Jonathan Lalou's Blog

KotlinConf’23 kicked off with an energizing keynote, marking a highly anticipated return to an in-person format in Amsterdam. Hosted by Hadi Hariri from JetBrains, the session brought together key figures from both JetBrains and Google, including Roman Elizarov, Svetlana Isakova, Egor Tolstoy, and Grace Kloba (VP of Engineering for Android Developer Experience at Google), to share exciting updates and future directions for the Kotlin language and its ecosystem. The conference also boasted a global reach with KotlinConf Global events held across 41 countries. For those unable to attend, the key announcements from the keynote are also available in a comprehensive blog post on the official Kotlin blog.

The keynote began by celebrating Kotlin’s impressive growth, with compelling statistics underscoring its widespread adoption, particularly in Android development where it stands as the most popular language, utilized in over 95% of the top 1000 Android applications. A significant emphasis was placed on the forthcoming Kotlin 2.0, which is centered around the revolutionary new K2 compiler. This compiler promises significant performance improvements, enhanced stability, and a robust foundation for the language’s future evolution. The K2 compiler is nearing completion and is slated for release as Kotlin 2.0. Additionally, the IntelliJ IDEA plugin will also adopt the K2 frontend, ensuring alignment with IntelliJ releases and a consistent developer experience.

The Evolution of Kotlin: K2 Compiler and Language Features

The K2 compiler was a central theme of the keynote, signifying a major milestone for Kotlin. This re-architected compiler frontend, which also powers the IDE, is designed to be faster, more stable, and to enable quicker development of new language features and tooling capabilities. Kotlin 2.0, built upon the K2 compiler, is set to bring these profound benefits to all Kotlin developers, improving both compiler performance and IDE responsiveness.

Beyond the immediate horizon of Kotlin 2.0, the speakers provided a glimpse into potential future language features that are currently under consideration. These exciting prospects included:

Prospective Language Enhancements

• Static Extensions: This feature aims to allow static resolution of extension functions, which could potentially improve performance and code clarity.
• Collection Literals: The introduction of a more concise syntax for creating collections, such as using square brackets for lists, with efficient underlying implementations, is on the cards.
• Name-Based Destructuring: Offering a more flexible way to destructure objects based on property names rather than simply their positional order.
• Context Receivers: A powerful capability designed to provide contextual information to functions in a more implicit and structured manner. This feature, however, is being approached with careful consideration to ensure it aligns well with Kotlin’s core principles and doesn’t introduce undue complexity.
• Explicit Fields: This would provide developers with more direct control over the backing fields of properties, offering greater flexibility in certain scenarios.

The JetBrains team underscored a cautious and deliberate approach to language evolution, ensuring that any new features are meticulously designed and maintainable within the Kotlin ecosystem. Compiler plugins were also highlighted as a powerful mechanism for extending Kotlin’s capabilities without altering its core.

Kotlin in the Ecosystem: Google’s Investment and Multiplatform Growth

Grace Kloba from Google took the stage to reiterate Google’s strong and unwavering commitment to Kotlin. She shared insights into Google’s substantial investments in the Kotlin ecosystem, including the development of Kotlin Symbol Processing (KSP) and the continuous emphasis on Kotlin as the default choice for Android development. Google officially championed Kotlin for Android development as early as 2017, a pivotal moment for the language’s widespread adoption. Furthermore, the Kotlin DSL is now the default for Gradle build scripts within Android Studio, significantly enhancing the developer experience with features such as semantic syntax highlighting and advanced code completion. Google also actively contributes to the Kotlin Foundation and encourages community participation through initiatives like the Kotlin Foundation Grants Program, which specifically focuses on supporting multiplatform libraries and frameworks.

Kotlin Multiplatform (KMP) emerged as another major highlight of the keynote, emphasizing its increasing maturity and widespread adoption. The overarching vision for KMP is to empower developers to share code across a diverse range of platforms—Android, iOS, desktop, web, and server-side—while retaining the crucial ability to write platform-specific code when necessary for optimal integration and performance. The keynote celebrated the burgeoning number of multiplatform libraries and tools, including KMM Bridge, which are simplifying KMP development workflows. The future of KMP appears exceptionally promising, with ongoing efforts to further enhance the developer experience and expand its capabilities across even more platforms.

Compose Multiplatform and Emerging Technologies

The keynote also featured significant advancements in Compose Multiplatform, JetBrains’ declarative UI framework for building cross-platform user interfaces. A particularly impactful announcement was the alpha release of Compose Multiplatform for iOS. This groundbreaking development allows developers to write their UI code once in Kotlin and deploy it seamlessly across Android and iOS, and even to desktop and web targets. This opens up entirely new avenues for code sharing and promises accelerated development cycles for mobile applications, breaking down traditional platform barriers.

Finally, the JetBrains team touched upon Kotlin’s expansion into truly emerging technologies, such as WebAssembly (Wasm). JetBrains is actively developing a new compiler backend for Kotlin specifically targeting WebAssembly, coupled with its own garbage collection proposal. This ambitious effort aims to deliver high-performance Kotlin code directly within the browser environment. Experiments involving the execution of Compose applications within the browser using WebAssembly were also mentioned, hinting at a future where Kotlin could offer a unified development experience across an even broader spectrum of platforms. The keynote concluded with an enthusiastic invitation to the community to delve deeper into these subjects during the conference sessions and to continue contributing to Kotlin’s vibrant and ever-expanding ecosystem.

Links:

• Blog Post on KotlinConf’23 Keynote Highlights
• JetBrains Website
• JetBrains on LinkedIn
• Grace Kloba – KotlinConf’23 Speaker Profile

Hashtags: #Keynote #JetBrains #Google #K2Compiler #Kotlin2 #Multiplatform #ComposeMultiplatform #WebAssembly

Christian Wörz, a seasoned full-stack engineer and freelancer, captivated the Devoxx Belgium 2023 audience with a hands-on exploration of advanced TypeScript features. Through live coding, Christian illuminated powerful yet underutilized constructs like mapped types, template literals, conditional types, and recursion, demonstrating their practical applications in real-world scenarios. His session, blending technical depth with accessibility, empowered developers to leverage TypeScript’s full potential for creating robust, type-safe codebases.

Mastering Mapped Types and Template Literals

Christian kicked off with mapped types, showcasing their ability to dynamically generate type-safe structures. He defined an Events type with add and remove properties and created an OnEvent type to prefix event keys with “on” (e.g., onAdd, onRemove). Using the keyof operator and template literal syntax, he ensured that OnEvent mirrored Events, enforcing consistency. For instance, adding a move event to Events required updating OnEvent to onMove, providing compile-time safety. He enhanced this with TypeScript’s intrinsic Capitalize function to uppercase property names, ensuring precise naming conventions.

Template literals were explored through a chessboard example, where Christian generated all possible positions (e.g., A1, B2) by combining letter and number types. He extended this to a CSS validator, defining a GapCSS type for properties like margin-left and padding-top, paired with valid CSS sizes (e.g., rem, px). This approach narrowed string types to enforce specific formats, preventing errors like invalid CSS values at compile time.

Leveraging Conditional Types and Never for Safety

Christian delved into conditional types and the never type to enhance compile-time safety. He introduced a NoEmptyString type that prevents empty strings from being assigned, using a conditional check to return never for invalid inputs. Applying this to a failOnEmptyString function ensured that only non-empty strings were accepted, catching errors before runtime. He also demonstrated exhaustive switch cases, using never to enforce complete coverage. For a getCountryForLocation function, assigning an unhandled London case to a never-typed variable triggered a compile-time error, ensuring all cases were addressed.

Unraveling Types with Infer and Recursion

The infer keyword was a highlight, enabling Christian to extract type information dynamically. He created a custom MyReturnType to mimic TypeScript’s ReturnType, inferring a function’s return type (e.g., number for an addition function). This was particularly useful for complex type manipulations. Recursion was showcased through an UnnestArray type, unwrapping deeply nested arrays to access their inner types (e.g., extracting string from string[][][]). He also built a recursive Tuple type, generating fixed-length arrays with specified element types, such as a three-element RGB tuple, with an accumulator to collect elements during recursion.

Branded Types for Enhanced Type Safety

Christian concluded with branded types, a technique to distinguish specific string formats, like emails, without runtime overhead. By defining an Email type as a string intersected with an object containing a _brand property, he ensured that only validated strings could be assigned. A type guard function, isValidEmail, checked for an @ symbol, allowing safe usage in functions like sendEmail. This approach maintained the simplicity of primitive types while enforcing strict validation, applicable to formats like UUIDs or custom date strings.

Links:

• Christian Wörz’s website
• Christian Wörz’s GitHub

The DockerCon 2023 workshop, “Secure Development with Docker,” delivered by Yves Brissaud, James Carnegie, David Dooling, and Christian Dupuis from Docker, offered a comprehensive exploration of securing the software supply chain. Spanning over three hours, this session addressed the tension between developers’ need for speed and security teams’ focus on risk mitigation. Participants engaged in hands-on labs to identify and remediate common vulnerabilities, leverage Docker Scout for actionable insights, and implement provenance, software bills of materials (SBOMs), and policies. The workshop emphasized Docker’s developer-centric approach to security, empowering attendees to enhance their workflows without compromising safety. By integrating Docker Scout, attendees learned to secure every stage of the software development lifecycle, from code to deployment.

Tackling Common Vulnerabilities and Exposures (CVEs)

The workshop began with a focus on Common Vulnerabilities and Exposures (CVEs), a critical starting point for securing software. David Dooling introduced CVEs as publicly disclosed cybersecurity vulnerabilities in operating systems, dependencies like OpenSSL, or container images. Participants used Docker Desktop 4.24 and the Docker Scout CLI to scan images based on Alpine 3.14, identifying vulnerabilities in base images and added layers, such as npm packages (e.g., Express and its transitive dependency Qs). Hands-on exercises guided attendees to update base images to Alpine 3.18, using Docker Scout’s recommendations to select versions with fewer vulnerabilities. The CLI’s cve command and Desktop’s vulnerability view provided detailed insights, including severity filters and package details, enabling developers to remediate issues efficiently. This segment underscored that while scanning is essential, it’s only one part of a broader security strategy, setting the stage for a holistic approach.

Understanding Software Supply Chain Security

The second segment, led by Dooling, introduced the software supply chain as a framework encompassing source code, dependencies, build processes, and deployment. Drawing an analogy to brewing coffee—where beans, water, and equipment have their own supply chains—the workshop highlighted risks like supply chain attacks, as outlined by CISA’s open-source security roadmap. These attacks, such as poisoning repositories, differ from CVEs by involving intentional tampering. Participants explored Docker Scout’s role as a supply chain management tool, not just a CVE scanner. Using the workshop’s GitHub repository (dc23-secure-workshop), attendees set up environment variables and Docker Compose to build images, learning how Scout tracks components across the lifecycle. This segment emphasized the need to secure every stage, from code creation to deployment, to prevent vulnerabilities and malicious injections.

Leveraging Docker Scout for Actionable Insights

Docker Scout was the cornerstone of the workshop, offering a developer-friendly interface to manage security. Yves Brissaud guided participants through hands-on labs using Docker Desktop and the Scout CLI to analyze images. Attendees explored vulnerabilities in a front-end image (using Express) and a Go-based back-end image, applying filters to focus on critical CVEs or specific package types (e.g., npm). Scout’s compare command allowed participants to assess changes between image versions, such as updating from Alpine 3.14 to 3.18, revealing added or removed packages and their impact on vulnerabilities. Desktop’s visual interface displayed recommended fixes, like updating base images or dependencies, while the CLI provided detailed outputs, including quick views for rapid assessments. This segment demonstrated Scout’s ability to integrate into CI/CD pipelines, providing early feedback to developers without disrupting workflows.

Implementing Provenance and Software Bill of Materials (SBOM)

The third segment focused on provenance and SBOMs, critical for supply chain transparency. Provenance, aligned with the SALSA framework’s Build Level 1, documents how an image is built, including base image tags, digests, and build metadata. SBOMs list all packages and their versions, ensuring consistency across environments. Participants rebuilt images with the --provenance and --sbom flags using BuildKit, generating attestations stored in Docker Hub. Brissaud demonstrated using the imagetools command to inspect provenance and SBOMs, revealing details like build timestamps and package licenses. The workshop highlighted the importance of embedding this metadata at build time to enable reproducible builds and accurate recommendations. By integrating Scout’s custom SBOM indexer, attendees ensured consistent vulnerability reporting across Desktop, CLI, and scout.docker.com, enhancing trust in the software’s integrity.

Enforcing Developer-Centric Policies

The final segment introduced Docker Scout’s policy enforcement, designed with a developer mindset to avoid unnecessary build failures. Dooling explained Scout’s “first do no harm” philosophy, rooted in Kaizen’s continuous improvement principles. Unlike traditional policies that block builds for existing CVEs, Scout compares new builds to production images, allowing progress if vulnerabilities remain unchanged. Participants explored four out-of-the-box policies in Early Access: fixing critical/high CVEs, updating base images, and avoiding deprecated tags. Using the scout policy command, attendees evaluated images against these policies, viewing compliance status on Desktop and scout.docker.com. The workshop also previewed upcoming GitHub Action integrations for pull request policy checks, enabling developers to assess changes before merging. This approach ensures security without hindering development, aligning with Docker’s mission to empower developers.

Links:

• DockerCon 2023 Workshop Video
• Docker Website
• Announcing Docker Scout GA: Actionable Insights for the Software Supply Chain
• Docker Scout: Securing The Complete Software Supply Chain (DockerCon 2023)
• What’s in My Container? Docker Scout CLI and CI to the Rescue (DockerCon 2023)

Hashtags: #DockerCon2023 #SoftwareSupplyChain #DockerScout #SecureDevelopment #CVEs #Provenance #SBOM #Policy #YvesBrissaud #JamesCarnegie #DavidDooling #ChristianDupuis

At Devoxx Belgium 2023, Prakhar Srivastav, a software engineer at Google, unveiled the power of Project IDX and Firebase in crafting a generative AI mobile application. His session illuminated how developers can harness these tools to streamline full-stack, multiplatform app development directly from the browser, eliminating cumbersome local setups. Through a live demonstration, Prakhar showcased the creation of “Listed,” a Flutter-based app that leverages Google’s PaLM API to break down user-defined goals into actionable subtasks, offering a practical tool for task management. His engaging presentation, enriched with real-time coding, highlighted the synergy of cloud-based development environments and AI-driven solutions.

Introducing Project IDX: A Cloud-Based Development Revolution

Prakhar introduced Project IDX as a transformative cloud-based development environment designed to simplify the creation of multiplatform applications. Unlike traditional setups requiring hefty binaries like Xcode or Android Studio, Project IDX enables developers to work entirely in the browser. Prakhar demonstrated this by running Android and iOS emulators side-by-side within the browser, showcasing a Flutter app that compiles to multiple platforms—Android, iOS, web, Linux, and macOS—from a single codebase. This eliminates the need for platform-specific configurations, making development accessible even on lightweight devices like Chromebooks.

The live demo featured “Listed,” a mobile app where users input a goal, such as preparing for a tech talk, and receive AI-generated subtasks and tips. For instance, entering “give a tech talk at a conference” yielded steps like choosing a relevant topic and practicing the presentation, with a tip to have a backup plan for technical issues. Prakhar’s real-time tweak—changing the app’s color scheme from green to red—illustrated the iterative development flow, where changes are instantly reflected in the emulator, enhancing productivity and experimentation.

Harnessing the PaLM API for Generative AI

Central to the app’s functionality is Google’s PaLM API, which Prakhar utilized to integrate generative AI capabilities. He explained that large language models (LLMs), like those powering the PaLM API, act as sophisticated autocomplete systems, predicting likely text outputs based on extensive training data. For “Listed,” the text API was chosen for its suitability in single-turn interactions, such as generating subtasks from a user’s query. Prakhar emphasized the importance of crafting effective prompts, comparing a vague prompt like “the sky is” to a precise one like “complete the sentence: the sky is,” which yields more relevant results.

To enhance the AI’s output, Prakhar employed few-shot prompting, providing the model with examples of desired responses. For instance, for the query “go camping,” the prompt included sample subtasks like choosing a campsite and packing meals, along with a tip about wildlife safety. This structured approach ensured the model generated contextually accurate and actionable suggestions, making the app intuitive for users tackling complex tasks.

Securing AI Integration with Firebase Extensions

Integrating the PaLM API into a mobile app poses security challenges, particularly around API key exposure. Prakhar addressed this by leveraging Firebase Extensions, which provide pre-packaged solutions to streamline backend integration. Specifically, he used a Firebase Extension to securely call the PaLM API via Cloud Functions, avoiding the need to embed sensitive API keys in the client-side Flutter app. This setup not only enhances security but also simplifies infrastructure management, as the extension handles logging, monitoring, and optional AppCheck for client verification.

In the live demo, Prakhar navigated the Firebase Extensions Marketplace, selecting the “Call PaLM API Securely” extension. With a few clicks, he deployed Cloud Functions that exposed a POST API for sending prompts and receiving AI-generated responses. The code walkthrough revealed a straightforward implementation in Dart, where the app constructs a JSON payload with the prompt, model name (text-bison-001), and temperature (0.25 for deterministic outputs), ensuring seamless and secure communication with the backend.

Building the Flutter App: Simplicity and Collaboration

The Flutter app’s architecture, built within Project IDX, was designed for simplicity and collaboration. Prakhar walked through the main.dart file, which scaffolds the app’s UI with a material-themed interface, an input field for user queries, and a list to display AI-generated tasks. The app uses anonymous Firebase authentication to secure backend calls without requiring user logins, enhancing accessibility. A PromptBuilder class dynamically constructs prompts by combining predefined prefixes and examples, ensuring flexibility in handling varied user inputs.

Project IDX’s integration with Visual Studio Code’s open-source framework added collaborative features. Prakhar demonstrated how developers can invite colleagues to a shared workspace, enabling real-time collaboration. Additionally, the IDE’s AI capabilities allow users to explain selected code or generate new snippets, streamlining development. For instance, selecting the PromptBuilder class and requesting an explanation provided detailed insights into its parameters, showcasing how Project IDX enhances developer productivity.

Links:

• Google company website
• Listed app on GitHub

Moderated by Oleg Tsal-Tsalko, Senior Solution Architect at EPAM, the Devoxx Ukraine 2023 panel discussion, AI: Friend or Foe?, brought together experts Evgeny Borisov, Mary Grygleski, Andriy Mulyar, and Sean Phillips to explore the transformative impact of AI on software development and society. The discussion delves into AI’s potential to augment or disrupt, addressing ethical concerns, practical applications, and the skills developers need to thrive in an AI-driven world. This engaging session aligns with the conference’s focus on AI’s role in shaping technology’s future.

AI’s Impact on Software Development

The panel opens with a provocative question: does AI threaten software development jobs? Evgeny and Andriy assert that AI will not replace developers but rather enhance their productivity, acting as a “third arm.” Evgeny notes that many developers, especially juniors, already use tools like ChatGPT alongside their IDEs, streamlining tasks like code generation and documentation lookup. This shift, he argues, allows developers to focus on creative problem-solving rather than rote tasks, making development more engaging and efficient.

Mary reinforces this, suggesting that AI may create new roles, such as prompt engineers, to manage and optimize AI interactions. The panel agrees that while fully autonomous AI agents are still distant, current tools empower developers to deliver higher-quality code faster, transforming the development process into a more strategic and innovative endeavor.

Ethical and Societal Implications

The discussion shifts to AI’s ethical challenges, with Andriy highlighting the risk of “hallucinations”—incorrect or fabricated outputs from LLMs due to incomplete data. Mary adds that unintentional harm, such as misusing generated content, is a significant concern, urging developers to approach AI with caution and responsibility. Sean emphasizes the need for regulation, noting that the lack of oversight could lead to misuse, such as generating misleading content or exploiting personal data.

The panelists stress the importance of transparency, with Evgeny questioning the trustworthiness of AI providers like OpenAI, which may use user inputs to improve their models. This raises concerns about data privacy and intellectual property, prompting a call for developers to be mindful of the tools they use and the data they share.

Educating for an AI-Driven Future

A key theme is the need for broader AI literacy. Andriy advocates for basic machine learning education, even for non-technical users, to demystify AI systems. He suggests resources like MIT’s introductory ML courses to help individuals understand the “black box” of AI, enabling informed interactions. Mary agrees, emphasizing that understanding AI’s implications—without needing deep technical knowledge—can prevent unintended consequences, such as misinterpreting AI outputs.

The panelists encourage developers to learn prompt engineering, as well-formulated prompts significantly improve AI outputs. Evgeny shares that a well-named class or minimal context can yield better results than overly detailed prompts, highlighting the importance of clarity and precision in AI interactions.

Preparing Developers for AI Integration

The panel concludes with practical advice for developers. Sean recommends exploring AI tools to stay competitive, echoing the sentiment that “AI will not replace you, but people using AI will.” Evgeny suggests starting with simple resources, like YouTube tutorials, to master prompt engineering and understand AI capabilities. Mary highlights emerging tools like LangStream, an open-source library for event streaming in RAG patterns, showcasing how AI can integrate with real-time data processing.

The discussion, moderated with skill by Oleg, inspires developers to embrace AI as a collaborative tool while remaining vigilant about its challenges. By fostering education, ethical awareness, and technical proficiency, the panelists envision a future where AI empowers developers to innovate responsibly.

Links:

• EPAM website
• DataStax website
• Nomic AI website
• Oleg Tsal-Tsalko on Twitter
• Evgeny Borisov on Twitter
• Mary Grygleski on Twitter
• Andriy Mulyar on Twitter
• Sean Phillips on Twitter

Hashtags: #AI #SoftwareDevelopment #Ethics #MachineLearning #PromptEngineering #EPAM #DataStax #NomicAI #OlegTsalTsalko #EvgenyBorisov #MaryGrygleski #AndriyMulyar #SeanPhillips #DevoxxUkraine2023

Soham Dasgupta, a Cloud Solution Architect at Microsoft, presented an illuminating session at Devoxx Ukraine 2023, titled Orchestrate Your AI with Semantic Kernel. With over 16 years of experience in software development, Soham demystifies the complexities of integrating AI into applications using Microsoft’s Semantic Kernel SDK. His talk, featuring live coding, provides developers with practical tools to harness large language models (LLMs), aligning with the conference’s focus on AI-driven development.

Understanding Semantic Kernel

Soham introduces Semantic Kernel, an open-source SDK designed to simplify the integration of LLMs into applications. He explains that Semantic Kernel acts as an orchestrator, enabling developers to manage AI requests and responses efficiently. Unlike other frameworks like LangChain, which supports a broader range of LLMs, Semantic Kernel is optimized for Azure Open AI and select models, offering a streamlined approach for Java developers.

Through a live coding demo, Soham demonstrates how Semantic Kernel reduces code verbosity, allowing developers to focus on business logic and prompt design. He showcases a simple application connecting to an LLM, highlighting how the SDK abstracts complex interactions, making AI integration accessible even for those new to the technology.

Simplifying AI Integration

Delving deeper, Soham illustrates how Semantic Kernel enables modular application design. Developers can create objects to connect to specific LLMs, ensuring flexibility without overwhelming complexity. He advises against combining multiple LLMs in a single application, as their non-deterministic nature can introduce unpredictability. Instead, Soham recommends selecting a framework that aligns with the chosen LLM, such as Semantic Kernel for Azure Open AI or LangChain for broader compatibility, including Hugging Face or LLaMA.

His demo emphasizes practical use cases, such as generating context-aware responses for conversational applications. By leveraging Semantic Kernel, developers can orchestrate AI workflows efficiently, reducing development time and enhancing application responsiveness, a key theme of the conference.

Addressing Data Privacy Concerns

Soham addresses a critical concern raised throughout the conference: data privacy in AI applications. He explains that Azure Open AI ensures data remains within a user’s subscription, offering robust privacy controls for enterprise use. In contrast, public versions of LLMs, like Open AI’s standard endpoints, may use data for further training unless an enterprise version is selected. Soham urges developers to read the fine print before integrating LLMs, as sensitive data, such as customer contracts, could inadvertently contribute to model training if not handled properly.

This focus on privacy aligns with the conference’s discussions on ethical AI, providing developers with practical guidance to navigate enterprise requirements while leveraging AI’s capabilities.

Practical Recommendations for Developers

Soham concludes by encouraging developers to explore Semantic Kernel through Microsoft’s Azure platform, which offers resources for hands-on learning. His live coding demo, despite the pressure of a live audience, showcases the SDK’s ease of use, inspiring developers to experiment with AI orchestration. Soham invites further engagement via social platforms, sharing his enthusiasm for building AI-driven applications that are both powerful and responsible.

His presentation, delivered with clarity and technical expertise, equips developers with the tools to integrate AI seamlessly, fostering innovation while addressing practical and ethical considerations.

Links:

• Microsoft website
• Soham Dasgupta on Twitter
• Semantic Kernel GitHub repository

Hashtags: #AI #SemanticKernel #LargeLanguageModels #Azure #Java #Microsoft #SohamDasgupta #DevoxxUkraine2023

Lors de Devoxx France 2023, Hila Fish a présenté une conférence captivante de 47 minutes intitulée « Incident Management – Talk the Talk, Walk the Walk » (lien YouTube), proposant une feuille de route pour une gestion efficace des incidents. Enregistrée en avril 2023 au Palais des Congrès à Paris, Hila, ingénieure DevOps senior chez Wix (site Wix), a partagé ses 15 années d’expérience dans la tech, mettant en avant des stratégies proactives et des processus structurés pour gérer les incidents en production. Son discours, enrichi de conseils pratiques et d’anecdotes réelles, a inspiré les participants à non seulement parler de gestion des incidents, mais à exceller dans ce domaine. Cet article explore le cadre de Hila, soulignant comment se préparer et résoudre les incidents tout en préservant la valeur business et le sommeil.

Repenser les incidents avec une mentalité business

Hila a commencé par redéfinir la perception des incidents, incitant à passer d’une vision technique étroite à une approche orientée business. Elle a défini les incidents comme des événements risquant des pertes de revenus, l’insatisfaction des clients, des violations de données ou des atteintes à la réputation, les distinguant des alertes mineures. Sans une gestion adéquate, les incidents peuvent entraîner des temps d’arrêt, une productivité réduite et des violations des accords de niveau de service (SLA), coûteux pour les entreprises. Hila a insisté sur le fait que les développeurs et ingénieurs doivent comprendre le « pourquoi » de leurs systèmes — comment les pannes affectent les revenus, les clients et la réputation.

Citants Werner Vogels, CTO d’AWS, Hila a rappelé que « tout échoue tout le temps », des systèmes de production à l’endurance humaine. Cette réalité rend les incidents inévitables, non des urgences à paniquer. En anticipant les échecs, les équipes peuvent aborder les incidents calmement, armées d’un processus structuré. La mentalité business de Hila encourage les ingénieurs à prioriser les résultats alignés sur les objectifs organisationnels, comme minimiser les temps d’arrêt et maintenir la confiance des clients. Cette perspective pose les bases de son cadre structuré de gestion des incidents, conçu pour éviter le chaos et optimiser l’efficacité.

Un processus structuré pour la résolution des incidents

Hila a présenté un processus en cinq piliers pour gérer les incidents, adapté du cadre de PagerDuty mais affiné par son expérience : Identifier et Catégoriser, Notifier et Escalader, Investiguer et Diagnostiquer, Résoudre et Récupérer, et Clôture de l’Incident. Chaque pilier inclut des questions clés pour guider les ingénieurs vers la résolution.

• Identifier et Catégoriser : Hila conseille d’évaluer l’ampleur et l’impact business de l’incident. Des questions comme « Est-ce que je comprends toute l’étendue du problème ? » et « Peut-on attendre les heures ouvrables ? » déterminent l’urgence. Si une alerte provient d’une plainte client plutôt que d’outils comme PagerDuty, cela signale une lacune dans la détection à corriger après l’incident.

• Notifier et Escalader : La communication est cruciale. Hila a souligné l’importance de notifier les équipes de support, les ingénieurs clients et les équipes dépendantes pour maintenir la transparence et respecter les SLA. Les alertes mal classifiées doivent être ajustées pour refléter la véritable gravité.

• Investiguer et Diagnostiquer : Concentrez-vous sur les informations pertinentes pour éviter de perdre du temps. Hila a partagé un exemple où des ingénieurs débattaient de détails de flux non pertinents, retardant la résolution. Poser « Ai-je trouvé la cause racine ? » assure la progression, avec une escalade si l’investigation stagne.

• Résoudre et Récupérer : La solution la plus rapide préservant la stabilité du système est idéale. Hila a mis en garde contre les correctifs « rapides et sales », comme redémarrer un service sans traiter les causes sous-jacentes, qui peuvent réapparaître et nuire à la fiabilité. Des correctifs permanents et des mesures préventives sont essentiels.

• Clôture de l’Incident : Après résolution, informez toutes les parties prenantes, vérifiez les alertes, mettez à jour les runbooks et évaluez si un post-mortem est nécessaire. Hila a insisté sur la documentation immédiate des leçons pour capturer les détails avec précision, favorisant une culture d’apprentissage sans blâme.

Ce processus structuré réduit le temps moyen de résolution, minimise les coûts et améliore la fiabilité des systèmes, en phase avec la philosophie business de Hila.

Traits essentiels des gestionnaires d’incidents

Hila a détaillé dix traits cruciaux pour une gestion efficace des incidents, proposant des moyens pratiques de les développer :

• Réflexion rapide : Les incidents impliquent souvent des problèmes inconnus, nécessitant des décisions rapides et créatives. Hila a suggéré de s’entraîner via des sessions de brainstorming ou des exercices d’équipe comme le paintball pour renforcer l’adaptabilité.

• Filtrer les informations pertinentes : Connaître les flux d’un système aide à distinguer les données critiques du bruit. La familiarité avec l’architecture système améliore cette compétence, accélérant le débogage.

• Travailler sous pression : Hila a raconté l’histoire d’un collègue paralysé par 300 alertes lors de son premier quart d’astreinte. Collecter des données pertinentes réduit le stress en restaurant le contrôle. Apprendre les flux système en amont renforce la confiance.

• Travail méthodique : Suivre son processus basé sur les piliers assure une progression constante, même sous pression.

• Humilité : Demander de l’aide privilégie les besoins business à l’ego. Hila a encouragé l’escalade des problèmes non résolus plutôt que de perdre du temps.

• Résolution de problèmes et attitude proactive : Une approche positive et proactive favorise les solutions. Hila a raconté avoir poussé des collègues réticents à essayer des correctifs suggérés, évitant la stagnation.

• Propriété et initiative : Même après escalade, les gestionnaires doivent vérifier la progression, comme Hila l’a fait en relançant un DBA silencieux.

• Communication : Des mises à jour claires et concises aux équipes et clients sont vitales. Pour les moins communicatifs, Hila a recommandé des lignes directrices prédéfinies pour les canaux et le contenu.

• Leadership sans autorité : La confiance et le calme inspirent la confiance, permettant aux gestionnaires de diriger efficacement les équipes.

• Engagement : La passion pour le rôle stimule la propriété et l’initiative. Hila a averti que l’apathie pourrait signaler un épuisement ou un mauvais ajustement professionnel.

Ces traits, affinés par la pratique et la réflexion, permettent aux ingénieurs de gérer les incidents avec clarté et détermination.

Préparation proactive pour réussir ses incidents

Le message central de Hila était le pouvoir de la proactivité, comparé à une écoute active en classe pour préparer un examen. Elle a détaillé des étapes proactives pour le travail quotidien et les actions post-incident pour garantir la preparedness :

• Actions post-incident : Rédigez des rapports de fin de quart d’astreinte pour documenter les problèmes récurrents, utiles pour la sensibilisation de l’équipe et les audits. Notez immédiatement les observations pour un post-mortem, même sans réunion formelle, pour capturer les leçons. Ouvrez des tâches pour prévenir les futurs incidents, corrigez les alertes faussement positives, mettez à jour les runbooks et automatisez les problèmes auto-réparables. Partagez des connaissances détaillées via des manuels ou des briefings pour aider les équipes à apprendre des processus de débogage.

• Proactivité quotidienne : Lisez les rapports de fin de quart des coéquipiers pour rester informé des changements en production. Connaissez les contacts d’escalade pour d’autres domaines (par exemple, développeurs pour des services spécifiques) pour éviter les retards. Étudiez l’architecture système et les flux d’applications pour identifier les points faibles et rationaliser le dépannage. Surveillez les tâches des coéquipiers et les changements en production pour anticiper les impacts. Soyez une personne ressource, partageant vos connaissances pour bâtir la confiance et réduire les efforts de collecte d’informations.

L’approche proactive de Hila garantit que les ingénieurs sont « prêts ou non » lorsque les alertes de PagerDuty ou OpsGenie arrivent, minimisant les temps d’arrêt et favorisant le succès business.

Conclusion

La présentation de Hila Fish à Devoxx France 2023 a été une masterclass en gestion des incidents, mêlant processus structurés, traits essentiels et stratégies proactives. En adoptant une mentalité business, en suivant un cadre de résolution clair, en cultivant des compétences clés et en se préparant avec diligence, les ingénieurs peuvent transformer les incidents chaotiques en défis gérables. Son accent sur la préparation et la collaboration garantit des résolutions efficaces tout en préservant le sommeil — une victoire pour les ingénieurs et les entreprises.

Visionnez la conférence complète sur YouTube pour explorer davantage les idées de Hila. Son travail chez Wix (site Wix) reflète un engagement envers l’excellence DevOps, et des ressources supplémentaires sont disponibles via Devoxx France (site Devoxx France). Comme Hila l’a rappelé, maîtriser la gestion des incidents signifie se préparer, rester calme et toujours prioriser le business — car lorsque les incidents frappent, vous serez prêt à agir.

In a world increasingly dominated by digital communication and remote work, the ability to connect with others and speak confidently has become more challenging yet more valuable than ever. At Devoxx France 2023, Alex Casanova delivered an engaging workshop on overcoming the barriers to effective communication and public speaking, drawing from her extensive experience as an actress, trainer, and sophrologist.

The Importance of Human Connection

Alex began her presentation with an interactive exercise, asking the audience to identify what prevents people from speaking in public. The responses came quickly: shyness, lack of confidence, fear of judgment, feeling illegitimate, and the intimidation of speaking after someone more articulate has already spoken. She then asked what would help overcome these barriers: confidence, feeling safe, stress management, feedback, a supportive atmosphere, and practice.

“The development of digital technology, artificial intelligence, and social distancing following lockdowns has had an impact on human beings and our self-confidence,” Alex explained. “It increases fear—fear of going out, fear of approaching others, fear of not knowing what to say—because the professional world is demanding and always asks for more: more ideas, more spontaneity, more innovation.”

As a professional actress, trainer, and sophrologist, Alex shared that she too has experienced impostor syndrome and naturally tends toward introversion. Her life path consciously or unconsciously led her to theater, which provided tools to express herself better, feel comfortable in front of an audience, and create a space where she could be fully herself.

Understanding Communication Types

Alex outlined three types of communication we encounter:

1. Interpersonal communication – Between two people, involving an emitter and a receiver
2. Group communication – One person addressing a group, such as in presentations or conferences
3. Mass communication – Multiple sources addressing large audiences through various channels

The workshop focused primarily on the first two types, which are most relevant to professional settings.

The Hero’s Journey to Better Communication

Alex framed the workshop as a hero’s journey where participants would face and overcome four challenges that prevent effective communication:

Challenge 1: Breaking Mental and Physical Isolation

The first monster to defeat is the fear of leaving our comfort zone. Alex guided the audience through a sophrological relaxation exercise focusing on:

• Posture awareness and alignment
• Square breathing technique (inhale, hold, exhale, hold)
• Visualization of a safe, comforting place
• Recalling a memory of personal excellence and confidence

This simple but powerful tool helps create grounding, calm, strengthen personal resources, gain perspective on emotions, and bring focus to the present moment.

Challenge 2: Public Speaking and Self-Confidence

The second challenge involves overcoming stage fright, anxiety, and various fears:

• Fear of not being understood
• Fear of being judged
• Fear of not being good enough
• Fear of losing composure

Alex demonstrated the “Victory V” posture—standing tall with arms raised in a V shape—based on Amy Cuddy’s research on body language and its influence on mental state. Maintaining this posture for 30 seconds releases hormones that boost confidence and create an optimistic, open mindset.

“Body language truly puts you in an attitude of openness,” Alex explained, contrasting it with closed postures associated with fear or sadness. She shared a personal anecdote of using this technique at a networking event where she felt out of place, which led to the event organizer approaching her and introducing her to others.

Challenge 3: Team Relationships and Quick Thinking

The third challenge addresses conflict avoidance, difficulty collaborating, lack of self-confidence, fear of not knowing what to say, viewing others as enemies, and fear of rejection.

Alex led the audience through a word association exercise:

• First individually, thinking of a word and making associations (e.g., bottle → alcohol → cocktail → vacation)
• Then collectively, with audience members building on each other’s associations

This simple activity immediately created engagement, spontaneity, and connection among strangers, demonstrating the philosophy of improvisation.

“Improv puts you in a state of play, exchange, meeting, letting go, and self-confidence,” Alex explained. She has used improvisation tools to help anesthesiologists improve their listening skills, multitasking abilities, and patient interaction, as well as with high-ranking military personnel who needed to develop active listening to communicate with civilians.

Challenge 4: Creativity and Innovation

The final challenge involves overcoming:

• Fear of failure
• Fear of not measuring up
• Fear of leaving one’s comfort zone
• Fear of not being original

As an exercise, Alex asked participants to list five positive adjectives about themselves, including one starting with the first letter of their name, and then say them aloud together.

This tool helps transform limiting beliefs into motivating ones, shifting from a closed to an open state, from procrastination to action.

The Virtuous Circle

Alex concluded by presenting the virtuous circle that replaces the vicious circle of self-doubt:

1. I live, therefore I exist – Recognizing your inherent right to exist and take up space
2. I recognize my qualities and experiences – Building on small successes
3. I welcome errors as opportunities to learn – Seeing challenges as feedback rather than failure
4. I reach my goals at my own pace – Bringing compassion and kindness to yourself

“It’s really up to you to be your best ally,” Alex emphasized.

Applying These Tools

Alex’s approach combines inspiration and action—balancing periods of calm, introspection, and theory with practice, simulation, and implementation. Her multidisciplinary background allows her to use theatrical improvisation, psychology, sophrology, and coaching to adapt to individual and corporate needs.

Her ultimate goal is to help people develop greater self-confidence and what psychologist Carl Rogers calls “congruence”—alignment and coherence between our thoughts, feelings, words, and actions. This authenticity creates empathy and acceptance of ourselves and others.

About Alex Casanova

Alex Casanova is an actress, trainer, and sophrologist who specializes in helping individuals develop confidence through experiential learning. Her multidisciplinary approach combines the performing arts, psychology, and therapeutic techniques to create personalized development pathways for both individuals and organizations.

Through her work, she aims to bring more humanity, respect, and tolerance into corporate environments by focusing on authentic communication and personal growth. Her “INSPIR’ACTION” methodology balances introspection with practical application to create sustainable behavioral change.

On April 13, 2023, Oleh Dokuka commanded the Devoxx France stage with a 44-minute odyssey titled “From imperative to Reactive: the Reactive Streams adventure!” Delivered at Paris’s Palais des Congrès, Oleh, a reactive programming luminary, guided developers through the paradigm shift from imperative to reactive programming. Building on his earlier R2DBC talk, he unveiled the power of Reactive Streams, a specification for non-blocking, asynchronous data processing. His narrative was a thrilling journey, blending technical depth with practical insights, inspiring developers to embrace reactive systems for scalable, resilient applications.

Oleh began with a relatable scenario: a Java application overwhelmed by high-throughput data, such as a real-time analytics dashboard. Traditional imperative code, with its synchronous loops and blocking calls, buckles under pressure, leading to latency spikes and resource exhaustion. “We’ve all seen threads waiting idly for I/O,” Oleh quipped, his humor resonating with the audience. Reactive Streams, he explained, offer a solution by processing data asynchronously, using backpressure to balance producer and consumer speeds. Oleh’s passion for reactive programming set the stage for a deep dive into its principles, tools, and real-world applications.

Embracing Reactive Streams

Oleh’s first theme was the core of Reactive Streams: a specification for asynchronous stream processing with non-blocking backpressure. He introduced its four interfaces—Publisher, Subscriber, Subscription, and Processor—and their role in building reactive pipelines. Oleh likely demonstrated a simple pipeline using Project Reactor, a Reactive Streams implementation:

Flux.range(1, 100)
    .map(i -> processData(i))
    .subscribeOn(Schedulers.boundedElastic())
    .subscribe(System.out::println);

In this demo, a Flux emits numbers, processes them asynchronously, and prints results, all while respecting backpressure. Oleh showed how the Subscription controls data flow, preventing the subscriber from being overwhelmed. He contrasted this with imperative code, where a loop might block on I/O, highlighting reactive’s efficiency for high-throughput tasks like log processing or event streaming. The audience, familiar with synchronous Java, leaned in, captivated by the prospect of responsive systems.

Building Reactive Applications

Oleh’s narrative shifted to practical application, his second theme. He explored integrating Reactive Streams with Spring WebFlux, a reactive web framework. In a demo, Oleh likely built a REST API handling thousands of concurrent requests, using Mono and Flux for non-blocking responses:

@GetMapping("/events")
Flux<Event> getEvents() {
    return eventService.findAll();
}

This API, running on Netty and leveraging virtual threads (echoing José Paumard’s talk), scaled effortlessly under load. Oleh emphasized backpressure strategies, such as onBackpressureBuffer(), to manage fast producers. He also addressed error handling, showing how onErrorResume() ensures resilience in reactive pipelines. For microservices or event-driven architectures, Oleh argued, Reactive Streams enable low-latency, resource-efficient systems, a must for cloud-native deployments.

Oleh shared real-world examples, noting how companies like Netflix use Reactor for streaming services. He recommended starting with small reactive components, such as a single endpoint, and monitoring performance with tools like Micrometer. His practical advice—test under load, tune buffer sizes—empowered developers to adopt reactive programming incrementally.

Reactive in the Ecosystem

Oleh’s final theme was Reactive Streams’ role in Java’s ecosystem. Libraries like Reactor, RxJava, and Akka Streams implement the specification, while frameworks like Spring Boot 3 integrate reactive data access via R2DBC (from his earlier talk). Oleh highlighted compatibility with databases like MongoDB and Kafka, ideal for reactive pipelines. He likely demonstrated a reactive Kafka consumer, processing messages with backpressure:

KafkaReceiver.create(receiverOptions)
    .receive()
    .flatMap(record -> processRecord(record))
    .subscribe();

This demo showcased seamless integration, reinforcing reactive’s versatility. Oleh urged developers to explore Reactor’s documentation and experiment with Spring WebFlux, starting with a prototype project. He cautioned about debugging challenges, suggesting tools like BlockHound to detect blocking calls. Looking ahead, Oleh envisioned reactive systems dominating data-intensive applications, from IoT to real-time analytics.

As the session closed, Oleh’s enthusiasm sparked hallway discussions about reactive programming’s potential. Developers left with a clear path: build a reactive endpoint, integrate with Reactor, and measure scalability. Oleh’s adventure through Reactive Streams was a testament to Java’s adaptability, inspiring a new era of responsive, cloud-ready applications.