Jonathan Lalou's Blog

Posts Tagged ‘DevoxxFR’

Presented by Marit van Dijk (JetBrains)

IntelliJ IDEA is renowned for being a powerful and intelligent Integrated Development Environment (IDE) designed to help developers stay in the flow and maximize their productivity. With its rich set of features, including a smart editor, powerful refactorings, seamless navigation, and integrated tools for various technologies, IntelliJ IDEA aims to provide a comprehensive development experience without the need to leave the IDE. Marit van Dijk from JetBrains showcases how to leverage these capabilities to become a happier and more productive developer.

Marit’s talk delves into the myriad of features that contribute to developer productivity in IntelliJ IDEA. She highlights how the IDE supports various workflows and provides tools for everything from writing and reading code to debugging, testing, and working with databases and version control systems.

Staying in the Flow with a Smart IDE

Maintaining focus and staying in the “flow state” is crucial for developer productivity. Frequent context switching, interruptions, and wrestling with inefficient tools can easily break this flow. Marit van Dijk emphasizes that IntelliJ IDEA is designed to minimize these distractions and help developers stay focused on writing code.

She showcases the IDE’s intelligent code editor, which provides smart code completion, code analysis, and quick fixes. Features like intention actions and context-aware suggestions help developers write code more efficiently and accurately, reducing the need to manually search for syntax or API usage.

Powerful Refactorings and Navigation

Refactoring code is an essential part of maintaining code quality and improving the design of an application. IntelliJ IDEA offers a wide range of powerful automated refactorings that can significantly speed up this process and reduce the risk of introducing errors. Marit demonstrates some of the most useful refactorings, such as renaming variables or methods, extracting methods or interfaces, and changing method signatures.

Seamless navigation within a codebase is also critical for understanding existing code and quickly jumping between different parts of the project. Marit highlights IntelliJ IDEA’s navigation features, such as jumping to declarations or usages, navigating through recent files and locations, and searching for symbols or files by name. These features allow developers to explore their codebase efficiently and find the information they need quickly.

Integrated Tools for a Comprehensive Workflow

Modern software development involves working with a variety of tools and technologies beyond just the code editor. IntelliJ IDEA integrates with a wide range of popular tools, providing a unified experience within the IDE. Marit van Dijk showcases how IntelliJ IDEA seamlessly integrates with:

• Build Tools: Maven and Gradle for managing project dependencies and building applications.
• Version Control Systems: Git and others for managing code changes and collaborating with team members.
• Databases: Tools for connecting to databases, Browse schemas, writing and executing queries, and managing data.
• Test Tools: Integration with testing frameworks like JUnit and TestNG for writing, running, and debugging tests.
• Debugging: A powerful debugger for stepping through code, inspecting variables, and diagnosing issues.

By providing these integrated tools, IntelliJ IDEA allows developers to perform most of their tasks without leaving the IDE, minimizing context switching and improving productivity.

AI-Powered Assistance

In addition to its traditional features, IntelliJ IDEA is also incorporating AI-powered assistance to further enhance developer productivity. Marit touches upon features like the AI Assistant, which can provide code suggestions, generate documentation, and even explain complex code snippets.

She might also mention tools sounding like “Juny”, a coding agent that can perform more complex coding tasks, such as generating boilerplate code or creating prototypes. These AI-powered features aim to automate repetitive tasks and provide developers with intelligent assistance throughout their workflow.

Conclusion: A Happier and More Productive Developer

Marit van Dijk concludes by reinforcing the message that leveraging the features of IntelliJ IDEA can make developers happier and more productive. By providing a smart editor, powerful refactorings, seamless navigation, integrated tools, and AI-powered assistance, the IDE helps developers stay in the flow, write better code, and focus on delivering value.

The talk encourages developers to explore the full potential of IntelliJ IDEA and customize it to fit their specific workflows. By making the most of the IDE’s capabilities, developers can significantly improve their efficiency and enjoy a more productive and fulfilling coding experience.

Hashtags: #DevoxxFR2025 #IntelliJIDEA #IDE #DeveloperProductivity #Java #Coding #Refactoring #Debugging #AI #JetBrains #MaritvanDijk

• [DevoxxFR] Kill Your Branches, Do Feature Toggles
• [DevoxxFR] An Ultrasonic Adventure!
• [DevoxxFR] How to be a Tech Lead in an XXL Pizza Team Without Drowning
• [DevoxxFR 2017] Why Your Company Should Store All Its Code in a Single Repo
• [DevoxxFR 2017] Introduction to the Philosophy of Artificial Intelligence
• [DevoxxFR 2017] Terraform 101: Infrastructure as Code Made Simple
• [DevoxxFR 2018] Deploying Microservices on AWS: Compute Options Explored at Devoxx France 2018
• [DevoxxFR 2018] Software Heritage: Preserving Humanity's Software Legacy
• [DevoxxFR 2018] Apache Kafka: Beyond the Brokers – Exploring the Ecosystem
• [DevoxxFR 2018] Are you "merge" or "rebase" oriented?
• A Decade of Devoxx FR and Java Evolution: A Detailed Retrospective and Forward-Looking Analysis
• [DevoxxFR 2022] Exploiter facilement des fonctions natives avec le Projet Panama depuis Java
• Kafka Streams @ Carrefour : Traitement big data à la vitesse de l’éclair
• [DevoxxFR 2022] Père Castor 🐻, raconte-nous une histoire (d’OPS)
• [DevoxFR 2022] Cracking Enigma: A Tale of Espionage and Mathematics
• [VivaTech 2021] Tech to Rethink Our Workplace at VivaTech 2021
• [VivaTech 2021] Emmanuel Macron : Championing European Scale-Ups and Innovation
• [DevoxxFR 2021] Maximizing Productivity with Programmable Ergonomic Keyboards: Insights from Alexandre Navarro
• [Devoxx FR 2021] IoT Open Source at Home
• [VivaTech 2019] Funding and Growing Tomorrow's Unicorns
• [VivaTech 2019] What's Your Next Bet
• [Devoxx France 2021] Overcoming Impostor Syndrome: Practical Tips
• [VivaTech 2018] How VCs Are Growing Tomorrow's Euro-corns
• [ScalaDays 2019] Techniques for Teaching Scala
• Kotlin Native Concurrency Explained by Kevin Galligan
• [DevoxxFR 2018] Java in Docker: Best Practices for Production
• [DevoxxFR 2018] Watch Out! Don't Plug in That USB, You Might Get Seriously Hacked!
• Gradle: A Love-Hate Journey at Margot Bank
• Navigating the Application Lifecycle in Kubernetes
• [DevoxxFR 2019] Back to Basics: Stop Wasting Time with Dates
• "All Architects !": Empowering Every Developer as an Architect
• Navigating the Challenges of Legacy Systems
• "A monolith, or nothing!": Embracing the Monolith at Ornikar
• Event Sourcing Without a Framework: A Practical Approach
• [DevoxxFR 2023] Hexagonal Architecture in 15 Minutes: Simplifying Complex Systems
• [DevoxxFR 2023] Tests, an Investment for the Future: Building Reliable Software
• Ce que l’open source peut apprendre des startups : Une perspective nouvelle
• Et si on parlait un peu de sécurité ? Un guide pour les développeurs
• Navigating the Reactive Frontier: Oleh Dokuka’s Reactive Streams at Devoxx France 2023
• Meet with Others: tools for speech
• Gestion des incidents : Parler et agir
• Decoding Shazam: Unraveling Music Recognition Technology
• [AWS Summit Berlin 2023] Go-to-Market with Your Startup: Tips and Best Practices from VC Investors
• [KotlinConf'23] The Future of Kotlin is Bright and Multiplatform
• [KotlinConf'2023] Coroutines and Loom: A Deep Dive into Goals and Implementations
• [GopherCon UK 2022] Leading in Tech
• [Spring I/O 2023] Multitenant Mystery: Only Rockers in the Building by Thomas Vitale
• [Spring I/O 2023] Do You Really Need Hibernate?
• [Spring I/O 2023] Managing Spring Boot Application Secrets: Badr Nass Lahsen
• [KotlinConf2023] Java and Kotlin: A Mutual Evolution
• A Tricky Java Question
• SnowFlake❄: Why does SUM() return NULL instead of 0?
• JpaSystemException: A collection with cascade="all-delete-orphan" was no longer referenced by the owning entity instance
• SpringBatch: How to have different schedules, per environment, for instance: keep the fixedDelay=60000 in prod, but schedule with a Cron expression in local dev?
• 🚀 Making Spring AOP Work with Struts 2: A Powerful Combination! 🚀
• 🚀 Mastering Flyway Migrations with Maven
• [Devoxx FR 2024] Instrumenting Java Applications with OpenTelemetry: A Comprehensive Guide
• [Devoxx FR 2024] Mastering Reproducible Builds with Apache Maven: Insights from Hervé Boutemy
• Understanding Dependency Management and Resolution: A Look at Java, Python, and Node.js
• [PyData Paris 2024] Exploring Quarto Dashboard for Impactful and Visual Communication
• Onyxia: A User-Centric Interface for Data Scientists in the Cloud Age
• Boosting AI Reliability: Uncertainty Quantification with MAPIE
• Predictive Modeling and the Illusion of Signal
• Building Intelligent Data Products at Scale
• Renovate/Dependabot: How to Take Control of Dependency Updates
• [PyData Global 2024] Making Gaussian Processes Useful
• [AWS Summit Paris 2024] Winning Fundraising Strategies for 2024
• [DevoxxFR 2024] Super Tech’Rex World: The Assembler Strikes Back
• [KotlinConf2024] Hacking Sony Cameras with Kotlin
• [DevoxxFR 2024] Going AOT: Mastering GraalVM for Java Applications
• Java's Emerging Role in AI and Machine Learning: Bridging the Gap to Production
• CTO Perspective: Choosing a Tech Stack for Mainframe Rebuild
• Elastic APM: When to Use @CaptureSpan vs. @CaptureTransaction?
• How to Bypass Elasticsearch’s 10,000-Result Limit with the Scroll API
• Problem: Spring JMS MessageListener Stuck / Not Receiving Messages
• Efficient Inter-Service Communication with Feign and Spring Cloud in Multi-Instance Microservices
• Mastering DNS Configuration: A, AAAA, CNAME, and Best Practices with OVH
• Advanced Encoding in Java, Kotlin, Node.js, and Python
• Understanding volatile in Java: A Deep Dive with a Cloud-Native Use Case
• Quick and dirty script to convert WordPress export file to Blogger / Atom XML
• Why Project Managers Must Guard Against “Single Points of Failure” in Human Capital
• RSS to EPUB Converter: Create eBooks from RSS Feeds
• Essential Security Considerations for Docker Networking
• CTO's Wisdom: Feature Velocity Over Premature Scalability in Early-Stage Startups
• AWS S3 Warning: “No Content Length Specified for Stream Data” – What It Means and How to Fix It
• The CTO's Tightrope Walk: Deeper into the Hire vs. Outsource Dilemma
• Understanding Chi-Square Tests: A Comprehensive Guide for Developers
• Creating EPUBs from Images: A Developer's Guide to Digital Publishing
• The Fractional CTO: A Strategic Ally or a Risky Gamble?
• Orchestrating Progress: A CTO's Strategy for Balancing Innovation and Stability
• 🚀 Making Spring AOP Work with Struts 2: A Powerful Combination! 🚀
• Bridging the Divide: CTO Communication with Aliens (aka: Non-Technical Stakeholders)
• 5 Classic Software Security Holes Every Developer Should Know
• Advanced Java Security: 5 Critical Vulnerabilities and Mitigation Strategies
• Using Redis as a Shared Cache in AWS: Architecture, Code, and Best Practices
• 🗄️ AWS S3 vs. MinIO – Choosing the Right Object Storage
• Demystifying Parquet: The Power of Efficient Data Storage in the Cloud
• ️ Prototype Pollution: The Silent JavaScript Vulnerability You Shouldn’t Ignore
• Mastering Information Structure: A Deep Dive into Lists and Nested Lists Across Document Formats
• Applications Web with Spring Boot 2.0
• Script to clean WSL and remove Ubuntu from Windows 11
• [Oracle Dev Days 2025] From JDK 21 to JDK 25: Jean-Michel Doudoux on Java’s Evolution

At Devoxx France 2024, Shirley Almosni Chiche, an independent IT recruiter and career agent, delivered a dynamic session titled “Debuggez votre salaire ! Mes stratégies gagnantes pour réussir sa négociation salariale.” With over a decade of recruitment experience, Shirley unpacked the complexities of salary negotiation, offering actionable strategies to overcome common obstacles. Through humor, personas, and real-world insights, she empowered developers to approach salary discussions with confidence and preparation, transforming a daunting process into a strategic opportunity.

Navigating the Salary Minefield

Shirley opened with a candid acknowledgment: salary discussions are fraught with tension, myths, and frustrations. Drawing from her role at Build RH, her recruitment firm, she likened salary negotiation to a high-stakes race, where candidates endure lengthy recruitment processes only to face disappointing offers. Common employer excuses—“we must follow the salary grid,” “we can’t pay more than existing staff,” or “the budget is tight”—often derail negotiations, leaving candidates feeling undervalued.

To frame her approach, Shirley introduced six “bugs” that justify low salaries, each paired with a persona representing typical employer archetypes. These included the rigid “Big Corp” manager enforcing salary grids, the team-focused “Didier Deschamps” avoiding pay disparities, and the budget-conscious “François Damiens” citing financial constraints. Other personas, like the overly technical “Elon” scrutinizing code, the relentless negotiator “Patrick,” and the discriminatory “Hubert,” highlighted diverse challenges candidates face.

Shirley shared market insights, noting a 2023–2024 tech slowdown with 200,000 global layoffs, reduced venture funding, and a shift toward cost-conscious industries like banking and retail. This context, she argued, demands strategic preparation to secure fair compensation.

Countering the Bugs: Tactical Responses

For each bug, Shirley offered counter-arguments rooted in empathy and alignment with employer priorities. Against the salary grid, she advised exploring non-salary benefits like profit-sharing or PERCO plans, common in large firms. Using a “mirror empathy” tactic, candidates can frame salary needs in the employer’s language—e.g., linking pay to productivity. Challenging outdated grids by highlighting market research or internal surveys also strengthens arguments.

For the “Didier Deschamps” persona, Shirley suggested emphasizing unique skills (e.g., full-stack expertise in a backend-heavy team) to justify higher pay without disrupting team cohesion. Proposing contributions like speaking at conferences or aiding recruitment can further demonstrate value. She shared a success story where a candidate engaged the team directly, securing a better offer through collective dialogue.

When facing “François Damiens” and financial constraints, Shirley recommended focusing on risk mitigation. For startups, candidates can negotiate stock options or bonuses, arguing that their expertise accelerates product delivery, saving recruitment costs. Highlighting polyvalence—combining skills like development, data, and security—positions candidates as multi-role assets, justifying premium pay.

For technical critiques from “Elon,” Shirley urged immediate feedback post-interview to address perceived weaknesses. If gaps exist, candidates should negotiate training opportunities to ensure long-term fit. Pointing out evaluation mismatches (e.g., testing frontend skills for a backend role) can redirect discussions to relevant strengths.

Against “Patrick,” the negotiator, Shirley advised setting firm boundaries—two rounds of negotiation max—to avoid endless haggling. Highlighting project flaws tactfully and aligning expertise with business goals can shift the dynamic from adversarial to collaborative.

Addressing Discrimination: A Sobering Reality

Shirley tackled the “Hubert” persona, representing discriminatory practices, with nuance. Beyond gender pay gaps, she highlighted biases against older candidates, neurodivergent individuals, those with disabilities, and career switchers. Citing her mother’s experience as a Maghrebi woman facing a 20% pay cut, Shirley acknowledged the harsh realities for marginalized groups.

Rather than dismissing discriminatory offers outright, she advised viewing them as career stepping stones. Candidates can leverage such roles for training or experience, using “mirror empathy” to negotiate non-salary benefits like remote work or learning opportunities. While acknowledging privilege, Shirley urged resilience, encouraging candidates to “lend an ear to learning” and rebound from setbacks.

Mastering Preparation: Anticipating the Negotiation

Shirley emphasized proactive preparation as the cornerstone of successful negotiation. Understanding one’s relationship with money—shaped by upbringing, traumas, or social pressures—is critical. Some candidates undervalue themselves due to impostor syndrome, while others see salary as a status symbol or family lifeline. Recognizing these drivers informs negotiation strategies.

She outlined key preparation steps:

• Job Selection: Target roles within your expertise and in high-paying sectors (e.g., cloud, security) for better leverage. Data roles can yield 7–13% salary gains.
• Market Research: Use resources like Choose Your Boss or APEC barometers to benchmark salaries. Shirley noted Île-de-France salaries exceed regional ones by 10–15K, with a 70K ceiling for seniors in 2023.
• Company Analysis: Assess financial health via LinkedIn or job ad longevity. Long-posted roles signal negotiation flexibility.
• Recruiter Engagement: Treat initial recruiter calls as data-gathering opportunities, probing team culture, hiring urgency, and technical expectations.
• Value Proposition: Highlight impact—product roadmaps, technical migrations, or team mentoring—early in interviews to set a premium tone.

Shirley cautioned against oversharing personal financial details (e.g., current salary or expenses) during salary discussions. Instead, provide a specific range (e.g., “around 72K”) based on market data and role demands. Mentioning parallel offers tactfully can spur employers to act swiftly.

Sealing the Deal: Confidence and Coherence

In the final negotiation phase, Shirley advised a 48-hour reflection period after receiving an offer, consulting trusted peers for perspective. Counteroffers should be fact-based, reiterating interview insights and using empathetic language. Timing matters—avoid Mondays or late Fridays for discussions.

Citing APEC data, Shirley noted that 80% of executives who negotiate are satisfied, with 65% securing their target salary or higher. She urged candidates to remain consistent, avoiding last-minute demands that erode trust. Beyond salary, consider workplace culture, inclusion, and work-life balance to ensure long-term fit.

Shirley closed with a rallying call: don’t undervalue your skills or settle for less. By blending preparation, empathy, and resilience, candidates can debug their salary negotiations and secure rewarding outcomes.

Links:

• Bild-RH official website
• APEC official website
• Choose Your Boss

Hashtags: #SalaryNegotiation #DevoxxFrance #CareerDevelopment #TechRecruitment

My former estimated colleague François Nollen, a technical expert at SNCF Connect & Tech, delivered an engaging talk at Devoxx France 2024 on the role of the Staff Engineer. Often overshadowed by the more familiar Engineering Manager position, the Staff Engineer role is gaining traction as a critical path for technical leadership without management responsibilities. François shared his journey and insights into how Staff Engineers operate at SNCF Connect, offering a blueprint for developers aspiring to influence organizations at scale. This post explores the role’s responsibilities, its impact, and its relevance in modern tech organizations.

Defining the Staff Engineer Role

The Staff Engineer role, rooted in Silicon Valley’s tech giants, represents a senior technical contributor who drives impact across multiple teams without managing them directly. François described Staff Engineers as versatile problem-solvers, blending deep technical expertise with strong collaboration skills. Unlike Engineering Managers, who focus on team management, Staff Engineers tackle complex technical challenges, set standards, and foster innovation. At SNCF Connect, they are called “Technical Expertise Referents,” reflecting their role in guiding technical strategy and mentoring teams.

A Day in the Life

Staff Engineers at SNCF Connect enjoy significant autonomy, with no fixed daily tasks. François outlined a typical day, which begins with monitoring communication channels like Slack to identify team challenges. They contribute code, conduct reviews, and drive strategic initiatives, such as defining best practices or evaluating technical risks. Unlike team-bound developers, Staff Engineers operate at an organizational level, collaborating with engineering, HR, and communication teams to align technical and business goals. This broad scope requires a balance of technical depth and interpersonal finesse.

Impact and Collaboration

The influence of a Staff Engineer stems from their expertise and ability to inspire trust, not formal authority. François highlighted their role in unblocking teams, accelerating projects, and shaping technical strategy alongside Principal Engineers. At SNCF Connect, Staff Engineers work as a collective, amplifying their impact on cross-cutting initiatives like DevOps and continuous delivery. This collaborative approach contrasts with traditional roles like architects, who may be disconnected from delivery, making Staff Engineers integral to dynamic, agile environments.

Is It Right for You?

François posed a reflective question: is the Staff Engineer role suited for everyone? It demands extensive technical experience, organizational awareness, and strong communication skills. Developers who thrive on solving complex problems, mentoring others, and driving systemic change without managing teams may find this path rewarding. For organizations, Staff Engineers offer a framework to retain and empower experienced developers, avoiding the pitfalls of promoting them into unsuitable management roles, as per the Peter Principle.

Links:

• SNCF Connect & Tech website
• François Nollen’s LinkedIn

Hashtags: #StaffEngineer #TechnicalLeadership #DevoxxFrance #FrançoisNollen #SNCFConnect #Engineering #Agile

Alina Yurenko 🇺🇦 , a developer advocate at Oracle Labs, captivated audiences at Devoxx France 2024 with her deep dive into GraalVM’s ahead-of-time (AOT) compilation for Java applications. With a passion for open-source and community engagement, Alina explored how GraalVM’s Native Image transforms Java applications into compact, high-performance native executables, ideal for cloud environments. Through demos and practical guidance, she addressed building, testing, and optimizing GraalVM applications, debunking myths and showcasing its potential. This post unpacks Alina’s insights, offering a roadmap for adopting GraalVM in production.

GraalVM and Native Image Fundamentals

Alina introduced GraalVM as both a high-performance JDK and a platform for AOT compilation via Native Image. Unlike traditional JVMs, GraalVM allows developers to run Java applications conventionally or compile them into standalone native executables that don’t require a JVM at runtime. This dual capability, built on over a decade of research at Oracle Labs, offers Java’s developer productivity alongside native performance benefits like faster startup and lower resource usage. Native Image, GA since 2019, analyzes an application’s bytecode at build time, identifying reachable code and dependencies to produce a compact executable, eliminating unused code and pre-populating the heap for instant startup.

The closed-world assumption underpins this process: all application behavior must be known at build time, unlike the JVM’s dynamic runtime optimizations. This enables aggressive optimizations but requires careful handling of dynamic features like reflection. Alina demonstrated this with a Spring Boot application, which started in 1.3 seconds on GraalVM’s JVM but just 47 milliseconds as a native executable, highlighting its suitability for serverless and microservices where startup speed is critical.

Benefits Beyond Startup Speed

While fast startup is a hallmark of Native Image, Alina emphasized its broader advantages, especially for long-running applications. By shifting compilation, class loading, and optimization to build time, Native Image reduces runtime CPU and memory usage, offering predictable performance without the JVM’s warm-up phase. A Spring Pet Clinic benchmark showed Native Image matching or slightly surpassing the JVM’s C2 compiler in peak throughput, a testament to two years of optimization efforts. For memory-constrained environments, Native Image excels, delivering up to 2–3x higher throughput per memory unit at heap sizes of 512MB to 1GB, as seen in throughput density charts.

Security is another benefit. By excluding unused code, Native Image reduces the attack surface, and dynamic features like reflection require explicit allow-lists, enhancing control. Alina also noted compatibility with modern Java frameworks like Spring Boot, Micronaut, and Quarkus, which integrate Native Image support, and a community-maintained list of compatible libraries on the GraalVM website, ensuring broad ecosystem support.

Building and Testing GraalVM Applications

Alina provided a practical guide for building and testing GraalVM applications. Using a Spring Boot demo, she showcased the Native Maven plugin, which streamlines compilation. The build process, while resource-intensive for large applications, typically stays within 2GB of memory for smaller apps, making it viable on CI/CD systems like GitHub Actions. She recommended developing and testing on the JVM, compiling to Native Image only when adding dependencies or in CI/CD pipelines, to balance efficiency and validation.

Dynamic features like reflection pose challenges, but Alina outlined solutions: predictable reflection works out-of-the-box, while complex cases may require JSON configuration files, often provided by frameworks or libraries like H2. A centralized GitHub repository hosts configs for popular libraries, and a tracing agent can generate configs automatically by running the app on the JVM. Testing support is robust, with JUnit and framework-specific tools like Micronaut’s test resources enabling integration tests in Native mode, often leveraging Testcontainers.

Optimizing and Future Directions

To achieve peak performance, Alina recommended profile-guided optimizations (PGO), where an instrumented executable collects runtime profiles to inform a final build, combining AOT’s predictability with JVM-like insights. A built-in ML model predicts profiles for simpler scenarios, offering 6–8% performance gains. Other optimizations include using the G1 garbage collector, enabling machine-specific flags, or building static images for minimal container sizes with distroless images.

Looking ahead, Alina highlighted two ambitious GraalVM projects: Layered Native Images, which pre-compile base images (e.g., JDK or Spring) to reduce build times and resource usage, and GraalOS, a platform for deploying native images without containers, eliminating container overhead. Demos of a LangChain for Java app and a GitHub crawler using Java 22 features showcased GraalVM’s versatility, running seamlessly as native executables. Alina’s session underscored GraalVM’s transformative potential, urging developers to explore its capabilities for modern Java applications.

Links:

• GraalVM website

• Oracle Labs website

• Devoxx France website

Hashtags: #GraalVM #NativeImage #Java #AOT #AlinaYurenko #DevoxxFR2024

Nicolas Grohmann, a developer at Sopra Steria, took attendees on a nostalgic journey through low-level programming with his talk, “Super Tech’Rex World: The Assembler Strikes Back.” Over five years, Nicolas modified Super Mario World, a 1990 Super Nintendo Entertainment System (SNES) game coded in assembler, transforming it into a custom adventure featuring a dinosaur named T-Rex. Through live coding and engaging storytelling, he demystified assembler, revealing its principles and practical applications. His session illuminated the inner workings of 1990s consoles while showcasing assembler’s relevance to modern computing.

A Retro Quest Begins

Nicolas opened with a personal anecdote, recounting how his project began in 2018, before Sopra Steria’s Tech Me Up community formed in 2021. He described this period as the “Stone Age” of his journey, marked by trial and error. His goal was to hack Super Mario World, a beloved SNES title, replacing Mario with T-Rex, coins with pixels (a Sopra Steria internal currency), and mushrooms with certifications that boost strength. Enemies became “pirates,” symbolizing digital adversaries.

To set the stage, Nicolas showcased the SNES, a 1990s console with a CPU, ROM, and RAM—components familiar to modern developers. He launched an emulator to demonstrate Super Mario World, highlighting its mechanics: jumping, collecting items, and battling enemies. A modified ROM revealed his custom version, where T-Rex navigated a reimagined world. This demo captivated the audience, blending nostalgia with technical ambition.

For the first two years, Nicolas relied on community tools to tweak graphics and levels, such as replacing Mario’s sprite with T-Rex. However, as a developer, he yearned to contribute original code, prompting him to learn assembler. This shift marked the “Age of Discoveries,” where he tackled the language’s core concepts: machine code, registers, and memory addressing.

Decoding Assembler’s Foundations

Nicolas introduced assembler’s essentials, starting with machine code, the binary language of 0s and 1s that CPUs understand. Grouped into 8-bit bytes (octets), a SNES ROM comprises 1–4 megabytes of such code. He clarified binary and hexadecimal systems, noting that hexadecimal (0–9, A–F) compacts binary for readability. For example, 15 in decimal is 1111 in binary and 0F in hexadecimal, while 255 (all 1s in a byte) is FF.

Next, he explored registers, small memory locations within the CPU, akin to global variables. The accumulator, a key register, stores a single octet for operations, while the program counter tracks the next instruction’s address. These registers enable precise control over a program’s execution.

Memory addressing, Nicolas’s favorite concept, likens SNES memory to a city. Each octet resides in a “house” (address 00–FF), within a “street” (page 00–FF), in a “neighborhood” (bank 00–FF). This structure yields 16 megabytes of addressable memory. Addressing modes—long (full address), absolute (bank preset), and direct page (bank and page preset)—optimize code efficiency. Direct page, limited to 256 addresses, is ideal for game variables, streamlining operations.

Assembler, Nicolas clarified, isn’t a single language but a family of instruction sets tailored to CPU types. Opcodes, mnemonic instructions like LDA (load accumulator) and STA (store accumulator), translate to machine code (e.g., LDA becomes A5 for direct page). These opcodes, combined with addressing modes, form the backbone of assembler programming.

Live Coding: Empowering T-Rex

Nicolas transitioned to live coding, demonstrating assembler’s practical application. His goal: make T-Rex invincible and alter gameplay to challenge pirates. Using Super Mario World’s memory map, a community-curated resource, he targeted address 7E0019, which tracks the player’s state (0 for small, 1 for large). By writing LDA #$01 (load 1) and STA $19 (store to 7E0019), he ensured T-Rex remained large, immune to damage. The # denotes an immediate value, distinguishing it from an address.

To nerf T-Rex’s jump, Nicolas manipulated controller inputs at addresses 7E0015 and 7E0016, which store button states as bitmasks (e.g., the leftmost bit for button B, used for jumping). Using LDA $15 and AND #$7F (bitwise AND with 01111111), he cleared the B button’s bit, disabling jumps while preserving other controls. He applied this to both addresses, ensuring consistency.

To restore button B for firing projectiles, Nicolas used 7E0016, which flags buttons pressed in a single frame. With LDA $16, AND #$80 (isolating B’s bit), and BEQ (branch if zero to skip firing), he ensured projectiles spawned only on B’s press. A JSL (jump to subroutine long) invoked a community routine to spawn a custom sprite—a projectile that moves right and destroys enemies.

These demos showcased assembler’s precision, leveraging memory maps and opcodes to reshape gameplay. Nicolas’s iterative approach—testing, tweaking, and re-running—mirrored real-world debugging.

Mastering the Craft: Hooks and the Stack

Reflecting on 2021, the “Modern Age,” Nicolas shared how he mastered code insertion. Since modifying Super Mario World’s original ROM risks corruption, he used hooks—redirects to free memory spaces. A tool inserts custom code at an address like $A00, replacing a segment (e.g., four octets) with a JSL (jump subroutine long) to a hook. The hook preserves original code, jumps to the custom code via JML (jump long), and returns with RTL (return long), seamlessly integrating modifications.

The stack, a RAM region for temporary data, proved crucial. Managed by a stack pointer register, it supports opcodes like PHA (push accumulator) and PLA (pull accumulator). JSL pushes the return address before jumping, and RTL pops it, ensuring correct returns. This mechanism enabled complex routines without disrupting the game’s flow.

Nicolas introduced index registers X and Y, which support opcodes like LDX and STX. Indexed addressing (e.g., LDA $00,X) adds X’s value to an address, enabling dynamic memory access. For example, setting X to 2 and using LDA $00,X accesses address $02.

Conquering the Game and Beyond

In a final demo, Nicolas teleported T-Rex to the game’s credits by checking sprite states. Address 7E14C8 and the next 11 addresses track 12 sprite slots (0 for empty). Using X as a counter, he looped through LDA $14C8,X, branching with BNE (branch if not zero) if a sprite exists, or decrementing X with DEX and looping with BPL (branch if positive). If all slots are empty, a JSR (jump subroutine) triggers the credits, ending the game.

Nicolas concluded with reflections on his five-year journey, likening assembler to a steep but rewarding climb. His game, nearing release on the Super Mario World hacking community’s site, features space battles and a 3D boss, pushing SNES limits. He urged developers to embrace challenging learning paths, emphasizing that persistence yields profound satisfaction.

Links:

• Sopra Steria official website
• Nintendo official website
• Super Mario World Central

Hashtags: #Assembler #DevoxxFrance #SuperNintendo #RetroGaming #SopraSteria #LowLevelProgramming

Introduction

In “Les tests, un investissement pour l’avenir,” presented at Devoxx France 2023, Julien Deniau, a developer at Amadeus, champions software testing as a cornerstone of sustainable development. This 14-minute quickie draws from his work on airline reservation systems, where reliability is non-negotiable. Deniau’s passionate case for testing offers developers practical strategies to ensure code quality while accelerating delivery.

Key Insights

Deniau frames testing as an investment, not a cost, emphasizing its role in preventing regressions and enabling fearless refactoring. At Amadeus, where systems handle billions of transactions annually, comprehensive tests are critical. He outlines a testing pyramid:

• Unit Tests: Fast, isolated tests for individual components, forming the pyramid’s base.

• Integration Tests: Validate interactions between modules, such as APIs and databases.

• End-to-End Tests: Simulate user journeys, used sparingly due to complexity.

Deniau shares a case study of refactoring a booking system, where a robust test suite allowed the team to rewrite critical components without introducing bugs. He advocates for Test-Driven Development (TDD) to clarify requirements before coding and recommends tools like JUnit and Cucumber for Java-based projects. The talk also addresses cultural barriers, such as convincing stakeholders to allocate time for testing, achieved by demonstrating reduced maintenance costs.

Lessons Learned

Deniau’s talk provides key takeaways:

• Test Early, Test Often: Writing tests upfront saves time during debugging and refactoring.

• Balance the Pyramid: Prioritize unit tests for speed, but don’t neglect integration tests.

• Sell Testing: Highlight business benefits, like faster delivery and fewer outages, to gain buy-in.

These insights are crucial for teams in high-stakes industries or those struggling with legacy code. Deniau’s enthusiasm makes testing feel like an empowering tool rather than a chore.

Conclusion

Julien Deniau’s quickie reframes testing as a strategic asset for building reliable, maintainable software. His Amadeus experience underscores the long-term value of a disciplined testing approach. This talk is a must-watch for developers seeking to future-proof their codebases.

Introduction

Julien Topçu, a tech lead at LesFurets, delivers a concise yet powerful Devoxx France 2023 quickie titled “L’architecture hexagonale en 15 minutes.” In this 17-minute talk, Topçu introduces hexagonal architecture (also known as ports and adapters) as a solution for building maintainable, testable systems. Drawing from his experience at LesFurets, a French insurance comparison platform, he provides a practical guide for developers navigating complex codebases.

Key Insights

Topçu explains hexagonal architecture as a way to decouple business logic from external systems, like databases or APIs. At LesFurets, where rapid feature delivery is critical, this approach reduced technical debt and improved testing. The architecture organizes code into:

• Core Business Logic: Pure functions or classes that handle the application’s rules.

• Ports: Interfaces defining interactions with the outside world.

• Adapters: Implementations of ports, such as database connectors or HTTP clients.

Topçu shares a refactoring example, where a tightly coupled insurance quote system was restructured. By isolating business rules in a core module, the team simplified unit testing and swapped out a legacy database without changing the core logic. He highlights tools like Java’s interfaces and Spring’s dependency injection to implement ports and adapters efficiently. The talk also addresses trade-offs, such as the initial overhead of defining ports, balanced by long-term flexibility.

Lessons Learned

Topçu’s insights are actionable:

• Decouple Early: Separating business logic prevents future refactoring pain.

• Testability First: Hexagonal architecture enables comprehensive unit tests without mocks.

• Start Small: Apply the pattern incrementally to avoid overwhelming teams.

These lessons resonate with developers maintaining evolving systems or adopting Domain-Driven Design. Topçu’s clear explanations make hexagonal architecture accessible even to newcomers.

Conclusion

Julien Topçu’s quickie offers a masterclass in hexagonal architecture, proving its value in real-world applications. His LesFurets example shows how to build systems that are robust yet adaptable. This talk is essential for developers aiming to create clean, maintainable codebases.

At Devoxx France 2022, Mathieu Humbert, a tech lead at Accenture with over 15 years of development experience, navigates the complex landscape of HTTP security headers. Mathieu demystifies headers like CSP, HSTS, XFO, and CORS, explaining their role in protecting web applications from threats like XSS, CSRF, and SSRF. Through a clear and engaging presentation, he outlines common attacks, their risks, and how specific headers can mitigate them, concluding with practical tools and resources for implementation.

Understanding HTTP Security Headers

Mathieu begins by introducing HTTP security headers as critical tools for safeguarding web applications. He explains headers like Content Security Policy (CSP), which restricts the sources from which content can be loaded, and HTTP Strict Transport Security (HSTS), which enforces HTTPS connections. These headers, though complex, are essential for mitigating risks in an ever-evolving threat landscape. Mathieu’s experience at Accenture informs his approach, emphasizing that understanding the purpose of each header is key to effective implementation.

By mapping headers to specific threats, Mathieu provides clarity on their practical applications. For instance, Cross-Site Scripting (XSS) attacks, where malicious scripts are injected into web pages, can be mitigated with CSP, while Cross-Site Request Forgery (CSRF) risks are reduced through proper header configurations. His accessible explanations make the technical subject approachable, ensuring developers grasp the importance of these defenses.

Mitigating Common Web Attacks

Delving into specific attacks, Mathieu outlines how headers counter vulnerabilities. He discusses XSS, where attackers exploit input fields to inject harmful code, and CSRF, where unauthorized actions are triggered on behalf of users. Headers like X-Frame-Options (XFO) prevent clickjacking by restricting how pages are framed, while CORS configurations ensure safe cross-origin requests. Mathieu also addresses Server-Side Request Forgery (SSRF), highlighting headers that limit unauthorized server requests.

Through real-world examples, Mathieu illustrates the consequences of neglecting these headers, such as data breaches or session hijacking. He stresses that proactive header implementation can significantly reduce these risks, providing a robust first line of defense for web applications. His insights, drawn from years of tackling technical challenges, underscore the necessity of staying vigilant in a dynamic threat environment.

Practical Implementation and Tools

Mathieu offers actionable guidance for integrating security headers into development workflows. He recommends starting with tools like OWASP’s Security Headers Project, which provides comprehensive documentation for configuring headers effectively. For testing, he suggests platforms like WebGoat, designed to simulate vulnerabilities, allowing developers to practice identifying and fixing issues. Mathieu also highlights the importance of automated scanners, such as Burp Suite, to detect missing or misconfigured headers.

His experience with distributed architectures and agile teams at Accenture informs his practical approach. Mathieu advises incremental implementation, starting with critical headers like HSTS and CSP, and regularly reviewing configurations to adapt to new threats. This methodical strategy ensures that security remains a priority without overwhelming development teams.

Links:

• Accenture company website
• Mathieu Humbert’s blog
• OWASP Security Headers Project

Hashtags: #WebSecurity #HTTPHeaders #Cybersecurity #DevoxxFR2022 #MathieuHumbert #Accenture #OWASP

At Devoxx France 2022, Emmanuel Lécharny, Jean-Baptiste Onofré, and Hervé Boutemy, all active contributors to the Apache Software Foundation, tackle the infamous Log4Shell vulnerability that shook the tech world in December 2021. Their collaborative presentation dissects the origins, causes, and responses to the Log4J security flaw, addressing whether the Apache Foundation bears responsibility. By examining the incident’s impact, the trio provides a transparent analysis of open-source security practices, offering insights into preventing future vulnerabilities and fostering community involvement. Their expertise and candid reflections make this a vital discussion for developers and organizations alike.

Unpacking the Log4Shell Incident

Emmanuel, Jean-Baptiste, and Hervé begin by tracing the history of Log4J and the emergence of Log4Shell, a critical vulnerability that allowed remote code execution, impacting countless systems worldwide. They outline the technical root causes, including flaws in Log4J’s message lookup functionality, which enabled attackers to exploit untrusted inputs. The presenters emphasize the rapid response from the Apache community, which released patches and mitigations under intense pressure, highlighting the challenges of maintaining widely-used open-source libraries.

The session provides a sobering look at the incident’s widespread effects, from internal projects to global enterprises. By sharing a detailed post-mortem, the trio illustrates how Log4Shell exposed vulnerabilities in dependency management, urging organizations to prioritize robust software supply chain practices.

Apache’s Security Practices and Challenges

The presenters delve into the Apache Foundation’s approach to managing Common Vulnerabilities and Exposures (CVEs). They explain that the foundation relies on a small, dedicated group of volunteer committers—often fewer than 15 per project—making comprehensive code reviews challenging. Emmanuel, Jean-Baptiste, and Hervé acknowledge that limited resources and the sheer volume of contributions can create gaps, as seen in Log4Shell. However, they defend the open-source model, noting its transparency and community-driven ethos as strengths that enable rapid response to issues.

They highlight systemic challenges, such as the difficulty of auditing complex codebases and the reliance on volunteer efforts. The trio calls for greater community participation, emphasizing that open-source projects like Apache thrive on collective contributions, which can enhance security and resilience.

Solutions and Future Prevention

To prevent future vulnerabilities, Emmanuel, Jean-Baptiste, and Hervé propose several strategies. They advocate for enhanced code review processes, including automated tools and mandatory audits, to catch issues early. They also discuss the potential for increased funding to support open-source maintenance, noting that financial backing could enable more robust security practices. However, they stress that money alone is insufficient; better organizational structures and community engagement are equally critical.

The presenters highlight emerging regulations, such as those in the U.S. and Europe, that hold software vendors accountable for their dependencies. These laws underscore the need for organizations to actively manage their open-source components, fostering a collaborative relationship between developers and users to ensure security.

Engaging the Community

In their closing remarks, the trio urges developers to become active contributors to open-source projects like Apache. They emphasize that even small contributions, such as reporting issues or participating in code reviews, can significantly enhance project security. Jean-Baptiste, Emmanuel, and Hervé invite attendees to engage with the Apache community, noting that projects like Log4J rely on collective effort to thrive. Their call to action underscores the shared responsibility of securing the open-source ecosystem, making it a compelling invitation for developers to get involved.

Links:

• Apache Software Foundation website

Hashtags: #Log4Shell #OpenSource #Cybersecurity #DevoxxFR2022 #EmmanuelLécharny #JeanBaptisteOnofré #HervéBoutemy #Apache