Devoxx Belgium 2019 took place in the first week of November. I attended the Conference days and with this post I want to share how I experienced the event and the different talks I attended. This is a strongly opinionated post and it represents my opinion only.

Day One: 6 November

Welcome to Devoxx: practical info

By Stephan Janssen

The Conference days started off with this short opening keynote. For those who don’t know Devoxx, it is already the 18th edition. It started in Antwerp, Belgium but nowadays consists of 21 events around the world, even at CERN and in Hawaii (have to talk with my boss about going to this one 😉 ). More than 20,000 unique developers attend these events and at Devoxx Belgium 2019 more than 3,300 unique developers are present. The event is extremely popular. The Conference days tickets were sold out in nearly 10 days… Besides the Conference days, also Deep Dive days exists. These are more in depth sessions. So, if you like, you can spend a whole week at Devoxx. The good thing is that the talks are available at Youtube.

The Hitchhiker’s Guide to Diversity (Don’t panic!)

By Audrey Neveu

This first real keynote can be considered as a part in the recent #metoo discussions. According to a Stack Overflow survey, it appears that the typical developer is a young, white, hetero man with no handicap. Let’s say that this was also the main audience of the room, so that confirmed this survey. In order to get more diversity to your team, it is not enough to hire people with a different profile than the typical developer. You must ensure that there is a safe environment and culture to work in. And most important: you must put yourself in another one’s shoes. Great talk and after an interruption because of a power shortage due to the use of 4K projectors (it seems that they consume more power 😉 ), Audrey continued like nothing had happened. Fantastic!

Qualities of a Highly Effective Architect

By Venkat Subramaniam

This second keynote is a must see! An inspiring talk about what makes you a good architect. There are many misconceptions about what an architect should do and what he or she should not do. I have been taken notes which I like to share, but do watch this talk:

  • Be a mentor, not a tormentor
    It is all about the team, so guide the team and do not dictate the team.
  • Criticize ideas, not people
    It is important to talk from within the team. Do not say ‘how will you solve this problem?’ but rather ‘how can we solve this problem?’. An interesting approach in a discussion is to use the ‘Debating with knives’  approach. In short, this means that while debating about a solution, you first will defend the solution by giving the advantages and your counterpart will be against the solution by giving the disadvantages. After that, you switch roles. This way, you are able to look at things from both sides.
  • Guide, don’t dictate
    Do not dictate what someone should do, but rather give guidelines.
  • Practice collective ownership
    You see this often in organizations when a particular type of work is always assigned to a specific person. This person eventually will be the only person in the team with knowledge of that part of the application. Try to reduce the ‘Truck Factor’. What happens if one of the team members is hit by a truck?
  • Allow developers to figure it out
    Give people the time and space to experiment with new things.
  • It should be safe to be honest
    You must ensure that there is a safe culture. Nobody is perfect and everyone makes mistakes.
  • Time-box efforts
    If someone has an idea, the best way to prove the feasibility of an idea is to prototype it. Prototyping beats every argument. Even if the prototype failed, you are likely to accept another solution much easier.
  • Gain domain expertise
    People with high knowledge of the domain and of the software are very rare. But you do need some domain expertise of course.
  • Learn to unlearn
    It is difficult to unlearn something you have been doing for years. This is even more difficult than learning new things.
  • Diversify knowledge portfolio
    You gained a certain skill and after some time you feel very comfortable with it. That is a dangerous thing because you stop learning new things from that moment on. Comfort today is the enemy of tomorrow.
  • Good architects practices what they preach
    An architect still needs to write code…

Abstractions Without Regret with GraalVM

By Thomas Wuerthinger

This is a quite interesting talk about how they are trying to optimize code with GraalVM. You, as a developer, should not be thinking about not using certain constructions in order to achieve high performance. With GraalVM you can choose between JIT compilation or AOT (to native image code) compilation. Both compilation options focus on different performance aspects. Benchmarks show that GraalVM is outperforming the OpenJDK VM and there are some, still experimental, initiatives with Spring. Definitely something to follow. The takeaways of this talk are:

  • Write small methods, these are easier to optimize.
  • Local allocations are free, global structures are expensive.
  • Do not hand optimize unless you have studied the compiler graph. Instead, raise an issue at the compiler team in order that they are able to do something about it.

Best Practices to Spring to Kubernetes Easier and Faster

By Ray Tsang

Ray Tsang is one of my favorite speakers and always has a lot of practical tips for you. Definitely watch this talk if you are interested in containers and Kubernetes. Some links you should definitely take a look at:

Top Tips for Terrible Tech Talks

By Chet Haase

A great and humorous talk consisting of three parts:

  1. An example of a terrible tech talk
  2. Explanation why the talk is terrible
  3. Tips for terrific talks

Although not everyone of us will be giving tech talks at conferences, the tips Chet gives in this talk are applicable to any kind of talk you need to give. These can be presentations in your company or talks to smaller groups about something you have learned, etc.

Understanding Low Latency JVM GCs

By Jean-Philippe Bempel

To be honest, I did not understand much from this talk. From my point of view, the talk went too fast into too much details. I think I was not the only one, because quite a lot of people left the room before the end of the talk. The presenter, however, was very knowledgeable about the topic he was presenting. But I guess this was just not my kinda thing.

Kubernetes-First Continuous Delivery for Developers

By Joost van der Griendt

This talk was about JenkinsX, a CI/CD solution for Kubernetes. Not to be confused with Jenkins CI. JenkinsX is a different application and only has the name in common. I am always interested in CI/CD solutions since I have been involved professionally in setting up those. The talk consisted mainly of a demo. Unfortunately, the demo went wrong. It is courageous to give a live demo at a conference, but when it fails, the talk is difficult to follow. I think that if your talk consists mainly of a demo, you should make sure that it runs completely local or to have a backup plan when something goes wrong with access to cloud environments. Nevertheless, interesting technology to follow.

Day Two: 7 November

Protecting your organization against attacks via the build system

By Cédric Champeau

We protect our applications against attacks. But how do we protect our build system against attacks? How do you prevent a malicious dependency to be included in your build? These are interesting questions and maybe we do not think about it enough when building our applications, but it is quite easy to compromise a local machine or a CI machine. Some takeaways:

  • Review code before building, never ‘try out’ Pull Requests.
  • Use isolated, disposable agents for CI, use e.g. containers for building. But be aware that it can cause performance issues when all dependencies need to be downloaded for each build.
  • Know the background of the author, git has a feature to sign your commits.
  • Verify checksums of dependencies you use. Gradle has a checksum dependency plugin, Maven builds can use the Checksum Enforcer Rule.

A good starting point is to read best practices in order to achieve reproducible builds.

Designing functional and fluent API: example of the Visitor Pattern

By José Paumard

This was an impressive piece of live coding. It was so impressive and complicated, that I got lost somewhere along the way. In order to explain something complicated, you must give your audience the time to process what your are trying to teach.

The Hacker’s Guide to JWT Security

By Patrycja Wegrzynowicz

Just by using JSON Web Token (JWT, pronounce it ‘ jot’ ) does not make your authentication secure. Patrycja showed by means of life hacking which risks you are vulnerable to if JWT is not properly used. You must specify a specific algorithm and key, understand the library your are using and check the NVD for security issues. If you are using JWT or are planning to use JWT, check out the OWASP JWT Cheat Sheet with best practices.

The Cloud Native Diabolical Developer

By Martijn Verburg

A must see talk. It is a parody, fun talk, but it certainly contains a message. Some takeaways:

  • The Agile Manifesto is what it is all about, don’t forget these and value them every day.
  • Rocket software is not created by means of Cloud Native and it has brought us to the moon.
  • Most of the time, we just need a monolith. Don’t pretend being Twitter, Facebook, Spotify, … They have different needs than most of the software applications being built.
  • And when you are Cloud Native, how easy is it for you to change your Cloud provider?

Containers & Java: What I wish I have been told!

By Mohammed Aboullaite

A nice talk with best practices when using Docker containers and Java. You need a good, small base image. Make sure that you are using a JVM which is container aware (JDK8u121 or JDK11), and many more.

A container platform for the banking industry – why, what & how

By Wiebe de Roos

I like watching talks where companies explain how they have solved things, which technologies they are using, etc. I really appreciate this kind of openness. This talk is about a new development platform which is implemented at ABNAmro, a Dutch bank. Currently, it is implemented for a limited set of applications (of the many they have) up to the development and test environment. Shortly, they will start with using it at production. Since security is very important in the banking industry, several security scanning tools, policy enforcement tooling, etc is added to the development toolchain.

You can find more information about Wiebe at his business website Business IT Nerd.

Bootiful Testing

By Josh Long

Is there a better way to end the day with a talk by Josh Long? Definitely not. I have seen so many online tutorials, webinars, talks, etc of Josh, that I had to go to one of his sessions. Mostly a live coding session and with the following takeaways:

  • Test Driven Development (TDD)
    • Creates better code because you must ensure that you write code which is testable.
    • Writing tests afterwards is no fun and we want our work to be fun.
  • Spring Cloud Contract: creates stubs for contracts between different services and makes it easier to test your own service.

Day Three: 8 November

Organisation Refactoring and Culture Hacking – Lessons from Software

By Andrew Harmel-Law

Nice talk how to introduce changes to an organisation in order to work more efficiently. It can be summarized by means of three statements:

  1. Organisational structure is best served by being in a constant state of (incremental) change.
  2. Best people to drive the changes are the people close to the action.
  3. Our existing maker skills are suited for this.

Scaling Sustainable Innovation through Team Autonomy

By Tom Stoepker

Another company story, this time from bol.com, one of the EU’s premier internet marketplaces. And did I mention already that I like to watch true company stories? This talk is about sustainable innovation. This means innovate without regression and keep a maintainable application. They achieve this by means of Team Autonomy. Every team manages a product and their way of working is based on a common culture and goal, all at the team level. The talk also included a live demo how they implemented Continuous Integration with GitLab. The message was to automate as much as possible and use conventional commits in order to drive the automation.

Java Language Futures: Late 2019 Edition

By Brian Goetz

What is a better way to end a Java conference with a talk about upcoming Java features by Brian Goetz? None in my opinion 😉 So, Java will reach its 25th birthday next year. Wow. And although Java has been declared dead several times, it is currently still one of the most popular programming platforms. New upcoming features are:

  • Switch expressions: already in preview now and to be expected in JDK14.
  • Text blocks: idem dito.
  • Records: this will be a new way for defining a data class. It will reduce some boiler plate code but mainly it will be a semantic improvement.
  • Sealed Types: in order to limit extending classes to a certain set of types. You can see it as a generalization of finality and is mainly intended to be used by libraries.
  • Pattern matching

Conclusion

Attending a conference like Devoxx is fun and always gives me a lot of energy. You can also read one of my previous posts why you should attend conferences. One of the reasons is that you might meet a former colleague. And that is just what happened to me at the first day. I met a colleague which I have been working with almost 15 years ago now. I have a lot of homework now with all of the interesting information I have seen. And if that is not enough, all of the talks are available at Youtube. Won’t have a chance to get bored the coming months 😉 .