[SpringIO2023] Managing Spring Boot Application Secrets: Badr Nass Lahsen
In a compelling session at Spring I/O 2023, Badr Nass Lahsen, a DevSecOps expert at CyberArk, tackled the critical challenge of securing secrets in Spring Boot applications. With the rise of cloud-native architectures and Kubernetes, secrets like database credentials or API keys have become prime targets for attackers. Badr’s talk, enriched with demos and real-world insights, introduced CyberArk’s Conjur solution and various patterns to eliminate hard-coded credentials, enhance authentication, and streamline secrets management, fostering collaboration between developers and security teams.
The Growing Threat to Application Secrets
Badr opened with alarming statistics: in 2021, software supply chain attacks surged by 650%, with 71% of organizations experiencing such breaches. He cited the 2022 Uber attack, where a PowerShell script with hard-coded credentials enabled attackers to escalate privileges across AWS, Google Suite, and other systems. Using the SALSA threat model, Badr highlighted vulnerabilities like compromised source code (e.g., Okta’s leaked access token) and build processes (e.g., SolarWinds). These examples underscored the need to eliminate hard-coded secrets, which are difficult to rotate, track, or audit, and often exposed inadvertently. Badr advocated for “shifting security left,” integrating security from the design phase to mitigate risks early.
Introducing Application Identity Security
Badr introduced the concept of non-human identities, noting that machine identities (e.g., SSH keys, database credentials) outnumber human identities 45 to 1 in enterprises. These secrets, if compromised, grant attackers access to critical resources. To address this, Badr presented CyberArk’s Conjur, an open-source secrets management solution that authenticates workloads, enforces policies, and rotates credentials. He emphasized the “secret zero problem”—the initial secret needed at application startup—and proposed authenticators like JWT or certificate-based authentication to solve it. Conjur’s attribute-based access control (ABAC) ensures least privilege, enabling scalable, auditable workflows that balance developer autonomy and security requirements.
Patterns for Securing Spring Boot Applications
Through a series of demos using the Spring Pet Clinic application, Badr showcased five patterns for secrets management in Kubernetes. The API pattern integrates Conjur’s SDK, using Spring’s @Value annotations to inject secrets without changing developer workflows. The Secrets Provider pattern updates Kubernetes secrets from Conjur, minimizing code changes but offering less security. The Push-to-File pattern stores secrets in shared memory, updating application YAML files securely. The Summon pattern uses a process wrapper to inject secrets as environment variables, ideal for apps relying on such variables. Finally, the Secretless Broker pattern proxies connections to resources like MySQL, hiding secrets entirely from applications and developers. Badr demonstrated credential rotation with zero downtime using Spring Cloud Kubernetes, ensuring resilience for critical applications.
Enhancing Kubernetes Security and Auditing
Badr cautioned that Kubernetes secrets, being base64-encoded and unencrypted by default, are insecure without etcd encryption. He introduced KubeScan, an open-source tool to identify risky roles and permissions in clusters. His demos highlighted Conjur’s auditing capabilities, logging access to secrets and enabling security teams to track usage. By centralizing secrets management, Conjur eliminates “security islands” created by disparate tools like AWS Secrets Manager or Azure Key Vault, ensuring compliance and visibility. Badr stressed the need for a federated governance model to manage secrets across diverse technologies, empowering developers while maintaining robust security controls.
Links:
[DevoxxBE2023] Build a Generative AI App in Project IDX and Firebase by Prakhar Srivastav
At Devoxx Belgium 2023, Prakhar Srivastav, a software engineer at Google, unveiled the power of Project IDX and Firebase in crafting a generative AI mobile application. His session illuminated how developers can harness these tools to streamline full-stack, multiplatform app development directly from the browser, eliminating cumbersome local setups. Through a live demonstration, Prakhar showcased the creation of “Listed,” a Flutter-based app that leverages Google’s PaLM API to break down user-defined goals into actionable subtasks, offering a practical tool for task management. His engaging presentation, enriched with real-time coding, highlighted the synergy of cloud-based development environments and AI-driven solutions.
Introducing Project IDX: A Cloud-Based Development Revolution
Prakhar introduced Project IDX as a transformative cloud-based development environment designed to simplify the creation of multiplatform applications. Unlike traditional setups requiring hefty binaries like Xcode or Android Studio, Project IDX enables developers to work entirely in the browser. Prakhar demonstrated this by running Android and iOS emulators side-by-side within the browser, showcasing a Flutter app that compiles to multiple platforms—Android, iOS, web, Linux, and macOS—from a single codebase. This eliminates the need for platform-specific configurations, making development accessible even on lightweight devices like Chromebooks.
The live demo featured “Listed,” a mobile app where users input a goal, such as preparing for a tech talk, and receive AI-generated subtasks and tips. For instance, entering “give a tech talk at a conference” yielded steps like choosing a relevant topic and practicing the presentation, with a tip to have a backup plan for technical issues. Prakhar’s real-time tweak—changing the app’s color scheme from green to red—illustrated the iterative development flow, where changes are instantly reflected in the emulator, enhancing productivity and experimentation.
Harnessing the PaLM API for Generative AI
Central to the app’s functionality is Google’s PaLM API, which Prakhar utilized to integrate generative AI capabilities. He explained that large language models (LLMs), like those powering the PaLM API, act as sophisticated autocomplete systems, predicting likely text outputs based on extensive training data. For “Listed,” the text API was chosen for its suitability in single-turn interactions, such as generating subtasks from a user’s query. Prakhar emphasized the importance of crafting effective prompts, comparing a vague prompt like “the sky is” to a precise one like “complete the sentence: the sky is,” which yields more relevant results.
To enhance the AI’s output, Prakhar employed few-shot prompting, providing the model with examples of desired responses. For instance, for the query “go camping,” the prompt included sample subtasks like choosing a campsite and packing meals, along with a tip about wildlife safety. This structured approach ensured the model generated contextually accurate and actionable suggestions, making the app intuitive for users tackling complex tasks.
Securing AI Integration with Firebase Extensions
Integrating the PaLM API into a mobile app poses security challenges, particularly around API key exposure. Prakhar addressed this by leveraging Firebase Extensions, which provide pre-packaged solutions to streamline backend integration. Specifically, he used a Firebase Extension to securely call the PaLM API via Cloud Functions, avoiding the need to embed sensitive API keys in the client-side Flutter app. This setup not only enhances security but also simplifies infrastructure management, as the extension handles logging, monitoring, and optional AppCheck for client verification.
In the live demo, Prakhar navigated the Firebase Extensions Marketplace, selecting the “Call PaLM API Securely” extension. With a few clicks, he deployed Cloud Functions that exposed a POST API for sending prompts and receiving AI-generated responses. The code walkthrough revealed a straightforward implementation in Dart, where the app constructs a JSON payload with the prompt, model name (text-bison-001), and temperature (0.25 for deterministic outputs), ensuring seamless and secure communication with the backend.
Building the Flutter App: Simplicity and Collaboration
The Flutter app’s architecture, built within Project IDX, was designed for simplicity and collaboration. Prakhar walked through the main.dart file, which scaffolds the app’s UI with a material-themed interface, an input field for user queries, and a list to display AI-generated tasks. The app uses anonymous Firebase authentication to secure backend calls without requiring user logins, enhancing accessibility. A PromptBuilder class dynamically constructs prompts by combining predefined prefixes and examples, ensuring flexibility in handling varied user inputs.
Project IDX’s integration with Visual Studio Code’s open-source framework added collaborative features. Prakhar demonstrated how developers can invite colleagues to a shared workspace, enabling real-time collaboration. Additionally, the IDE’s AI capabilities allow users to explain selected code or generate new snippets, streamlining development. For instance, selecting the PromptBuilder class and requesting an explanation provided detailed insights into its parameters, showcasing how Project IDX enhances developer productivity.
Links:
[PHPForumParis2022] BFF: Our Best Friend Forever for Frontend Applications? – Valentin Claras
Valentin Claras, a seasoned team leader at Bedrock, delivered a compelling session at PHP Forum Paris 2022, exploring the Backend for Frontend (BFF) pattern as a solution for managing complex frontend applications. With over a decade of development experience, Valentin shared insights from his work at Bedrock, formerly MC6, illustrating how BFF streamlines frontend-backend interactions. His presentation, dense with practical examples, highlighted the pattern’s potential to enhance performance and maintainability in PHP-driven projects.
Understanding the BFF Pattern
Valentin introduced the BFF pattern as a specialized backend layer tailored to specific frontend needs, acting as a “glue” between diverse APIs and client applications. Drawing from Bedrock’s streaming platform, he explained how BFF aggregates data from multiple backend services, simplifying frontend development. By reducing the complexity of direct API calls, BFF enables faster iteration and better user experiences, particularly for applications with varied frontend requirements like web and mobile interfaces.
Optimizing Performance with Asynchronous Processing
Addressing performance concerns, Valentin detailed Bedrock’s use of the Tornado engine to handle asynchronous API calls within the BFF layer. He explained how parallelizing 10 to 20 API requests ensures reasonable response times, even under heavy loads. Valentin referenced prior talks by colleague Benoit Viguier, emphasizing the importance of non-sequential processing to maintain efficiency. This approach, he argued, mitigates the risk of performance bottlenecks, making BFF a viable solution for high-traffic applications.
Maintaining Clear Boundaries
Valentin emphasized the importance of keeping BFF’s responsibilities minimal to avoid it becoming a monolithic service. At Bedrock, the BFF focuses solely on data aggregation and transformation, leaving business logic to dedicated services. This clear separation ensures maintainability and scalability, preventing the BFF from absorbing unrelated responsibilities. Valentin’s insights, grounded in real-world challenges, offered a blueprint for developers aiming to implement BFF effectively in their PHP projects.
Fostering Collaborative Development
Concluding, Valentin highlighted BFF’s role in fostering collaboration between frontend and backend teams. By providing a unified interface, BFF reduces miscommunication and aligns development efforts. He encouraged developers to adopt BFF incrementally, leveraging its flexibility to enhance project workflows. Valentin’s practical approach inspired attendees to explore BFF as a tool for building robust, frontend-friendly PHP applications, drawing from Bedrock’s successful implementation.
Links:
[NodeCongress2021] Can We Double HTTP Client Throughput? – Matteo Collina
HTTP clients, the sinews of distributed dialogues, harbor untapped vigor amid presumptions of stasis. Matteo Collina, Node.js TSC stalwart, Fastify co-architect, and Pino progenitor, challenges this inertia, unveiling Undici—a HTTP/1.1 vanguard doubling, nay tripling, Node’s native throughput via HOL-blocking evasion.
Matteo’s odyssey traces TCP/IP genesis: Nagle’s algorithm coalesces packets, delaying ACKs—elegant for telnet, anathema for HTTP’s pipelined pleas. Keep-alive sustains sockets, multiplexing requests; yet core http’s single-flight per connection bottlenecks bursts.
Undici disrupts: connection pools parallelize, pipelining dispatches volleys sans serialization. Matteo benchmarks: native peaks at baselines; Undici’s agents—configurable concurrency—surge 3x, streams minimizing JSON parses.
Mitigating Head-of-Line Shadows
HOL’s specter—prior stalls cascade—yields to Undici’s ordered queues, responses slotted sans reordering. Matteo codes: fetch wrappers proxy natives, agents tune origins—pipelining: true unleashes floods.
Comparisons affirm: Undici’s strictness trumps core’s leniency, APIs diverge—request/stream for granularity. Fastify proxy’s genesis birthed Undici, Robert Nagy’s polish primed production.
Matteo’s clarion—agents mandatory, Undici transformative—ushers HTTP’s renaissance, slashing latencies in microservice meshes.
Links:
[NodeCongress2023] Architectural Strategies for Achieving 40 Million Operations Per Second in a Distributed Database
Lecturer: Michael Hirschberg
Michael Hirschberg is a Solutions Engineer with extensive operational experience in distributed database systems, particularly with Couchbase. He is affiliated with Couchbase and has previously served as a Senior System Engineer for eight years at Amadeus. His work focuses on advising companies on optimal database architecture, performance, and scalability, with a notable specialization in handling extremely high-throughput environments. He is based in Erding, Bavaria.
- Institutional Profile/Professional Page: Michael Hirschberg’s talks, articles, workshops, certificates – GitNation
- LinkedIn: in/hirschbergm
- Organization: Couchbase
Abstract
This article investigates the architectural principles and methodological innovations required to sustain database throughput rates of up to 40 million operations per second. The analysis highlights the critical role of in-memory data storage, sophisticated horizontal scaling, and the utilization of “smart clients” to bypass traditional database bottlenecks. Furthermore, the article explores specialized deployments, such as mobile databases designed for an offline-first strategy, and the diverse data access mechanisms necessary for high-performance applications.
Context: The Imperative of Latency and Throughput
In modern distributed computing, especially in applications developed using environments like Node.js, the database often becomes the critical bottleneck to achieving high performance and low latency. The architecture needed to support extremely high operations per second (Ops/S) must diverge significantly from traditional relational or monolithic NoSQL designs.
Methodology: Distributed In-Memory Architecture
The core methodology for achieving extreme throughput centers on an optimized, distributed, in-memory data platform:
- In-Memory Storage: The initial and primary method of storing data is in RAM, which is foundational to the “lightning” speed described for operation execution.
- Sharding and Distribution: The architecture relies on horizontal scaling by sharding the data across multiple nodes. This mechanism distributes the load and ensures that no single machine becomes a point of failure or congestion.
- Smart Clients/SDKs: Crucially, the system utilizes “smart clients” or SDKs that incorporate the sharding logic. These clients calculate the exact node where the data resides and connect directly to that node, bypassing any centralized routing or proxy layer which would otherwise introduce latency.
Analysis of Specialised Data Models and Deployment
Data Structure and Access
The database is built to efficiently digest data in two specific formats: JSON documents and raw binaries.
- Access Mechanisms: Developers can interact with the data using several high-level methods, including:
- SQL for JSON (N1QL): A declarative query language that allows SQL-like querying of JSON data.
- Full Text Search (FTS): Enabling complex, efficient text-based searches across the dataset.
- The architecture explicitly notes a lack of support for Vector databases.
Mobile Database Implementation
A complementary lightweight version of the database is designed for mobile devices, web browsers, and edge hardware like Raspberry Pi.
- Offline-First: This design is built to prioritize working offline, storing data locally on the device.
- Synchronization: Data is synchronized with the main database in the cloud or on-premises via a special component. This component ensures that the mobile device receives only the data it is authorized and supposed to access, maintaining security and data integrity. Mobile databases can also communicate peer-to-peer.
Conclusion
The capability to handle 40 million Ops/S is achieved through a multi-faceted architectural approach that leverages in-memory data, aggressive horizontal sharding, and the crucial innovation of smart clients that eliminate centralized bottlenecks. This methodology minimizes network hops and maximizes read/write performance. Furthermore, specialized components for mobile and edge deployment extend the high-performance model to offline and low-bandwidth environments, confirming the system’s relevance for globally distributed, modern application needs.
Relevant links and hashtags
- Lecture Video: The Database Magic Behind 40MIO Ops/S – Michael Hirschberg, Node Congress 2023
- Lecturer Professional Links:
- LinkedIn: in/hirschbergm
- Organization: Couchbase
Hashtags: #NoSQL #DatabaseArchitecture #HighPerformance #40MIOOpsS #Couchbase #DistributedSystems #NodeCongress
[SpringIO2023] Going Native: Fast and Lightweight Spring Boot Applications with GraalVM
At Spring I/O 2023 in Barcelona, Alina Yurenko, a developer advocate at Oracle Labs, captivated the audience with her deep dive into GraalVM Native Image support for Spring Boot 3.0. Her session, a blend of technical insights, live demos, and community engagement, showcased how GraalVM transforms Spring Boot applications into fast-starting, lightweight native executables that eliminate the need for a JVM. By leveraging GraalVM’s ahead-of-time (AOT) compilation, developers can achieve significant performance gains, reduced memory usage, and enhanced security, making it a game-changer for cloud-native deployments.
GraalVM: Beyond a Traditional JDK
Alina began by demystifying GraalVM, a versatile platform that extends beyond a standard JDK. While it can run Java applications using the OpenJDK HotSpot VM with an optimized Graal compiler, the spotlight was on its Native Image feature. This AOT compilation process converts a Spring Boot application into a standalone native executable, stripping away runtime code loading and compilation. The result? Applications that start in fractions of a second and consume minimal memory. Alina emphasized that GraalVM’s ability to include only reachable code—application logic, dependencies, and necessary JDK classes—reduces binary size and enhances efficiency, a critical advantage for cloud environments where resources are costly.
Performance and Resource Efficiency in Action
Through live demos, Alina illustrated GraalVM’s impact using the Spring Pet Clinic application. On her laptop, the JVM version took 1.5 seconds to start, while the native executable launched in just 0.3 seconds—a fivefold improvement. The native version was also significantly smaller, at roughly 50 MB without compression, compared to the JVM’s bulkier footprint. To stress-test performance, Alina ran a million requests against a simple Spring Boot app, comparing JVM and native modes. The JVM achieved 80k requests per second, while the native image hit 67k. However, with profile-guided optimizations (PGO), which mimic JVM’s runtime profiling at build time, the optimized native version reached 81k requests per second, rivaling JVM peak throughput. These demos underscored GraalVM’s ability to balance startup speed, low memory usage, and competitive throughput.
Security and Compact Packaging
Alina highlighted GraalVM’s security benefits, noting that native images eliminate runtime code loading, reducing attack vectors like those targeting just-in-time compilation. Only reachable code is included, minimizing the risk of unused dependencies introducing vulnerabilities. Dynamic features like reflection require explicit configuration, ensuring deliberate control over runtime behavior. On packaging, Alina showcased how native images can be compressed using tools like UPX, achieving sizes as low as a few megabytes, though she cautioned about potential runtime decompression trade-offs. These features make GraalVM ideal for deploying compact, secure applications in constrained environments like Kubernetes or serverless platforms.
Practical Integration with Spring Boot
The session also covered GraalVM’s seamless integration with Spring Boot 3.0, which graduated Native Image support from the experimental Spring Native project to general availability in November 2022. Spring Boot’s AOT processing step optimizes applications for native compilation, reducing reflective calls and generating configuration files for GraalVM. Alina demonstrated how Maven and Gradle plugins, along with the GraalVM Reachability Metadata Repository, simplify builds by automatically handling library configurations. For developers, this means minimal changes to existing workflows, with tools like the tracing agent and Spring’s runtime hints easing the handling of dynamic features. Alina’s practical advice—develop on the JVM for fast feedback, then compile to native in CI/CD pipelines—resonated with attendees aiming to adopt GraalVM.
Links:
[DevoxxUA2023] Panel Discussion: AI – Friend or Foe?
Moderated by Oleg Tsal-Tsalko, Senior Solution Architect at EPAM, the Devoxx Ukraine 2023 panel discussion, AI: Friend or Foe?, brought together experts Evgeny Borisov, Mary Grygleski, Andriy Mulyar, and Sean Phillips to explore the transformative impact of AI on software development and society. The discussion delves into AI’s potential to augment or disrupt, addressing ethical concerns, practical applications, and the skills developers need to thrive in an AI-driven world. This engaging session aligns with the conference’s focus on AI’s role in shaping technology’s future.
AI’s Impact on Software Development
The panel opens with a provocative question: does AI threaten software development jobs? Evgeny and Andriy assert that AI will not replace developers but rather enhance their productivity, acting as a “third arm.” Evgeny notes that many developers, especially juniors, already use tools like ChatGPT alongside their IDEs, streamlining tasks like code generation and documentation lookup. This shift, he argues, allows developers to focus on creative problem-solving rather than rote tasks, making development more engaging and efficient.
Mary reinforces this, suggesting that AI may create new roles, such as prompt engineers, to manage and optimize AI interactions. The panel agrees that while fully autonomous AI agents are still distant, current tools empower developers to deliver higher-quality code faster, transforming the development process into a more strategic and innovative endeavor.
Ethical and Societal Implications
The discussion shifts to AI’s ethical challenges, with Andriy highlighting the risk of “hallucinations”—incorrect or fabricated outputs from LLMs due to incomplete data. Mary adds that unintentional harm, such as misusing generated content, is a significant concern, urging developers to approach AI with caution and responsibility. Sean emphasizes the need for regulation, noting that the lack of oversight could lead to misuse, such as generating misleading content or exploiting personal data.
The panelists stress the importance of transparency, with Evgeny questioning the trustworthiness of AI providers like OpenAI, which may use user inputs to improve their models. This raises concerns about data privacy and intellectual property, prompting a call for developers to be mindful of the tools they use and the data they share.
Educating for an AI-Driven Future
A key theme is the need for broader AI literacy. Andriy advocates for basic machine learning education, even for non-technical users, to demystify AI systems. He suggests resources like MIT’s introductory ML courses to help individuals understand the “black box” of AI, enabling informed interactions. Mary agrees, emphasizing that understanding AI’s implications—without needing deep technical knowledge—can prevent unintended consequences, such as misinterpreting AI outputs.
The panelists encourage developers to learn prompt engineering, as well-formulated prompts significantly improve AI outputs. Evgeny shares that a well-named class or minimal context can yield better results than overly detailed prompts, highlighting the importance of clarity and precision in AI interactions.
Preparing Developers for AI Integration
The panel concludes with practical advice for developers. Sean recommends exploring AI tools to stay competitive, echoing the sentiment that “AI will not replace you, but people using AI will.” Evgeny suggests starting with simple resources, like YouTube tutorials, to master prompt engineering and understand AI capabilities. Mary highlights emerging tools like LangStream, an open-source library for event streaming in RAG patterns, showcasing how AI can integrate with real-time data processing.
The discussion, moderated with skill by Oleg, inspires developers to embrace AI as a collaborative tool while remaining vigilant about its challenges. By fostering education, ethical awareness, and technical proficiency, the panelists envision a future where AI empowers developers to innovate responsibly.
Links:
- EPAM website
- DataStax website
- Nomic AI website
- Oleg Tsal-Tsalko on Twitter
- Evgeny Borisov on Twitter
- Mary Grygleski on Twitter
- Andriy Mulyar on Twitter
- Sean Phillips on Twitter
Hashtags: #AI #SoftwareDevelopment #Ethics #MachineLearning #PromptEngineering #EPAM #DataStax #NomicAI #OlegTsalTsalko #EvgenyBorisov #MaryGrygleski #AndriyMulyar #SeanPhillips #DevoxxUkraine2023
[NodeCongress2021] Panel Discussion – Node.js in the Cloud
Cloud paradigms reshape Node.js landscapes, blending serverless ephemera with containerized constancy, as dissected in this convocation. Moderated discourse features Ali Spittel, AWS Amplify advocate and digital nomad; Eran Hammer, Sideway founder weaving narrative webs; Ruben Casas, American Express engineer pioneering micro-frontends; and Slobodan Stojanovic, Cloud Horizon CTO scaling Vacation Tracker’s serverless saga.
Ali champions Amplify’s frictionless ingress: Git-based deploys, CI/CD alchemy transmute code to globals—Lambda for backends, AppSync for GraphQL. Eran probes costs: fixed fleets versus invocation metering, cold starts’ latency tax. Ruben extols IaC: CDK’s constructs blueprint stacks, Terraform’s declarative drifts ensure idempotence.
Slobodan chronicles evolution: singleton Lambda to hexagonal CQRS ensembles, LocalStack mocks integrations. Consensus: serverless abstracts ops, yet demands async mastery—promises over callbacks, hexagonal ports insulate.
Deployment Dynamics and Cost Conundrums
Deploys diverge: Amplify’s wizardry suits solos, Claudia.js blueprints APIs. Containers—Docker/K8s—orchestrate statefuls, Fargate abstracts. Costs confound: Slobodan’s $250/month belies bugs’ $300 spikes; alarms mitigate.
Ali lauds functions’ scalability sans provisioning; Eran tempers with vendor lock perils. Ruben integrates OneApp’s runtime swaps.
Observability and IoT Intersections
Tracing threads via X-Ray/OpenTelemetry; Datadog dashboards divine. IoT? Node’s WebSockets shine—process streams via Amplify, hexagonal fits serverless.
Panel’s tapestry—diverse voices—illuminates Node.js’s cloud ascent, from fledgling functions to enterprise echelons.
Links:
[PHPForumParis2022] Exploring DDD and Functional Programming Practices – Benjamin Rambaud
Benjamin Rambaud, an accomplished PHP engineer at ekino, delivered an engaging presentation at PHP Forum Paris 2022, inviting developers to explore Domain-Driven Design (DDD) and functional programming to enhance their craft. With a nod to the collaborative spirit of the event, Benjamin adopted a market-like metaphor, encouraging attendees to “pick and choose” principles from DDD and functional programming to enrich their PHP projects. His talk, informed by his role as a co-organizer of AFUP Bordeaux, offered practical insights into improving code quality and project communication, drawing from established methodologies while urging developers to adapt them thoughtfully.
Foundations of Domain-Driven Design
Benjamin opened by demystifying DDD, a methodology focused on modeling complex business domains with precision. He emphasized the Ubiquitous Language, a shared vocabulary that aligns developers, stakeholders, and domain experts, fostering clearer communication. By prioritizing domain logic over technical details, DDD isolates business rules, making code more maintainable and expressive. Benjamin illustrated this with examples from his work at ekino, showing how DDD’s strategic patterns, like bounded contexts, help developers encapsulate business logic effectively, reducing framework dependency.
Leveraging Functional Programming
Shifting to functional programming, Benjamin highlighted its synergy with PHP’s multi-paradigm nature. He introduced concepts like pure functions, immutability, and value objects, which enhance testability and predictability. By integrating these principles, developers can create robust, error-resistant codebases. Benjamin drew from his experience with Drupal, demonstrating how functional programming complements DDD by isolating domain logic from framework-specific code, allowing for greater flexibility and maintainability in PHP projects.
Practical Implementation and Hexagonal Architecture
Delving into practical applications, Benjamin advocated for hexagonal architecture as a cornerstone of DDD in PHP. This approach uses ports and adapters to decouple business logic from external systems, enabling seamless integration with frameworks like Symfony. He cautioned against rigid adherence to frameworks, referencing resources like Mathias Verraes’ blog for deeper insights into DDD patterns. Benjamin’s practical advice, grounded in real-world examples, encouraged developers to experiment with repositories and interfaces tailored to their project’s needs, fostering adaptable and resilient code.
Balancing Frameworks and Principles
Concluding, Benjamin urged developers to understand their frameworks deeply while embracing external paradigms to avoid being constrained by default configurations. He emphasized that DDD and functional programming are not rigid doctrines but flexible tools to be adapted contextually. By encouraging exploration of languages like Elixir or OCaml, Benjamin inspired attendees to broaden their perspectives, enhancing their ability to craft high-quality, business-aligned PHP applications through thoughtful experimentation.
Links:
[DevoxxUA2023] Orchestrate Your AI with Semantic Kernel
Soham Dasgupta, a Cloud Solution Architect at Microsoft, presented an illuminating session at Devoxx Ukraine 2023, titled Orchestrate Your AI with Semantic Kernel. With over 16 years of experience in software development, Soham demystifies the complexities of integrating AI into applications using Microsoft’s Semantic Kernel SDK. His talk, featuring live coding, provides developers with practical tools to harness large language models (LLMs), aligning with the conference’s focus on AI-driven development.
Understanding Semantic Kernel
Soham introduces Semantic Kernel, an open-source SDK designed to simplify the integration of LLMs into applications. He explains that Semantic Kernel acts as an orchestrator, enabling developers to manage AI requests and responses efficiently. Unlike other frameworks like LangChain, which supports a broader range of LLMs, Semantic Kernel is optimized for Azure Open AI and select models, offering a streamlined approach for Java developers.
Through a live coding demo, Soham demonstrates how Semantic Kernel reduces code verbosity, allowing developers to focus on business logic and prompt design. He showcases a simple application connecting to an LLM, highlighting how the SDK abstracts complex interactions, making AI integration accessible even for those new to the technology.
Simplifying AI Integration
Delving deeper, Soham illustrates how Semantic Kernel enables modular application design. Developers can create objects to connect to specific LLMs, ensuring flexibility without overwhelming complexity. He advises against combining multiple LLMs in a single application, as their non-deterministic nature can introduce unpredictability. Instead, Soham recommends selecting a framework that aligns with the chosen LLM, such as Semantic Kernel for Azure Open AI or LangChain for broader compatibility, including Hugging Face or LLaMA.
His demo emphasizes practical use cases, such as generating context-aware responses for conversational applications. By leveraging Semantic Kernel, developers can orchestrate AI workflows efficiently, reducing development time and enhancing application responsiveness, a key theme of the conference.
Addressing Data Privacy Concerns
Soham addresses a critical concern raised throughout the conference: data privacy in AI applications. He explains that Azure Open AI ensures data remains within a user’s subscription, offering robust privacy controls for enterprise use. In contrast, public versions of LLMs, like Open AI’s standard endpoints, may use data for further training unless an enterprise version is selected. Soham urges developers to read the fine print before integrating LLMs, as sensitive data, such as customer contracts, could inadvertently contribute to model training if not handled properly.
This focus on privacy aligns with the conference’s discussions on ethical AI, providing developers with practical guidance to navigate enterprise requirements while leveraging AI’s capabilities.
Practical Recommendations for Developers
Soham concludes by encouraging developers to explore Semantic Kernel through Microsoft’s Azure platform, which offers resources for hands-on learning. His live coding demo, despite the pressure of a live audience, showcases the SDK’s ease of use, inspiring developers to experiment with AI orchestration. Soham invites further engagement via social platforms, sharing his enthusiasm for building AI-driven applications that are both powerful and responsible.
His presentation, delivered with clarity and technical expertise, equips developers with the tools to integrate AI seamlessly, fostering innovation while addressing practical and ethical considerations.
Links:
Hashtags: #AI #SemanticKernel #LargeLanguageModels #Azure #Java #Microsoft #SohamDasgupta #DevoxxUkraine2023