growth of large and complex Spring applications which struggle with xml manageability and with the added pressure of Guice and SEAM there is a push for less XML, with solution leaning towards annotations. Spring 2.5 adds to the toolset provided in Spring 2.0 to provide a development environment where XML is greatly reduced... or eliminated if you so choose.

The session walks through the new Spring 2.5 enhancements, then dives deep into annotation oriented injection. The demonstrations include standard applications as well as a look at the new Spring MVC.

By Ken Sipe

Well the standards created EntityBeans.... yea. and the community created Hibernate. Fortunately the standards body learned some lessons and created JPA. JPA requires a vendor implementation and none make a better choice then Hibernate. Combined with Spring this trio is a powerhouse when it comes to developer productivity on applications requiring persistence.

This session will look at in detail the persistence capabilities of the latest Spring 3 and how to provide data access capabilities, including nicely added features for unit tests. We'll focus the persistence discussion on JPA and examine a number of ORM mapping scenarios and how JPA maps to them. We'll focus on the spring integration including transactional capabilities.

By Ken Sipe

Grails brings together the best of breed frameworks on the JVM that allows for a quick time to market rollout of a project. As important as time to market and quality is there is still one thing that requires and demands some time and attention: Security! There is a growing threat with 75% of todays hacking attempts attacking the web tier.

This session will look at OWASP's top ten list and provide code examples of what to look for during code reviews and how to fix sql injection and cross site scripting (XSS). We'll look at several of the grails security plugins and how to best leverage them to protect web application resources.

By Ken Sipe

Companies have focused for years to solidify the back-end infrastructure in defense against hacking attempts. Most companies however are forced to open up many ports including port 80 (http) for users to access web applications among other resources. This has lead to web attacks growing to be the #1 classification of hacker attacks today. In this space Cross Site Scripting (XSS) is the #1 ranked vulnerability affecting a large number of sites. This evolution requires that the understanding of securing an application move beyond sys admins and incorporate all aspects of system delivery for the protection of a system and system resources.

This session will detail what XSS is, including a large number of vectors of attack. We will review information from several OWASP development guides, along with code review tips when focused on XSS. An enabling aspect of XSS is AJAX and in particular JavaScript, for which we will focus on techniques and frameworks to help secure the DOM. Attendees will learn the techniques necessary to help XSS-Proof their web applications.

By Ken Sipe

When it comes to cross cutting software concerns, we expect to have or build a common framework or utility to solve this problem. This concept is represented well in the Java world with the loj4j framework, which abstracts the concern of logging, where it logs and the management of logging. The one cross cutting software concern which seems for most applications to be piecemeal is that of security. Security concerns include certification generation, SSL, protection from SQL Injection, protection from XSS, user authorization and authentication. Each of these separate concerns tend to have there own standards and libraries and leaves it as an exercise for the development team to cobble together a solution which includes multiple needs.... until now... Enterprise Security API library from OWASP.

This session will look at a number of security concerns and how the ESAPI library provides a unified solution for security. This includes authorization, authentication of services, encoding, encrypting, and validation. This session will discuss a number of issues which can be solved through standardizing on the open source Enterprise Security API.

By Ken Sipe

First in the Java Build space there was ANT, and there was a reliable way to build without an IDE. Then there was Maven, which provided standardization in build life-cycles and dependency management. Now... Enter the Gradle, which provides convention over configuration approach to the build process and an approach at building that isn't based XML.

This session assumes no familiarly with Gradle as it introduces this needs approach at building projects. It is very helpful to be able to read and understand groovy to get the most from the session. This session will look at multi-language or polyglot projects, as well as integration to ANT and Maven. It will conclude with building custom plugins for the gradle build process.

Prerequisite: Some Groovy helpful

By Ken Sipe

REST as an architectural approach is greatly simplified through the selection of framework or tool to help with the tedious and repetitive template style that it demands. Until recently, some of the best approaches where through frameworks that required the use of languages other than Java, such as Rails or Grails. In the Java space, the choices were limited. The newly released Spring 3 changes that. One of the most significant changes in Spring 3 is it’s support for REST, which includes client as well as server support.

This session will start with a 5-minute explanation of REST answering the why question. Then we’ll dive down into Spring 3 annotations, which are used to support the build out of a REST based system. This will include discussions on suggested approaches. Along the way tools for testing out REST solutions will be discussed and demonstrated. The session is rounded out with the use of the restTemplate, leveraging REST from the client perspective.

Prerequisite: Java 5

By Ken Sipe

The agile development process is all about early and often feedback. One aspect of feedback is how is the team doing... Are we accurate in our estimates? Are we consistent in our velocity? As velocity varies, what is it telling me?

This session will focus on the art of estimating project stories and look at several techniques of assigning "points" to stories. We will discuss the advantages and disadvantages of the varies approaches of point assignment. Regardless of the point system, the end result at the end of the iteration is a number... velocity. We will look at the value of velocity and contrast that with other feedback loops with the agile process.