• Home
  • Events
  • About
  • Hackergarten Welcomes Jazoon on Wednesday Night

    May 31st, 2010
    If you are reading this then you are quite likely a Jazoon 2010 attendee looking for more information about the mysterious “Hackergarten Jazoon” session blocked in your Wednesday night conference schedule. Welcome Aboard! Here is what you can expect:
    1. A room will be announced when we know it
    2. Drinks and food will be provided by Canoo
    3. During the evening, everyone will try to contribute in some way to an open source software project.
    Here are some of the contributions we made at past Hackergartens:
    * A Twitter plugin for the Gradle build system
    * A Growl/Notification plugin for Gradle
    * Several Swing related plugins for the Griffon application framework
    * A Grails Elastic Search plugin
    * An inhancement to the Groovy language to aid logging
    We have several ideas for projects to work on, but please feel free to show up with your own or leave a comment here with your idea. The past events have been Groovy focused, but Java, Scala, Clojure or whatever are all perfect.
    As people show up we Canooies will help you find other people with similar interests. Once you have 2-6 people in your group then it is up to you to start working. In the past, the most effective project groups are around 5-6 people, which creates 2 or 3 pair programming teams. Any larger than that and you spend too much time organizing yourselves. Near the end of the night you should wrap up your work and submit a patch to the project. Canooies are around to help you with patches, version control, tools, expertise, or anything else you might need.
    Here are some of our project ideas, but please leave a comment here with your own! And remember, you have at most 4 hours so think small. There is no project too small… a 2 line patch is the Open Source developer’s equivalent of a CHF 10 bottle of wine. It might not be appropriate to the current meal, but it is almost always appreciated.
    Griffon-Hudson Plugin  similar to the Grails plugin – http://wiki.hudson-ci.org/display/HUDSON/Grails+Plugin
    Griffon Substance Look and Feel Plugin
    Groovy Static Analysis Rules – Similar to Find Bugs but for Groovy
    Groovy @Log Transformation extensions – There is some small work to do in Groovy Core
    Find Bugs statis analysis rules for Java
    Gradle Find Bugs plugin
    Gradle JavaNCSS plugin
    Post your ideas below, and see you on Wednesday.

    If you are reading this then you are quite likely a Jazoon 2010 attendee looking for more information about the mysterious “Hackergarten Jazoon” session blocked in your Wednesday night conference schedule. Welcome Aboard! Here is what you can expect:

    1. A room will be announced when we know it
    2. Drinks and food will be provided by Canoo
    3. During the evening, everyone will try to contribute in some way to an open source software project.

    Here are some of the contributions we made at past Hackergartens:

    • A Twitter plugin for the Gradle build system
    • A Growl/Notification plugin for Gradle
    • Several Swing related plugins for the Griffon application framework
    • A Grails Elastic Search plugin
    • An inhancement to the Groovy language to aid logging

    We have several ideas for projects to work on, but please feel free to show up with your own or leave a comment here with your idea. The past events have been Groovy focused, but Java, Scala, Clojure or whatever are all perfect. A few of the speakers have said they would attend and Griffon project lead Andres Almiray will be there. Pairing with an expert is a wonderful way to learn.

    As people show up we Canooies will help you find other people with similar interests. Once you have 2-6 people in your group then it is up to you to start working. In the past, the most effective project groups are around 5-6 people, which creates 2 or 3 pair programming teams. Any larger than that and you spend too much time organizing yourselves. Near the end of the night you should wrap up your work and submit a patch to the project. Canooies are around to help you with patches, version control, tools, expertise, or anything else you might need.

    Here are some of our project ideas, but please leave a comment here with your own! And remember, you have at most 4 hours so think small. There is no project too small… a 2 line patch is the Open Source developer’s equivalent of a CHF 10 bottle of wine. It might not be appropriate to the current meal, but it is almost always appreciated.

    • Griffon-Hudson Plugin similar to the Grails plugin
    • Griffon Substance Look and Feel Plugin
    • Groovy Static Analysis Rules – Similar to Find Bugs but for Groovy
    • Groovy @Log Transformation extensions – There is some small work to do in Groovy Core
    • Find Bugs statis analysis rules for Java
    • Gradle Find Bugs plugin
    • Gradle JavaNCSS plugin

    Post your ideas below, and see you on Wednesday.


    Jazoon '09: Some final thoughts

    June 26th, 2009

    A day after the fact and I feel that my time spent at Jazoon ’09 was definitely worth while. I attended some genuinely top-quality talks, had some great discussions with peers and potential clients; plus I got to meet the man who started it all: James Gosling.

    Conference host Christian Frei finished last the conference night with some thanks to everyone who doodled on the James Gosling campaign and for the Java Rookies. He noted that Jazoon ’09 had 20% more visitors than 2008, which is not what one might expect under the current financial climate… but is certainly encouraging.

    So three cheers for Jazoon ’09! Three more cheers for Jazoon 2010!!!


    Jazoon '09: Deploying Java apps from a website

    June 26th, 2009

     

    Session title: Wuala Webstart – Launching a Java Application directly from a Website
    Speakers: Luzius Meisser – Caleido AG / Wuala

     

    LuziusMeisser

     

    Luzius describes Wuala (which I’ve never heard of until now) as an all for offline file-storage. The goal was to make this available in as many contexts as possible, and to get the app up and running as fast as possible, which resulted in them creating their own webstart implementation.

    In the speaker’s implementation of webstart he demonstrates how the app starts before the complete app is loaded… which if I’m not mistaken is also possible in Java webstart.

    The strategy: Load a trusted applet, copy loader.jar into a temp folder and run it. Now RCP exists as it’s own process and consequently survives browser closure…

    On the server-side the apparently smart webstart server (the server counterpart to loader.jar) “learns” which classes are needed first and subsequently delivers the app faster and faster with time.

    Some extremely wordy slides are shown which are impossible to read because Luzius is talking. To read or to listen? That is the question.

    What I’m extracting from this mix of written and spoken words is that their webstart solution enables quicker downloads and updates than conventional Java webstart.

    Summary: This short talk was a little confusing to follow until I realised that I was hearing about two technologies: (a) Wuala – the offline file storage solution; (b) The unique webstart implementation – which was developed in order to improve Wuala’s quality. Nevertheless, I found it quite interesting to learn of the existence of Wuala… 20 minutes well spent.


    Jazoon '09: Addressing security in the agile process

    June 25th, 2009

     

    Session title: Agile and Secure; Can we do Both?
    Speakers: Jason Li & Jerry Hoff, Aspect Security

    Jerry Hoff and Jason Li of Aspect Security

     Goal: To try to get developers to think about security early on in the development process.

    Jason begins with a brief description of a common security flaw (in AJAX apps at least) XSS, which typically involves replacing regular text with a malicious piece of JavaScript. Example attack: The JS steals the end-user’s cookie by querying the DOM. A cross-site request forgery might subsequently be mounted by using the stolen cookie from within a new application context such as mail in order to delete all the users mail.

    Another example – SQL injection – is when part of a SQL statement is replaced with a semi-colon followed by another statement e.g. DROP TABLE… which is obviously bad news.

    With that whirlwind tour of web security… how to fix the process which results in such errors?

    Speakers refer to the waterfall and explain how in each of the chunky phases activities include (or should include) security; security requirements, security design etc…

    Speakers then argue that embellishing the highly iterative agile process in the same way as was done for waterfall is not practical. Blogger agrees… the granularity of the activities is too fine to permit the kinds of security analyses which are required. So what’s the solution?

    They recommend…

    Leveraging user stories

    Prerequisite step: Ensure that all developers have received adequate security training

    Another prerequisite step: Get management to fund this (gets a laugh!)
    Alternatively: The OWASP Open Web Application Security Project is an organization providing resources which provides heaps of information on attacks points and solutions for these.

    Leverage unit testing… and include security tests in the unit tests. This is obviously particularly effective in a continuous integration environment.

    To speed up this process, use common security components such as those at Open Enterprise Security. Organizationally, this needs to be communicated across the development team(s).

    Leverage and consolidate sprints… and ensure that all security stories are included in each sprint. For dealing with security stories which don’t fit into any particular sprint, run sprints that are focussed solely on security.

    Great line (paraphrased): Web apps are a kind of “perfect storm” comprising a complex mixture of technologies, which results both in a large attack surface area as well as numerous subtle edge cases which make us more vulnerable.

    Couldn’t agree more!!!

    I found this talk excellent both stylistically and, more importantly, in terms of content. There are still voices out there which claim that agile in some way incompatible with quality. Talks like this should go some way to quell those remaining voices. Although the pair used AJAX’s inherent security vulnerabilities to highlight the necessity for a systematic approach to security in agile environments, much of what they recommend applies to any agile environment, whether it is creating AJAX applications or not.


    Jazoon '09: Activity Based Costing and the Cloud

    June 25th, 2009

    Session title: Metering the Cloud, applying ABC from code profiling up to performance cost management of cloud computing
    Speaker: William Louth, JINSPIRED

    To quote Monty Python: And now for something complete different.

    WilliamLouth

    William correctly notes that ABC is an accepted accounting practice.

    Novel: A movie excerpt (THX1138). In the portrayed world every activity has a budget. (The chase ends when the chaser’s budget runs out.) William claims that the cloud will operate in an analogous manner to this world. Business will demand a breakdown of the activities which result in a given total cost. They will do this so they can subsequently optimize their resource usage and reduce costs.

    The speaker describes (and seemingly accepts) the assumption that the lower the cost, the higher the efficiency. For example, if I can identify that my persistence costs are high I may choose an alternative persistence provider.

    Blogger thinks: What a horrible world this would be, where cost becomes the sole consideration at the expense of all other quality attributes. What about uptime, response time, throughput? But come to think of it: Isn’t this how companies have been thinking ever since the bubble burst!? For that matter maybe this is how businesses have been thinking since the invention of Taylorism.

    Continues… billing will be required on various levels: Across groups and aggregated services.

    The Jinspired product “Probes” enables the monitoring of high-level entities e.g. user, house, washing machine etc. as opposed to simply methods, which is what most probing software focusses on. AspectJ is used to inject probes into code.

    The Probes API is attempting to become a JSR. It’s certainly an incredibly powerful idea. It permits metering at various levels, groups and aggregated entities.

    Summary
    This whole business of costing everything and billing accordingly will likely appeal to today’s business mindset.
    However, I (and I’m not alone) view ABC as a disastrous approach to improving the efficiency of the organization. This is not just because quality comprises a multitude of attributes (cost being just one of them), but – more fundamentally – because it turns out that organizational efficiency (the cloud, which forms part of the organization) is not in fact maximized by maximizing the efficiency of each individual element involved.

    Counter-intuitive though it is, the quality and quantity of what your organization produces (products, services) is actually determined by a handful of constraints (bottlenecks.) ABC does not only not recognize this fact, it guarantees that quality and quantity will be less than their potential for a given set of resources. For more information read this.


    css.php