Posts Tagged ‘CI’
[DotSecurity2017] DevOps and Security
In development’s dynamic deluge, where velocity’s vortex vanquishes venerable verities, security’s synthesis with speed spawns safer sanctums. Zane Lackey, Signal Sciences’ CTO and Etsy alumnus, shared this synthesis at dotSecurity 2017, recounting Etsy’s evolution from waterfall’s wane to DevOps’ dawn—100 deploys diurnal, security self-sufficiency’s sunrise. A sentinel schooled in scaling safeguards, Zane’s zeitgeist: shift from gatekeeper’s glower to enabler’s embrace, visibility’s vista vitalizing vigilance.
Zane’s zeitgeist zeroed on transformations: velocity’s vault (18 months to moments), infrastructure’s illusion (cloud’s churn, containers’ cadence), ownership’s osmosis (devs’ dominion over deploys). Security’s schism: outsourced obstruction to integrated impetus—feedback’s flux fostering fixes. Etsy’s ethos: blameless postmortems’ balm, chatops’ chorus—vulnerabilities vocalized via Slack’s summons, fixes’ fanfare.
Visibility’s vanguard: dashboards’ dawn, signals’ symphony—Signal Sciences’ sentry sensing surges. Feedback’s finesse: CI’s critique, pull requests’ probes—vulnerabilities voiced in vernacular. Zane’s vignette: researcher’s rapport, exploits eclipsed by ephemeral emends—positive parleys from proactive patches.
DevOps’ dividend: safety’s surge in speed’s slipstream—mortals empowered, mishaps mitigated.
Transformations’ Tide and Security’s Shift
Zane zeroed on zeal: velocity’s vault, cloud’s churn—ownership’s osmosis. Gatekeeper’s glower to enabler’s embrace.
Visibility’s Vista and Feedback’s Flux
Dashboards’ dawn, chatops’ chorus—CI’s critique, pull’s probes. Zane’s vignette: researcher’s rapport, ephemeral emends.
Links:
[DevoxxFR2013] The Space Mountain of Enterprise Java Development
Lecturer
Florent Ramière brings over a decade of software development and project management experience. After years in the US at a software editor and a stint at Capgemini upon returning to France, he co-founded Jaxio with Nicolas Romanetti in 2005. Jaxio offers code generation via Celerio; in 2009, they launched SpringFuse.com, an online version. Active in Paris Java scenes like ParisJUG and Coding Dojos.
Abstract
Florent Ramière’s dynamic demonstration navigates enterprise Java development’s complexities, showcasing tools like Maven, Spring, JPA, and more in a live Eclipse session. Emphasizing practical efficiencies for data-heavy applications, he covers CRUD operations, testing, profiling, and CI. The talk reveals techniques for rapid, robust development, highlighting simplicity’s challenges and offering actionable insights for real-world projects.
Setting the Stage: Tools and Environment for Efficient Development
Ramière begins with audience polling: most work on Java EE/Spring applications involving databases, often exceeding 100 tables. He focuses on large-scale management apps, sharing experiences from consulting across projects.
Demonstrating in Eclipse with Jetty embedded, he launches an internationalized app using an in-memory database for independence. Maven builds the project; SpringFuse aggregates best practices.
Key promise: simplicity is hard; knowing tools accelerates work. If nothing new learned, a Mojito offered – or a fun fact on calculating light speed with chocolate.
The app handles accounts: listing, searching, navigating. CRUD dominates; business logic intersperses.
Core Operations: Querying, Validation, and Data Manipulation
Search uses query-by-example: fields like ‘admin’ or ‘Tokyo’ filter results. JPA with Hibernate enables this; Bean Validation ensures integrity.
Editing involves JSF with PrimeFaces for UI: dialogs, calendars, auto-completes. Commons and Guava libraries aid utilities; Lombok reduces boilerplate.
Saving triggers validations: required fields, formats. Excel exports via JXLS; imports validate before persisting.
Full-text search with Hibernate Search (Lucene) indexes entities, supporting fuzzy matches and facets.
@Entity
@Indexed
public class User {
@Id
private Long id;
@Field(index=Index.YES, analyze=Analyze.YES)
private String name;
// ...
}
This annotates for indexing, enabling advanced queries.
Testing and Quality Assurance: From Unit to Integration
JUnit with Fest-Assert and Mockito tests services: mocking DAOs, verifying behaviors.
Selenium with Firefox automates UI tests: navigating, filling forms, asserting outcomes.
JMeter scripts load tests: threading simulates users, measuring throughput.
Sonar integrates for code reviews: violations, discussions directly in Eclipse.
@Test
public void testService() {
User user = mock(User.class);
when(user.getName()).thenReturn("Test");
assertEquals("Test", service.getUserName(1L));
}
Mockito example for isolated testing.
Performance and Deployment: Profiling and Continuous Integration
JProfiler attaches for heap/thread analysis: identifying leaks, optimizing queries.
Hudson (now Jenkins) builds via Maven: compiling, testing, deploying WARs.
iSpace visualizes dependencies, aiding architecture.
Profiles manage environments: dev/test/prod configurations.
Navigating Complexities: Best Practices and Pitfalls
Ramière advises command-line Maven for reliability; avoid outdated WTP.
For large schemas, tools like SpringFuse generate CRUD, reducing tedium.
NoSQL suits big data, but relational fits structured needs; patterns transfer.
Embrace profiles for configurations; Git for code reviews alongside Sonar/Gerrit.
Impact of profilers on tests: significant, but use for targeted optimizations via thread dumps.
In conclusion, enterprise Java demands tool mastery for efficiency; simplicity emerges from knowledge.