Podcasts about websphere

resolutions memory reduce leaks disruptive websphere

Play Episode Listen Later Feb 12, 2023 69:42

An airhacks.fm conversation with Heinz Kabutz (@heinzkabutz) about: Heinz previously on airhacks.fm "#215 Karatsuba, Megamorphic Call-sites, Deadlocks and a bit of Loom", a contribution to jdk, 2022 in review, Nicolai Parlog on airhacks.fm "#206 Java 19: Millions of Threads in No Time", newsletter: Contributing BigInteger.parallelMultiply() to OpenJDK, The Java Module System book by Nicolai Parlog, JEP 192: String Deduplication in G1, String.intern, G1 and deduplication, JDK Mission Control, xdoclet for Java EE deployment, destroying G1 with a LinkedList and millions entries, Java Records as data transporters, interfaces as factories, Teardown of ArrayBlockingQueue, WeakReferences and ArrayBlockingQueue, ExecutorService in Java 19 is AutoCloseable, Java iterators and memory leaks, Weak references in Swing, Real World Visitor with Pattern Matching for instanceof in AWS CDK, JSR 356 - Java API for WebSocket Eclipse Tyrus, JEP 238: Multi-Release JAR Files, Create a Custom, Right-Sized JVM with jlink, streaming events with JEP 328: Flight Recorder, var for everything, the new Project Coin and private interface methods, System.out.printf is working, jshell for javadoc, JVM logging, System.logger and java.util.logging, System.Logger--the minimalistic logging interface in Java 9, Serialization Filtering, What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability Heinz Kabutz on twitter: @heinzkabutz

Convcourses Podcast: NIST 800 AC access controls cybersecurity training

ConvoCourses

Play Episode Listen Later Sep 29, 2022

See the video here: https://www.youtube.com/watch?v=1LkfH1TI3rk More training: http://convocourses.com https://securitycompliance.thinkific.com/courses/rmf-isso-nist-800-53-controls-book-2-nist-800-control-families-in-each-rmf-step Today. I'm actually gonna train on access controls and documentation that goes with it. So we're gonna be talking about something a little bit different. Normally what I do is I go through jobs, break all of those jobs down and then talk about like how to get the jobs. And then I break down what the employer wants to see. But today we're gonna do some actual training. now, if you're interested in this training, if you want to go deeper, if you want to deep dive, cuz I'm only gonna cover like a few security controls, but if you want a deep dive, if you really want to know this stuff, then I have a couple of courses for you. I've got a risk management information system, security officer foundations course, if you want to actually know it from a scratch, like you, you're an it person. You, this is not for entry level type person. The risk management framework foundations is gonna assume that you have some level of it background. And from there I build on what you already know and it walks you through how to get into risk management framework, how to do the actual information system security officer work. So if you want to deep dive into this, go to combo courses.com and go check those courses out. I also have this what you're about to see as one slice of. Some of the stuff that I'm putting into a new course that I'm developing right now. And if you want to have a full blown, you want to really check it out. I've gotta free. The first port portion of the course is actually free right now. If you go to convo courses.com you sign in and you can actually see the context of what I'm talking about. And it's a lot of really good stuff, but right now let's get into access controls and some of the documentation. Let me see here. All right. So here are the access controls. These are actually, these are all the security controls and why you're seeing two sets of these is that one is from risk management framework, 37 version one and one. The bottom one is from version two. That's coming. That's already out right now, but there's a set of N 853 controls that are coming soon. And so that's what you're seeing right now on the screen. So the top one is from version four version. Is it version three or version four? The top one you're seeing is from the current version of the 800 nest, 853 controls. The bottom one is the one that's in draft right now, but it should be out. I think this year is when they recently pushed it out to some other date. So anyway, so those are, that's what you're seeing. You're seeing access controls. You're seeing at controls, training controls, MP controls, media protection, physical controls, all these different controls, that I'm gonna cover all of these in the training, I'm gonna be releasing a month over month until we get all the way to the end. And then I also ask questions if you purchase the actual course, but right now we're gonna focus on just. AC controls and just a few of those AC controls, by the way. If it would take us, it is gonna be many lessons to actually break down all that just AC controls. There's 25 of 'em right now as up the time of this recording. All right. So first of all, what are access controls? So access controls are what an organization uses to control physical. Not it's just not, it's not just logical con controls, not just access to the information, but it also includes access to the system itself. So some of that is in there, but it also includes things like roles. My cats in here, this is live by the way. , this is gonna conclude things like role based privileges. It's gonna include things like. Separation of duties. There's a lot of different things, but let's talk about access. What is access? It's the ability to make use of any system or resource. So somebody walks into your facility and they want access to your servers, right? They need access. So access control is the process of granting or denying specific requests and obtaining obtaining access access, obtaining access to that information is what we're talking about here. And so the N 800 controls, actually it goes through a breakdown of how an organization goes about managing access to the information. All right. So these top six controls. Are some of the most important ones. And I talk about this in greater detail in the course, in the part of the free course, I talk a little bit about it, but I go in more depth in the one that's coming out. I'm gonna try to release it this month, but I talk about C one C two, and now we're gonna right now, we're gonna talk about C three, a C three access control three is access enforcement. So what is access enforcement? It is the organization's ability to implement the actual access control policies. So not only does your organization have to put a policy in place that talks about how to control access a C three says not you have to implement it. How have they implemented this the actual access. To the information like you're saying in this document that you have access controls. And you're saying that a person has to be trained before they come in. You're saying now, do you do it, are, is it implemented throughout your organization? All right. So that's what we're gonna talk about. All right. Let me show you what I'm talking about. You could follow along, feel free to follow along with me. If you like, what I'm doing is I am on this. Let me see if I can give you this link here. If you wanna follow along. Nope. I can't sign into the chat, but where I'm at is N dot it's nvd.n.gov. If you wanna follow along with me, that's where I'm at right now. So you go to Google and type in nvd.n.gov. You'll find it. And if you go to, once you get there, you'll click on the families like this. Let me just show you real quick. Click on the families that this site has. All the families breaks each one down, as you can see here. And then I went to access controls and you got access control one, two, and now we're on three. So I'm clicking on three right here. If you wanna follow along, you can also just download the PDF, the N 853 PD PDFs PDF, and then look at 853 C three, and you'll find everything we're seeing right here. So what are we talking about here? This right here breaks down. What a C three is access enforcement. All right, so let's just look at the actual description here. Let me just make this a little bit bigger so we can read this together and then we're gonna interpret it. The information system. Enforces approved, authorized authorization for logical access to information and in and system resources in accordance with the applicable access control policy. All right, so let's break this down. So the information system enforces information system, what is an information system? It's a computer, it's a server. It's a workstation. It's a Cisco device. It's an internetworking device. It's a firewall information system covers all like that ground. It's a very general term, but it, where we're saying here, the C three says it enforces whatever system that is. Let's say it's a windows 6, 20 16 server. It enforces approved authorizations for logical access to the information system. So in other words, there's logical. What do we mean by logical? So there's technical. Things in place on the system that enforce what you have written in your security policy. That is what they're saying here. So logical access, I'll give you a specific example on our example of a server 2016 windows server, right? So a logical access would be, or enforcement of that logical access would be username and password. Simple enough. So if you written, if you, if your organization wrote in your policy that everyone who comes in has to have a username and the username has to be. 20 characters the username has to fit a certain certain policy. And then the password has to fit certain policy. Password has to be 14 characters long has to use upper lowercase, all that stuff's in your policy, right? They're saying that you have to have implemented that into the actual server itself. And and before I show you how you, as an information system, security officer can actually check this out and make sure that the organization's doing it. Let's just deep dive into this a little bit further. All right. So in here it's lives finishing out the sentence. It says the information and system resource in in the, in accordance with applicable access control policies. Yeah. There. So there you go. The organization writes the policy and then the system has to actually implement what you said in the policy. That's what it's saying right here. That's really the name of the game here. So as an information system, security officer, I've been doing this for a long time. And the name of the game is the organization creates a policy, right? The policy states, what the rules are to having access to your environment. And then you're making sure as the information system, security officer, you are making sure that all of those policies are documented and they're that they're in place. And if they're not in place, you have. Work it out with the stakeholders. And one of the things that you can do is a plan of action and milestone, but that's for a whole nother discussion. Okay. So let's, this is look at a little bit more of this so we can get more details, supplemental guide. So this is a great supplemental guides are great because they put it in plain English. What they're saying here. So once again, if you're joining this late, this is AC three and I'm talking about we're interpreting it. And then we're talking about how to implement this as an information system security officer. All right. So let's get back into this. The supplemental guide says access control policies, and it says identified based policies, role based policy control, matrix cryptography. So these are some of the things you might put in your security control in your access control policy or your overall security policy. That's just why they're examples. They're just giving you some examples. So control. Access between activities, entities, or subjects. So they're talking about, here are some examples you might have cryptography that cryptographer cryptography might be between might be between the user object and a file. So they're trying to be the way they write these is try to be as general as possible so that the organization has the freedom to implement the level of security that they need for their environment. Cuz there's many kinds of environments. That's why they write these like this. All right. And they said, okay, give you an example of different kinds of entities, active entities and subjects, users or processes acting on behalf of users. Passive entities or objects. See just what I just said. So they're saying that the access control policy will have some sort of a role based or a cryptography or something between different objects within the environment. That's what they're saying here in this guidance, but let me show you, let's put this in action. Let's put this in action. Let me see, what can we do here? Okay. Where I'm at right now is what's called AC. We're on C three, but I'm on a document called 800 dash 53. A here's how you can determine whether or not your organization is actually implementing the AC three in access enforcement. You go to, this is just one of the things you can do by the way. One of the, one of the main things that I do, you go to 853, a. And 853 a is how you assess each one of the controls, all the controls, the act has every single one of the controls. So 853, a the reason why so useful is because when it's, whenever a system is assessed, this document is what they actually use. Or some parts of this document is what they might use name. The assessor might even not even know that they're using 853 a but all the assessment stuff comes from this source document. So it's very useful. Okay. So first of all, assessment objectives for a C three, determine if the information system forces approved authorizations for logical access is what we just read. So the assessor has to make sure that number one, You have a security policy, right? Or some kind of a policy and that a policy addresses access controls. Now the assessor, one of their objectives is to make sure that the logical, the technical security features that you put on your system are in place and they match what you, what was written by and approved by your organization, in the security policy. That's all they're doing. They're saying, okay. What do you have in your security policy? All right. Are you doing that on this window? 16, 20 16 server. Let's see. That's what they'll do. They'll just say, okay. Log into the system. You'll log into the system and it meets that just you logging in meets one of the access controls, because one of the access controls is that everybody will have a role. Everybody will have a username password. Everyone will have a role. And then what they might do is say, okay, log in. Let me see you log in with a normal user account. And then they'll say, okay, now try to access this this file system that, that you're not supposed to access. They'll tell you to access, say the audit logs or something, a normal user shouldn't be able to access the audit logs. So that's the kind of things that they do now. Let me show you something else. Potential assessment methods and objectives. So this is things that a, an assessor can use to assess whether or not you have implemented a C three. You can either examine, you can interview or you can test, right? So normally for AC three, from what I've seen, they do two things. They look at your your access control policy, which is normally in your security policy. And then they see, they say, okay, let me see what you got. Let me see you do it. Let me see you access that system. Let me see you access the backup drives, and then they're determining whether or not you can. So that's one of the things that they do now. Let's go to another control here. Let's go to the next control. And I'm gonna go through a few controls here for you guys. Let's go to AC four and this is information flow enforcement. We're gonna talk very briefly about this one and won't spend a lot of time on it, but it is important just so you know, what is AC four information flow enforcement is the organization controlling the flow of data. And is it documented as an information system, security officer? Those are the main questions for AC four. So let's go ahead and let me show you what we're talking about here. We're gonna go to C4 and I'm still on nvd.n.gov. And I just want to, if you're joining me late, you can just, you can follow along if you want, but I'm on nvd.n.gov, 853. Here we are. We're gonna interpret it. And then I'm gonna show you how it's implemented, how some of the things that you can do to actually check on it. So AC controls, let's see, let's just go right to the description here. Here we are. And it says the information system we already described what the information system is enforces approved authorizations for controlling the flow of information within the system and between interconnected systems based on what the organization says, right? They don't the N doesn't tell you, tell the organization what those control policies, what you should. What elements should be controlled. They allow the organization to control. And that's why they say interconnection systems based on organization defined flow information flow policy. So the organization defines what the flow, the information flow is. And then you're suppo the informa. The organization has to enforce those policies that they put forth. So one of the main things that I have seen done to document information flow enforcement is a diagram. So a diagram that kind of maybe looks like this, it has firewalls. Let's go through this. This is on the N this is on cisco.com, by the way, network diagram, it has a DMZ, it has three servers in the DMZ, right? And we can see our DMZ is connected to a switch. The switch is. Connecting two different networks. Those networks are protected by these two different firewalls. Here's one land, but that's behind a firewall and it has some VPNs that are connected to the internet, right? So this one has more exposure than these ones over here. This is the inside of our organization. So this one's behind an internal firewall. So this is an external firewall and this is an internal firewall. And so this right here is showing what kind of flow enforcement we have. So we're just saying that our data just doesn't go out everywhere. It's controlled. We have a inter protected sanctum here with land computers, with all of our protected data on it. And then we have outside systems. We have a. We have a protection from the internet. So this is actually the internet. Maybe we have VPN clients that log in or guest accounts that can log in to certain limited resources that we have out there. But what we're saying with flow control is that we're our, data's not going anywhere, not I've seen this done and documented different ways. Another way that I've documented in the past, or I've seen other organizations documented is to just have a list of all of the land. If you have land and building five, a land and building seven and a land and building 10, you would just list out here's the lands. And here's what they connect to. You could have like in a spreadsheet and explain what's going on with those things. All right. So I'm gonna go ahead and move on from this one. And I'm going to address a couple of more access controls real quick. We're gonna go straight into. these two right here. We're gonna talk about AC five separation of duties and ACC six privileged least privileged. These ones right here are probably the most overlooked security controls in the AC control family. And the reason I say that is because a lot of organizations, I go to one of the main vulnerabilities that they have is they either give too many permissions to users that don't need it, or they don't separate. They don't separate the different organization, organizational duties. And it's an easy one to do, especially if you're in a smaller, if you're in a smaller organization where you only have 10 users, a lot of times those 10 users will have 10 different hats. You know what I mean is your security guy will do all the administrator work and they'll do all the system analyst work. And then they'll also. be making multimillion dollar choices for the whole organization that they don't, that's not separation of duties. And sometimes you don't really need, multiple people cuz you, you have five computers, five assets and you don't really need a bunch of people to do all these different jobs. So this is this one, these two right here are foundational. Like you, you real, the organization really needs to have these, but I notice a lot of people don't have them. Let's dive into what these actually mean. Cuz I realize I'm probably talking about stuff that you don't, you might not understand. So let's go back here. I'm on nvd.n.gov once again, and I'm going to go to families just to show you how I got here and I'm gonna go to AC controls and then I'm gonna go to. I'm gonna go to separation of duties. I just wanna explain what separation of duties is, and then we'll go to C six lease privilege. All right, here we are right here and I see some people joining me. Thanks for watching. I'll be answering questions after I cover these two items right here. All right. AC five separation of duties. What is separation of duties? What do you do with separation of duties? The organization? This is N 853. The organization, whatever organization you work for, this is what they will do. The organization operates organization, defined duties of individuals. What does this mean? Let me interpret it for. All right. So it says the organization, if it's the department of health and human services, if it's the department of agriculture, the department of labor and Maine, whatever organization it is the organization, let's say the department of health and human services separates whatever or whatever duties that they define. So the organization has to actually define different duties and then they separate the duties. So the N is not telling you, yay. Veely all sec, cyber security people can't do any kind of administrator work or administrator work. Can't do firewall work or a server guy. Can't be also be a firewall guy. That's not what they're saying. They're saying that where it makes sense. You're gonna separate duties apart. So if you have. And what you're trying to avoid is conflict of interest. That's what, the reason why you're trying to do it. And there's certain places where it makes sense. If you are in a very small organization, you don't really have to necessarily, if you don't have the resources to do it, or if there's no reason to do it, if you don't have a server that's controlling a thousand different systems or a hundred different systems, you probably don't really need separation to duties. You can have your ISSO, your information system, security guy also do some the firewall and also look at logs, and there's no conflict of interest, but if you have a whole bunch of computers systems and you, can't not even possibly track all the users on a day to day basis. And there's data. There's thousands of terabytes of data coming in now of your network. Yes. You probably even want to think about separation duties. You probably want to have a whole security unit that, that also watches the administrators and then separate administrator. That is controlled by a whole nother office. All right. Let's keep reading this and get an idea of what's going on. You have to document the separation of duties of these individuals that the organization has deemed necessary to have, right? So if you have a firewall team and you have a server team, you have to document that these are the individuals who control this. And these are the roles that control these items here. Define information system, access, authorizations to support separation of duties. So you're gonna define what level of access these people have. and then what systems that they have access to. So that's what, in a nutshell, that's what you're doing. That's what separation of duties is. And like I said, I do see this one violated quite a bit. It's a kind of find it's a foundational best practice that you do in larger organizations, especially, or medium size organizations. Let's get a little bit more supplemental guidance on this separation of duties, addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activities without collusion. What does that mean? So think about it urine, a large organization like Lockheed Martin has a large contract with a. Health and human services. Now I don't have any pre I've never worked for Lockheed. I don't have any pre any kind of special information on either one of these things. I'm about to say this is pure speculation on my part. So if I accidentally guess it was an accident. Okay. so anyway, Lockheed Martin I've never worked for has a large contract with health and human services, they have a thousand computers and 10,000 users, right? So these 10,000 users let's say, are managed on on a server and on several different act active do active directory servers somebody, one of the administrators is doing something they shouldn't do. They are making new users over and over again. Why do we have 10,000 users? Somebody is making new users. . So in this case you would wanna have separation of duties so that this person who's abusing their power is monitored by a whole nother organization. This is just one example of separation of duties. By the way, you could have a security operations team. And what their job is to do is to watch everything on the network. They're not only watching data going in and out of the network, but they're also watching users. Maybe they have a flag set up to whenever somebody creates a new user, they can see who created the user, what account made that user, when did they made that user? And then, and maybe they even set up something like a justification, like a why? So every time you make a new user account, you have to make a justification and go through the SOC team. That is one way that you can make it so that these people aren't abusing their power. And that's what they're saying here. Separation of duties addresses the potential for abuse of author authorized privileges, cuz somebody could give themselves more privilege or they can make 15 other accounts and then make all those accounts, these secret backdoor user accounts that allow them in and in inside access. There's just so many different things you can do if you don't have separation of duties in a large environment. And that's really mainly what it's for. So you wanna do it when it's, when it makes sense to do it. All right. So I think we beat that dead horse. Let's keep going here. And then what we'll do is, ah, show you how you can document separation of duties. But for now let's talk about the next item, which is least privilege is this one right here. ACC six least privilege. Let's go into this one and talk about least privilege, access, control, least privilege. And if you're, if you don't have any context here, if you're, you just jumped on this live and you're like, man, what's what is he talking about? What is N special publication? 853 rev four. What is that? What's going on? If you're interested in actually knowing more about this kind of this field, this path, what I'm talking about is security compliance, specifically with N and I have a whole course. If you're interested, it's called risk management framework, information system, security officer foundations, and it talks about it talks about how to do security compliance using the N standard. But then I have another one coming out real soon. That talks about how to document everything I'm talking about to you. Now, I give you context of how it all works. I tell I'll break down different documentation and I'm gonna go through. All the families or most of the families, I don't know if I'm gonna cover all of them, but I'm gonna cover most of the families in that. In that course, that's coming out soon. So go ahead and check that out on combo courses.com. If you're interested. All right, let's keep going here. Least privilege. Now this one right here, this one's near and dear to my heart. This is something that many different organizations I would say most of the organizations that I've ever worked for violate this one. The reason why is because we as human beings are. We wanna do the least amount of work for the greatest amount of impact . So if there's a way that we can give somebody, if we have a really smart system administrator in our organization, and we want that server fixed this guy, who's really the smartest guy in the organization does Cisco routers, but we also want him, we just start giving this person all of these different privileges that they don't need. That's one of the things that happens with least privilege. Another thing we'll do, and, or especially in large organizations, is we will we'll have say a thousand different users, right? And the users don't really need, they only need to access their workstation, but they keep coming up with these different things that happen. Like maybe they have this annoying popup and we restricted their laptop to where they can only do their job. They can only, but they got this annoying popup. So every time they get this popup, they contact the help desk. And they're like, Hey, could you guys fix this popup after a while? The help desk is okay. Forget it. Let's just give these guys local admin privileges so that they can fix it themselves. And then they tell 'em how to fix it. But they, and then it's just local admin privileges. What could possibly go wrong with that? A lot can go wrong with that. that's another violation of least privilege. What is least privilege? Let's talk about it. The organization employs a principle of least privilege, allowing only authorized access for users which are necessary to accomplish the assigned tasks in accordance with the organization's mission or business function. What did I just say? So what I'm saying is you only give people the privileges that they need to do their job period, full stop. That's it that's what least privilege is. the, like I said, the reason why this is violated is because we are lazy. We want to do the easiest thing possible, and it's harder to give people limited privileges when every time they need extra privileges, they have to go and ask, they gotta play mother may eye to go get access to the logs or this popup just keeps popping up. I wanna stop it. So lease privileges. It's one of the biggest issues I've that I've seen in organizations. Let's look at the supplemental guidance here, organizations the organization employs lease privilege for specific duties and information systems. The principle of least privilege is also applied to information system processes, ensuring that the processes operate at a privileged level, no higher than necessary to accomplish the required organizational or business mission or business function. You only give the privileges that are needed to do the job period. So runaway privileges is one of the biggest issues in most organizations. I've in 90% of the organizations I've been to, this is the biggest violation, and this is the one that gets the most people in trouble. Let's talk about how to document these two controls that we just talked about here. What I'm gonna do is bring up, I'm gonna bring up a couple things. If you're doing risk management framework, documentation is the name of the game. We, the reason why we document so much. And I know I talked to some of my system, administrators who are very technical they're all their head is always, deep in the weeds on how to implement these systems or set up a new Linux server or whatever. So they don't have time for documentation a lot of times, or at least how they feel. But the reason why documentation is so important to somebody who does what I do, which is security compliance, is that if we don't have documentation, a lot of times we don't know who has privileges and who don't, we don't know what privileges are needed here or to this person or what role we even have sometimes. Organizations are so large that they don't even know what roles they have and they don't even know what roles have, what privileges and the reason why is because they didn't document it. So you have to make sure that you document and that's why it's so important. One of the biggest reasons why we have to document is is having a security baseline. If you don't document, you don't know what baseline you have. And a lot of times that's the reason why you have a legacy system out there on windows 2003 or windows 2000 or something like that in the year 2020, and then there's no support for that system. And so it's out there and you didn't even know it was out there. So that's why you have to document document. Let's talk about documentation here. So what I'm gonna do is I'm gonna bring up an example of how you would. These two controls. What this is here is a one example, one format of a system security plan. This is system security plan right here. And what we were just looking at is ACC six here's ACC six, right here, C six. And how will we document this? So in a system security plan, normally you have an implementation statement. And so that's what we're gonna put right here. And normally this thing will say, okay, did you tailored it in? What did you, is it implemented or not? Is it tailored in or is it tailored out? Meaning did you, it is implemented and if you didn't have it, let's say we didn't we know we need least privilege, but we don't have it. We would say. Now, keep in mind, this is just one way to document into a security plan. I there's also, here's a, let me just show you real quick, another way that you can document it like this. If you wanted to, this is a word document and this word documents a template. I've seen organizations do it like this before. A little easier to on the eyes. I think easier on the eyes, but harder to deal with when you have large amounts of data than a spreadsheet, spreadsheets, in my opinion are easier, but there's another level that's above this that most organizations, large organizations are going to, which is like a database. You put that stuff in a database and the re it's way easier to deal with in a database. Cause the more data that you have on these spreadsheets the more confusing it gets, the more you lose track of things. So what kind of control is it? it's a common control inherited, which is something we talk about in the course. And then here's where we, the implementation statement comes in. So we would say something like this least let's say our organization is Lockheed gen general. I'm just making stuff up. Adheres to the principle of least privilege by enforcing a global policy GPO. So that it's a technical way that they are enforcing all privileges throughout the whole environment. You're just saying what the organization is doing. This is how you document, you're not making this stuff up. All right. Let me just be very clear about this in the real world. What you okay. My head is covering this up. Let me just move myself outta the way here before I that's what I typed right there. So let me just be very clear. You're not making this stuff up as an information system, security officer, as a security compliance person, whether you work for the bank or the government or hospital, you're not making any of this stuff up. You're gathering the information from the organiz. So you, that means you have to bring in stakeholders. That's the people who do this stuff on a regular basis. That means it might even mean you're CIO. It might mean you're CFO. It might mean you're the actual people implementing it, the system administrators, or maybe you're the system administrator, or maybe it's already written in their, another policy somewhere else. You would grab that information and then you're gonna put it into this system. Security plan. All of our system security documents are focused on security. Like you might have, HR has their own documents. The architects guys have their own documents. The technical team have their wikis and their work instructions and their all that stuff. We are focused on the security features of this system. And so that's what we're doing. We're gathering from all these other existing documents where we can, and we're interp, we're putting those into pouring those into our system security. Plan now another place that's really good. Let me move my face here. Another place that's really good to document these security features is a security policy. A security policy is really good, cuz you can really break down. You can really break down each individual item with a security policy. I've got a C four, a C five, a C, 11, and many other things. So in the security policy, I can really focus in and say, here's what we have here and be very specific. And you're not making this stuff up. You're getting it from the actual people who know the system. So that's what you have to do as a system security person. And that's AC the AC controls in a nutshell. And like I said, if you're interested in this. You can go check out combo courses, if you want to deep dive into this kind of stuff. And now I'm gonna open up to any kind of questions that anybody has to let you know what's going on. Any questions whatsoever about anything we talked about is a great opportunity to talk about it. I see a few people here that's joined me a cyber security guy. How do you ever defeat your arrival hacker? So I think that it's, there's, that's not how that's not how I would format. That's not how I see it. That's not my perspective on how what's going on here. So what's going on is you're controlling your data as best your POS as possible in your organization. It's not, you're not defeating an individual person. This is just how I see it. This is not personal. The way I see it is I am working for my organization to protect their information. I'm working for their interest. So whatever their interest is I, that's what I'm protecting. And it's a team effort. It's not me against some random hacker out there. And then, from the hackers perspective, from the malicious criminal hackers perspective, cuz some hackers are good from a malicious attacker's perspective. It's not personal. They just, they have a mission too. And it's either money or it's, it is activism. Or, and they're not usually just going after one organization, they're going after many organizations and seeing what works and me as a cybersecurity guy, same thing. I'm just working for the interest of my organization. And it's a team effort. I'm working with several other people who. This guy does firewalls. This guy does vulnerability management. This other person is the CEO of the company. They have to manage all of the resources of the company. They have a fiduciary responsibility for the organization's information. So there's many different people working on this. It's not me against one lone hacker. And then from the hackers perspective, from the attacker's perspective, it's nothing personal. They just want to find the weakest link. And they're just usually what they'll do is they'll search the whole, a whole spectrum of the internet to look for the weakest link or to look for free information that's being given out there that they can use that information to infiltrate the weakest person who's out there. So that's it guys. If there's no other questions I'm going to. Go ahead and go, oh wait, I got somebody here. Let me see. They said I need a job and I don't have any information system security background coming from a Lenox system engineering background. What will be the best advice? What would be your advice? Please help me. This is easy. If you have a Lennox background you don't. So right now, even with the virus, even with all the stuff's happening, even with the lockdown, now it has slowed down. Like I, some of the employers that have talked to me said that there's right now, there's a free hiring freeze going on throughout. That's hiring freeze going on, for obvious reasons. You can't do interviews in person. You can't, you don't know what, we don't know how long this is gonna last. We don't know. For large organizations, they don't know what kind of what their fiscal year is gonna look like if they're losing sales, depends on what kind of industry they're in. But there's just a lot of uncertainty right now. So obviously the markets have slown down a lot. But that being said, people do still need information system, security officers. So if I were you, here's what I would do. If I were you, here's one of the things that, and I have a whole series about this, by the way, I would go to indeed.com. I've gotta, if you're interested in this, I got an entire series that talks about, I got a whole series that talks about how to market yourself and that's what it's all about. Marketing yourself. I would go to indeed.com. Here's one of the places I would go to Mr. Bun me golden. And then I will type in, I don't know what your skillset is, but you said Lenox is pretty hot. What kind of Linux is it? Red hat. You gotta be specific. Let's say red hat. I'm gonna assume you're a red hat, Lenox guy, red hat. I'm gonna assume you're a red hat administrator. All right. And where, what, where are you? Where are you at? Let's say you are I'm gonna assume you're in Texas, Houston, Texas. You're a red hat administrator. I have, I'd have to know more about what you have going on to, to actually help you out in a more realistic way. But I'm assuming you're a red hat administrator and that you have about five years of experience and you are in Houston, Texas, and I'm gonna go find jobs now. I'm assuming you're in the us. So now look at this. DC. And you're looking for a job. Come on, man. Come on, man. This always blows my mind. DC is one of the hottest areas for it, DC, Virginia, that whole area is hot. Like I, there's not almost, there's barely a week that goes by to somebody from from Washington. DC is not trying to contact me about a job. The thing is most of us it guys, and it's not your fault. Your profession is technical, right? We're not marketers thing is you wanna market your resume. You wanna market yourself. That's the key. That's the whole key to this whole thing. If you're interested in this, you have somebody else having you watching this kind of thing. I gotta you go to combo courses.com. You're gonna go check out my course. It talks about how to, how I've been able to have not only a job. but a six figure job working from home for the last X years. And I'm not some freaking genius, man. I'm not some freaking prodigy. I'm not some freaking genius. The only thing that se separates me from other people is that I work really hard. That's it? I know having seen extremely brilliant people. I know I'm not one of those guys. I know I'm not one of those guys, everything I do, I have to work my ass off for. So that said, and I, I have a level of success that allows me to take care of my family, my wife and kids and travel the world and do what I want, if, when I want, how I want. But anyway, okay. Back to your question, you said, how do I find a job? You're I'm assuming you're a red. Okay. So you said red hat, six and seven in Washington, DC. All right. So let's look at this. I would go. indeed.com I would make, I would upload my resume. See this. It says, upload your resume. If you're following the law, if you're really hungry, man, you could, right now, I'm gonna show you how to do it. Upload your resume, fill this out. Don't just upload it. Fill out the complete profile. If you look at my course walks you through everything. What kind of key words to use, how to find the right keyword, all that kind of stuff. If you're not interested in that, you wanna get it for free. I'll show you right now, upload your resume. Fill out the entire profile. Alright. Put in all, every one of your skills in there don't even leave one out. Cuz there's a place where it allows you to put your skills in how to it allows you to put in all, every place you've ever worked. How many years of experience do you have if you don't mind me asking. Okay, so red hat administrator. Now look at this and let me show you something. . So if you look at this, it'll tell you who's hiring like right now. And these two places, one in Virginia, one in DC are hiring right now. Right now. It means they have an urgent hiring. They really need somebody who knows this stuff. So here's S AIC, SIS IIC is a good company, by the way. At least when I was doing it many years ago, the guy you got medical industry, you've got Linux. There's a couple of industries that lend themselves or four years, man. That's perfect. So there's a couple industries that really lend themselves to you work in almost anywhere in almost any industry. And one of those is Linux is super hot. It, somebody always need it needs it because they just don't. We just don't have enough people who know it now. So what I did was I clicked on this top one right here, and let's just break this thing apart. Let's look at this. So these guys will tell you what they need from you. If you don't fit this, then move on to the next thing. The magic of putting your resume into indeed.com, putting it, uploading it and putting all your skills is that after a while, indeed. Now it's not the best algorithm. I'm gonna show you a better one in a second, but it's but the thing about it is once you put your stuff in there, it will match up different jobs that fit your resume. So right here, as we're looking, we're being very active and we're looking at this job here they require a bachelor's degree. Do you have a bachelor's degree? If you have a bachelor's degree, guess what? This that's great. Good for you. Demonstrate experience with system engineering to include network design documentation installation. Now, like I said, if you don't fit this, go onto the next job. If you do apply. Now, if you put your resume in there, when you hit apply, now it'll take your resume and it sends it to them. let me show you what let's keep going here. All right. This one is Exel logic administrator remote. This is a remote position right here. Look at this. You just go through what requirements, what re skill requirements. And now they want Oracle. I don't know if Oracle, but if you don't know Oracle move on to the next one. We want Linux administrator. We want red hat administrator, S a I C. Now here's S CICS. One of their job pages here. Pretty good company. And let me see here. Yeah. See, look at this happiness score. I never seen that before. I think I clicked the wrong thing here. We wanted, I wanted to actually see the job. So let's just go to the job itself of S a I. Okay. It's talking about a little bit about S a I C, and we're looking at the job screwed. This is what you do. If you're really hungry for a job, you go through every single one of these, every single one. And you find a match for you. But if you put your resume in, it does have to work for you because the hour room's gonna match you up with certain jobs, but you don't want to just wait for that. You wanna put that in there, let it do this work. And then you want to be extremely active and look at every one of these and look at which ones look at the duties. If you can do it, apply for it. If it's a really long drive, factor that into your final decision, you wanna probably find something closer to you, but don't rule it out, right? Don't like, I'm the type of person. If I need to feed my family, I'll work at freaking McDonald's man. I'll work the fries. And then at night I'll Moonlight and deliver pizzas, do what you gotta do. To take care of yourself and your family. You know what I mean? So let's go to the next one system administrator, but you don't have to do that. You're a Lenox administrator. You don't have to, you don't have to flip burgers. You don't have to, Lenox administrator is no joke and you have four years of experience. You should have a really good job right now. And I'm gonna show you how to get one. All right. So bottom line go through every one of these upload your resume, and then you can type in your location, your skillset right here, you can search 'em. But the big thing is to upload your resume. Now, lemme show you something else. LinkedIn. If you're in the us, LinkedIn is one of the best sites to find jobs. I'm gonna show you a better one after this, a better one than LinkedIn, in my personal opinion. couple better ones for LinkedIn. Now, in my course, I tell you exactly how I'm able to. Get so many job opportunities from LinkedIn. This, I don't have a lot of people who actively follow me here, but I could tell you most of the people who contact me, these are real opportunities for me. So what I did was what you're gonna do is you're gonna fill out, you're gonna sign up on LinkedIn and you're gonna fill completely fill out this profile, completely fill it out. And the more you fill it out, the more targeted that it will be the more targeted the traffic you're gonna get. The more targeted, the people who contact you, the technical recruiters that contact you the more targeted they'll be towards you. And that way more peop the most of the people who contact you will be legitimate jobs for you, fill it out. But here's another thing you can do. red hat, Linux administrator. Look at this. You can join groups, right? Join groups. Here's another thing you can do. So you're gonna join groups. You're gonna make a complete profile. I hope you're taking notes. And then you're going to admin. We're gonna look for jobs. We just typed in red hat, Linux, admin, and these are all the other people who are also admins. Now look at this. I want you to take note of this. This guy came up number two. This means technical recruiters are literally typing this in red hat, Lennox administrator. And they're seeing this guy's face. Why is this guy number one? Think about it. Why is this guy? Number one? Why is he coming up? Why is everybody seeing this guy's face? Why is he getting so many job opportunities? He filled out his complete profile. That's why he filled this entire profile out. That's why he is getting so many jobs. That's what you have to do. Now, if I go to this next, now I'm actually looking for jobs here. So let's just keep scrolling. Now note how this is broken, broke down. So see it has, it starts off with other people. Then it talks about the jobs and then groups should be here somewhere. I'm looking. Yeah here's different. Oh, these are different companies. You can follow the companies. If you follow them every time they come out with a new something new they'll, it'll pop up in your messages or notifications. But what I'm looking for is jobs. I'm gonna say, see all, if you're following along. And once again, what we're gonna do is we're gonna go through every one of these, even though this says Kafka engineer, analyst, I'm gonna go see what this is. I don't know what this is. It says promoted. I usually avoid the promoted ones. Because they're paying for it, but that's fine. Even check those wounds out too. It's telling you where, what location? Oh, look, we didn't put our location in. Let's make sure we put our location. You said Washington, DC, Baltimore. Look at this Washington, Baltimore, one of the hottest places for jobs by the way. And they pay a great amount of money, especially if you're willing to travel. Okay. So this one is, I don't know if Splunk, but Splunk developer. Okay. So that's not what we want. Let's keep going. We want some more like Linux kind of administrator type work. This one's looking for sci clearance. I'm assuming that you don't know as you don't have that. That's a clearance. Not a lot of people have it. I don't have a Ts S C I, I don't think anymore. That's Splunk. Let's skip that one. Let's go to the next one. So if you, if it's obvious, you don't know that, just move on to the next one, but this one right here. this one deserves our in our time. Let's look at this one. What are they looking for now? Notice I'm just, I'll come back to this later. They're talking about what kind of business it is. It's women owned and all this kind of stuff. I'll come back to that right now. When I'm looking for is what is in the job description? Can I do it? Nope. Look at this. It says security. Does TSS C I clearance. I don't have a clearance, so let's keep it moving. Notice how I'm just going through these. If I don't if there's any indication I can't do the job I move on. And the reason why is because I got stuff to do, I need to find people who are a good fit for me. That's what we're doing. We're trying to find what's the best fit for our Linux red hat administrator in Washington, Baltimore. Is this even in the same right location, Virginia. Okay. I could drive there. Security plus requirements. Do you have a security plus, do you have any kind of security clearances? okay. I'm assuming not. And this is asking for Oracle stuff, so no, I'm gonna move on. This is how you do it right here. Now my, it looks like my search is not great. So what I'm gonna do is I'm gonna change my keyword here. I'm gonna go to, I'm gonna call this red hat, Linux administrate. Look at this man. I can barely spell you're a Lenux administrator and I'm a American with one language who can barely spell. And if I can get a job, you can get a job. that's all I'm saying all. Okay. Look at this rest in Virginia. Okay. That's not too far from Washington. You're willing to make the drive, but security clearance. So we can't do that one. Let's keep going here. Security clearance. Raytheon. Raytheon is a, is an okay company. They get a lot of contracts, so you'll see tons of jobs from these guys must be a us citizen and S sci clearance. Okay. Moving on now, I'm assuming that in the east coast, this is one of the problems we have is looking for jobs with that don't require clearance. So I'm moving on to general dynamics. Another very large company has 10,000 employees. Let's see here. Okay. Here we go. Scope of work. They explain to you what you, what they're expecting from you. Looking for requirements, education, no degree, 10 years of trip wire experience. Okay. If you don't have trip wire experience, let's move on. So you need to go through every one of these. After you make your profile. First thing you want to do go tod.com put in your profile, go to linkedin.com, make a profile. Once you make the profile, it starts to find jobs that fit you. The reason why this is coming up with stuff that fits me is because I have my pro I have my, I already have a very full profile there. So it's automatically searching things that fit me. So it's I'm having a hard time finding stuff that fits you. That's why it's very imperative that you do this. Okay. Let's look at these skills right here. They're saying in-depth knowledge of HBSS. Okay. Let's I'm assuming you all know that let's just keep going. Red hot platform and applications administrator. So I'm assuming this one's a software engineer, somewhat qualifications. This one might fit. You obtain a public trust clearance. Okay. So this one might fit you because. , they're not looking for a sci clearance, which not everybody can get or has, but public trust clearances just means that they'll do a background check on you and you don't have to be a us citizen. You could be a green car holder or whatever, but public trust is easier to get five years experience with red hat. You said four, you could still pull it off. I would still apply for it. I'd apply for this one. This one might be good for you. Actually, I would look at this one right here. Look at this co this is some stuff you can learn. Cold fusion. They're saying three to five years of WebSphere experience. If you have that, I'd apply for this one that we're getting closer. All right, let's keep going. Let's go. Keep going down here. You get the idea. You're gonna go through every one of these and try to find a match. All right. Try to find a match for you. If it doesn't, if it in anything's out of place, the closer you get to a match. You wanna apply for those jobs, right? The closer you get to a match, the better, because those are gonna be give you the most probability of actually getting an interview with them. Now, let me show you a couple of other places that are really good to apply for there's dice.com, which is probably the best technical place to find a job in the United States of America. So what you would do is go to dice.com and then type in red hat, Linux. You know what? Let's change it up. Let's type in Linux administrator. There we go right there. See this look at, take note of this. Look at this, see how this keyword popped up. That means this is highly searched and they have tons of jobs for this, but then they also have other job titles here, too. Linux administration, Linux administrator. senior Linux administrator, an Sr senior administrator. There's many different ones. What you wanna do is click one of the ones that fit closest to you. Let's look at another keyword red hat. Let's see what pops up with, let red hat look at this. See all these keyword. These are the key words you want to use all these keywords right here. These ones that people are typing in these people that have hot jobs that you're looking for. But I wanna go back to Lenox administrator. And then this is the one right here. And then we gotta type in a location. You said Washington and Washington DC, boom, fine jobs. So y'all notice all these jobs. Look at it. Look how technical all these technical jobs. Look how this one's way better than indeed and way better than LinkedIn, as far as search options go for technical people. What another thing you wanna do is don't look for anything too old. If it's months old, then just forget it. This one's one hour, this one's nine days. This one's 12 hours, 12 hours, 10, 10 hours, two hours. These are just recently posted some of these, right? I said there was a hiring freeze, but look at this one hour, 16 days ago, 30 days ago, I would avoid these one. That's a long time. If it's after 30 days, I would not apply for that. But you never know, never know this one 11 hours ago, one day ago, one hour ago, Restin VA two days ago. That's not too far from where you live. Linux engineer, Linux, admin experience. You get the idea, but what you wanna do is make yourself a full blown profile.

WebSphere: Reduce resolution time on disruptive memory leaks with WebSphere

IBM Expert Radio

Play Episode Listen Later Aug 29, 2022 23:16

Memory leak detection and analysis by WebSphere Automation gives operation teams the insight needed to resolve memory leaks quickly. Every application estate has memory leaks, but teams don't always have the time, resources or skills to identify, diagnose and locate the source of memory leaks. See how you can speed time to resolution with automation to diagnose and analyze memory leaks, triggered by Instana observability.

Trombones, Java, Large Scale WebSphere Liberty Deployments and 50.000 JVMs in Production

Modernize or Die ® Podcast - CFML News Edition

Play Episode Listen Later Mar 6, 2022 50:55

An airhacks.fm conversation with Benjamin Marwell (@bmarwell) about: C64 with 3.5 years, enjoying Pitstop, Pharaoh's Curse and Lady Tut, starting to program in Basic from a manual, modifying the game source, starting with Pascal and Visual Basic, storing the universe into an Excel file, automating a space game with Delphi, implementing a web crawler in Delphi, the "King of Galaxy Wars" and OGame, playing trombone in the army, starting at Finanzinformatik the datacenter for the German saving banks, studying in Hameln business informatics and learning Java 6, programming with 31-bit computing with IBM assembly, starting with 0xCAFEBABE, switching to monitoring department and using BMC Patrol, the web and application servers department, deploying a few hundred applications to WebSphere Liberty, using Apache FreeMarker to generate 'WebSphere Liberty configuration, microservice deployment with WebSphere Liberty, Apache Maven and Apache Shiro Committer, building JavaFX application with jlink, contributing to JLink, creating sprites for Legend of Zelda, podcasts with Robert Scholte "#25 Maven Commitment" and "#28 More Conventions with Maven.next", using Apache Shiro for permission checks, combining security with Bean Validation - a podcast with David Blevins "#156 Bash, Apple and EJB, TomEE, Geronimo and Jakarta EE", Nexus is using Apache Shiro Benjamin Marwell on twitter: @bmarwell, Benjamin's blog: https://blog.bmarwell.de

apple german curse production basic ibm excel pharaoh pascal legend of zelda bash nexus java maven delphi large scale geronimo trombone deployments c64 visual basic hameln javafx websphere ejb david blevins jvms

Modernize or Die® - CFML News for January 11th, 2021 - Episode 130

Play Episode Listen Later Jan 11, 2022 53:19

2022-01-11 Weekly News - Episode 130Watch the video version on YouTube at https://youtu.be/BkIKAlDLFkQ Hosts: Gavin Pickin - Senior Software Developer for Ortus SolutionsEric Peterson - Senior Software Developer for Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and almost every other Box out there. A few ways to say thanks back to Ortus Solutions: Like and subscribe to our videos on YouTube. Subscribe to our Podcast on your Podcast Apps and leave us a review Sign up for a free or paid account on CFCasts, which is releasing new content every week Buy Ortus's Book - 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips) Patreon SupportWe have 37 patreons providing 97% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions.News and EventsUpcoming Ortus Webinar - cbwire + Alpine.js with Grant CopleyJanuary 28, 2022 - 11:00 AM CT - Central Time (US and Canada)In this webinar, Grant, lead developer for cbwire, will showcase how to build modern, reactive CFML apps easily using very little JavaScript.Register today: https://www.ortussolutions.com/events/webinars Log4j UpdatesLog4j-2.17.1 patch released. CommandBox images updates with the latest log4j patched jarsAdobe updated have an updated technote: https://helpx.adobe.com/coldfusion/kb/log4j-2-17-0-vulnerability-coldfusion.html Other libraries like Spreadsheet-CFML have updated as well.Note: Log4j2 Support in lucee 5.3 is coming along for 5.3.9‘Elephant Beetle' Lurks for Months in NetworksThe group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.This beetle adores Java. The group is “highly proficient” with Java-based attacks and often targets legacy Java apps running on Linux machines – primarily, the Java-based web servers WebSphere and WebLogic – as a means of initial entry to a target environment, the researchers explained. Beyond that, Elephant Beetle even deploys its own, complete Java web application to do the gang's bidding on compromised machines that are, meanwhile, chugging along, running legitimate apps.https://threatpost.com/elephant-beetle-months-networks-financial/177393/?fbclid=IwAR0ytUYx0IOxiNXIUE1jHvqDV0ltP_hBf7XCdEyLEYHfSaKadwf01xPkHLI Adobe WorkshopsMore Adobe #ColdFusion Workshops announced, lead by Damien Bruyndonckx2 dates announced:February 2, 20229.00 AM - 4.30 PM CET1.30 PM - 9.00 PM ISTMarch 09, 20229.00 AM - 4.30 PM CET1.30 PM - 9.00 PM ISThttps://cf-workshop.meetus.adobeevents.com/ AngularJS EOL'ed 12/31/2021As AngularJS is faced with an uncertain future, many teams are searching for answers to the current hot topic: if you are using AngularJS, do you continue to maintain your AngularJS applications or do you migrate your applications to another framework? This is not an easy (or cheap) question to answer.In this article, we'll go over some of the reasons why you should consider migrating your AngularJS applications, and some ideas on how to plan and budget for a successful migration.https://www.thisdot.co/blog/why-you-should-consider-migrating-from-angularjs-to-vue CFCasts Content Updateshttps://www.cfcasts.com Just ReleasedInto the Box 2021 are now all FREE - https://cfcasts.com/series/into-the-box-2021 Coming soonInto the Box LATAMSend your suggestions at https://cfcasts.com/supportConferences and TrainingVueJS Nation ConferenceOnline Live EventJanuary 26th & 27th 2022Register for Freehttps://vuejsnation.com/ More conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.https://confs.tech/Blogs, Tweets and Videos of the WeekTweet - Adam Cameron - TIL something new about CFOUTPUTI cannot go into details of why this is a good find, but I was unaware that one can pass an encoding algorithm name like `` (and a bunch of others) which will automatically escape the values in `#expression#`. Didn't know that.https://cfdocs.org/cfoutputhttps://twitter.com/adam_cameron/status/1480624980668915716https://twitter.com/adam_cameronTweet - James Moberg - Microsoft taking log4j stuff seriously.While performing some #coldfusion unit testing to identify #log4j exploit attempts (that my WAF may miss), I had to obfuscate the test strings or @msftsecurity would instantly quarantine & report the script. It's good to see that Microsoft is taking this seriously. #cfmlhttps://twitter.com/gamesover/status/1476347523245694984https://twitter.com/gamesoverBlog - James Moberg - Log4j Exploit Pattern Detection Using ColdFusion/CFMLHere are my initial attempts at trying to detect Log4j exploit attempts that may make it past our WAF/service provider protections. While our WAF stopped requests from Trend Micro's Log4j Tester, obfuscated requests made it through. At time of testing, Azure wasn't blocking requests. I had to be a little careful with the script as Windows kept instantly quarantining the CFM files and prevented ColdFusion from executing the template.2021-12-29: Updated rules based on Google Cloud article to additionally block rmi, ldaps & dns (in addition to stripping whitespace.)https://dev.to/gamesover/log4j-exploit-pattern-detection-using-coldfusioncfml-4l17 Tweet - Zac Spitzer - Show some love for the VS Code CFML ExtensionAwesome to see some activity on the vscode-cfml extension, a new minor release coming soon. If you use it, please show some love and star the repo https://github.com/KamasamaK/vscode-cfml #lucee #coldfusion #cfmlhttps://twitter.com/zackster/status/1476206001384828929https://twitter.com/zacksterBlog - Ben Nadel - Building An API Client With The fetch() API In JavaScriptIn my continued effort to modernize this blog, I'm thinking about trying to replace the jQuery library with more modern techniques. I don't personally have anything against jQuery; but, by replacing it, I'll have an opportunity to learn newer - and hawter - JavaScript APIs (at the expense of robust browser support). Case in point, I want to replace the jQuery.ajax() method with a fetch()-based API client. I've never used the fetch() method before; so, this will be an exciting exploration!When consuming an API, you should always create an API client…https://www.bennadel.com/blog/4179-building-an-api-client-with-the-fetch-api-in-javascript.htm Blog - Ben Nadel - Showing A Comment Preview As You Type On This BlogSince comments, on this blog, are authored using Markdown (and ColdFusion), there is a delta between what you write in the intake form and what is eventually rendered in the HTML. Much of the time, this delta is expected; however, if you have small errors in your markdown syntax, you can end up with HTML that does not reflect what you had intended to publish. To help narrow the gap between input and output, I've added a comment preview functionality to this blog.https://www.bennadel.com/blog/4178-showing-a-comment-preview-as-you-type-on-this-blog.htm Blog - Ben Nadel - Mitigating Cross-Site Scripting (XSS) Attacks With A Strict Content Security Policy (CSP) In ColdFusion 2021As I continue to evolve my blogging platform, bringing it into the modern ColdFusion era, I'm trying to catch up on best practices. Of course, I've always used SQL query parameterization to block SQL injection attacks. And, I use encodeForHtml() and encodeForHtmlAttribute() in as many places as is feasible. And when converting user-provided markdown into HTML, I use the OWASP Anti-Samy project to sanitize the HTML output. But, one thing I've never had is a Content Security Policy (CSP). A CSP is yet another line-of-defense in the war against Cross-Site Scripting (XSS) attacks.CAUTION: I Am Not A Security Experthttps://www.bennadel.com/blog/4176-mitigating-cross-site-scripting-xss-attacks-with-a-strict-content-security-policy-csp-in-coldfusion-2021.htm Blog - Ben Nadel - preserveCaseForStructKey Doesn't Work Inside Application.cfc In Adobe ColdFusion 2021Over the New Year's holiday, I ran into a rather peculiar behavior regarding the preservation of key-casing and the serializeJson() function in Adobe ColdFusion 2021. It appears that the serialization setting for preserveCaseForStructKey doesn't apply to code that resized physically within the Application.cfc life-cycle event handlers. To demonstrate this, we can setup a simple demo in which we serialize data across the event handlers and then dump-out the response:https://www.bennadel.com/blog/4175-preservecaseforstructkey-doesnt-work-inside-application-cfc-in-adobe-coldfusion-2021.htmBlog - Ben Nadel - Posting Comments Using Reply Emails And Postmark's Inbound Streams In ColdFusion 2021I've been a very happy Postmark customer for the last decade. Their SMTP and API services make sending and receiving emails absurdly simple. And, their Inbound webhooks allow you to treat Postmark as a reverse proxy that transforms inbound email delivery into API calls (webhooks) against your own servers. I've been wanting to use this feature on my blog forever; however, I was always afraid that it would lead to massive abuse. That said, in response to a recent spam attack, I was forced to add comment moderation. Which means, I can safely start playing with reply-based comment posting using Postmark's Inbound stream!https://www.bennadel.com/blog/4174-posting-comments-using-reply-emails-and-postmarks-inbound-streams-in-coldfusion-2021.htm Blog - Ben Nadel - Centralizing The Error Response Handling For My ColdFusion BlogIf you've noticed that my blog has been quite quiet over the last few weeks, it's because I've dedicated December to modernizing and upgrading my blogging infrastructure. The refactoring has been extensive, to say the least; and, on the list of things that I've wanted to for a long time is centralizing my error response handling in my ColdFusion code. It took me several days to find, factor-out, and normalize my errors; but, I think I have it at a point that I can easily refine and evolve going forward.https://www.bennadel.com/blog/4173-centralizing-the-error-response-handling-for-my-coldfusion-blog.htm CFML JobsSeveral positions available on https://www.getcfmljobs.com/Listing over 256 ColdFusion positions from 111 companies across 131 locations in 5 Countries.7 new jobs listedContract - CFML Developer at Remote - United States Jan 11https://www.getcfmljobs.com/viewjob.cfm?jobid=11407Full-Time - Software Developer - ColdFusion at Overland Park, KS - United States Jan 11https://www.getcfmljobs.com/jobs/index.cfm/united-states/Software-Developer-ColdFusion-at-Overland-Park-KS/11406Full-Time - IT Engineer Applications (Coldfusion developer/admin) : 19-0.. - United States Jan 11https://www.getcfmljobs.com/jobs/index.cfm/united-states/IT-Engineer-Applications-Coldfusion-developeradmin-1905340-at-Portland-OR/11405Full-Time - Senior Coldfusion Developer |LATAM| at Colon, PA - United States Jan 11https://www.getcfmljobs.com/jobs/index.cfm/united-states/Senior-Coldfusion-Developer-LATAM-at-Colon-PA/11404Full-Time - ColdFusion Developer at Virtual, US - United States Jan 10https://www.getcfmljobs.com/jobs/index.cfm/united-states/ColdFusionDev-US/11403Full-Time - Remote Software Developer (Cold Fusion) at Mississauga, ON - Canada Dec 31https://www.getcfmljobs.com/jobs/index.cfm/canada/Remote-CFDev-at-ON-CA/11401Full-Time - Fresh Software Engineer ( For ColdFusion Only) at Ahmedabad,.. - India Dec 30https://www.getcfmljobs.com/jobs/index.cfm/india/Fresh-Software-Engineer-For-ColdFusion-Only-at-Ahmedabad-Gujarat/11402 ForgeBox Module of the WeekJSON-DiffBy Scott SteinbeckAn ColdFusion utility for checking if 2 JSON objects have differencesCall JSONDiff.diff to get a detailed list of changes made between the JSON objects.Call JSONDiff.isSame to get a simple boolean true or false.https://www.forgebox.io/view/jsondiffVS Code Hint Tips and Tricks of the WeekExcel ViewerIf you're working with data, there's a high chance that you'll also encounter an excel spreadsheet in some form. Excel Viewer makes it easy to deal with excel data in your VS Code editor by formatting long and comma-separated strings into a tabled format. This can work wonders for your .csv, .tsv, and .tab extensions.https://marketplace.visualstudio.com/items?itemName=GrapeCity.gc-excelviewerFunny link: https://twitter.com/dawntraoz/status/1479490317766336518Thank you to all of our Patreon SupportersThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox. You can support us on Patreon here https://www.patreon.com/ortussolutionsNow offering Annual Memberships, pay for the year and save 10% - great for businesses. Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription. All Patreon supporters have a Profile badge on the Community Website All Patreon supporters have their own Private Forum access on the Community Website https://community.ortussolutions.com/Patreons John Wilson - Synaptrix Eric Hoffman Gary Knight Mario Rodrigues Giancarlo Gomez David Belanger Jonathan Perret Jeffry McGee - Sunstar Media6 Dean Maunder Joseph Lamoree Don Bellamy Jan Jannek Laksma Tirtohadi Carl Von Stetten Dan Card Jeremy Adams Jordan Clark Matthew Clemente Daniel Garcia Scott Steinbeck - Agri Tracking Systems Ben Nadel Mingo Hagen Brett DeLine Kai Koenig Charlie Arehart Jonas Eriksson Jason Daiger Jeff McClain Shawn Oden Matthew Darby Ross Phillips Edgardo Cabezas Patrick Flynn Stephany Monge Kevin Wright Steven Klotz You can see an up to date list of all sponsors on Ortus Solutions' Websitehttps://ortussolutions.com/about-us/sponsors★ Support this podcast on Patreon ★

new year news microsoft virtual videos register tricks windows application profile countries adobe tweets api blogs linux java listing alpine javascript azure html colon inbound google cloud sql csp mississauga json ahmedabad gumroad modernize overland park vs code jquery markdown cfm trend micro podcast apps cold fusion waf angularjs postmark senior software developer die podcasts brad wood javascript apis weblogic ortus websphere cross site scripting xss adobe coldfusion contentbox coldbox

Bash, Apple and EJB, TomEE, Geronimo and Jakarta EE

Play Episode Listen Later Sep 9, 2021 88:51

An airhacks.fm conversation with David Blevins (@dblevins) about: Code Generation with bash, bash is your best friend, scripting as documentation, learn first, then automate, an opportunity to work on an EJB container, working on EJBOSS, working with the great Richard Monson-Haefel, co-founding openEJB with Richard, bluestone and gemstone servers, exolab was an incubator, openJMS, openEJB and castor, working with Apple to integrate openEJB with Apple's WebObjects, openEJB on Apple's WebObjects box, from experience to cash, the concept of isolated containers in openEJB, Dain Sundstrom wrote CMP for JBoss, Rickard Öberg started at openEJB for two weeks, creating Geronimo in 2003 as competitor to JBoss, announcing Geronimo at theserverside.com, Geronimo was over engineered, good idea at a bad time is a bad idea, Convention over Configuration vs. explicit configuration, openEJB's Java Serialization was faster than WebLogic's T3, Geronimo's configuration was not portable, joining gluecode, gluecode was sold to IBM, Jason van Zyl was the creator of Maven, Jason van Zyl created Sonatype, jelly - the executable XML, Maven 2 rollout was tested with openEJB, switching from codehouse to Apache, 600 people were working on WebSphere, Dan Allen was working on arquillian, Arquillian used internally openEJB, JBoss 7 became Wildfly, creating TomEE after JavaOne 2010, TomEE stopped consulting, tomitribe provides support for TomEE, Tomcat, ActiveMQ, TomEE 9 starts in 2 seconds, TomEE passes the TCK with 64MB RAM, TomEE lost access to TCK in 2013 before Java EE 7, TomEE got access in December 2019, TomEE is working on MicroProfile 4.0, TomEE uses Apache Johnzon JSON-P, TomEE uses Apache projects to implement Jakarta EE and MicroProfile specification, TomEE uses BeanValidation for JWT validation, using BeanValidation for authorization with custom data in JWT, Tribestream - the API Gateway, David Blevins on twitter: @dblevins and David's company: tomitribe

apple ibm convention bash jakarta apache maven t3 geronimo cmp configuration xml tomcat tck jwt zyl dan allen api gateway sonatype javaone java ee jboss weblogic websphere ejb david blevins activemq

414 Cloud Native Challenges with Liran from Rookout

Reversim Podcast

Play Episode Listen Later Jul 22, 2021

[קישור לקובץ mp3] שלום וברוכים הבאים לפודקאסט מספר 414 של רברס עם פלטפורמה - התאריך היום הוא ה-18 ביולי 2021, ואנחנו בעיצומו של גל איש-לא-יודע-כמה, וגם לא יודעים האם זה עיצומו . . . השעה היא 2100 בערב, שעון יקנעם-עילית, ויונתן מצטרף כ-Co-Host - היי יונתן! טוב שאתה פה איתנו שוב.והיום נמצא איתנו לירן מחברת Rookout - ברוך הבא, מה שלומך?(לירן) מצויין - קצת מאוחר, אבל זו שעה מצויינת לפודקאסט.(רן) לתל אביבים זה כמעט בוקר . . .אז תיכף תספר לנו קצת מה איתך ועל החברה - הנושא שלנו להיום, בקצרה, זה האתגרים המעניינים שיש מאחורי דברים שהם Cloud-Native, שזה בעצם גם העיסוק של החברה שלך.אז ככה בשתי מילים - מי אתה? מה אתה עושה? מה עשית לפני זה?(לירן) אז אני לירן חיימוביץ', Co-Founder ו-CTO ב-Rookoutלפני שהצטרפתי ל-Rookout הייתי איזה עשר שנים במשרד ראש הממשלה, בוגר קורס אר”מ, למי שככה, מתעסק בדברים האלה.בגדול, לפני חמש שנים החלטתי להקים סטארטאפ - וכמה חודשים אח”כ קרמה עור וגידים Rookout . . .ו-Rookout היא חברה שמספקת כלים למפתחים, שמאפשרים להם “לצלול” לתוך הקוד לשהם, לדבג אותו להבין מה הוא עושה - גם כשהוא רחוק.אני לא חושב שיש משהו יותר רחוק, היום, מאשר Cloud-Native ו-Cloud בכלל.(רן) כן . . . אז מניח שאת המונח “Cloud-Native” לא מעט מהמאזינים שמעו [יש קרבורטור], יש גם ממש ארגון - CNCF - Cloud Native Computing Foundation , ואני מניח שזה שגור בפי רבים, And yet - כל אחד שומע את זה וכנראה מבין משהו אחר, מתכוון למשהו אחר.לפי ראייתך - מה המשמעות של Cloud-Native?(לירן) וואו, “לפי ראייתי” . . . קשה לי קצת להגיד שזה לפי ראייתי ולהגדיר את זה, אבל איך שאני תופס את זה, זה שלפני 10-15 שנים התחיל עולם ה-Cloud, עם ה-S3 של AWS ועם ה-Google App Engine ועם טכנולוגיות כאלהובהתחלה, התצורה הייתה יותר כזה “Lift & Shift” - בוא ניקח את האפליקציות שכתבנו ל-Data Centers ונריץ אותן בענןומה שהבנו, תוך כמה שנים, זה שאנחנו לא מנצלים את המקסימום שהענן יודע לתת לנו, את המקסימום שהענן יודע להציע לנויש המון יתרונות, שאפשר לדבר עליהם שעות - אני לא אכנס לזה עכשיו, כי על זה . . . נדבר רק על היתרונות של הענן . . .ובעצם - Cloud-Native זה אוסף של טכנולוגיות, אוסף של תפישות, אוסף של שיטות עבודה - שנועדו לאפשר לנו לבנות את אפליקציות שלנו בצורה אחרת, בצורה שיותר ממנפת את היתרונות הייחודיים של הענן, את האלסטיות שלו, את ה-Scale שהוא מאפשר לנו - ובעצם לבנות אפליקציות גדולות יותר, טובות יותר, מודרניות יותר.(רן) אז אם אני אסתכל רגע, לדוגמא - דיברת על Lift & Shift, אז נגיד שהיה לי איזשהו שירות Backend-י, שמכיל נגיד 50 מכונות - אז אני יכול לקחת את אותן 50 מכונות ורק להרים אותן באחד מספקי הענן - ולזה אנחנו קוראים Lift & Shift.כנראה שזה יעלה לי הרבה יותר . . . כי עלות של מכונה On-demand היא יותר יקרה מאשר מכונה שהיא כבר שלי, אם קניתי אותה.היתרון המשמעותי של הענן זה שהוא מאפשר לך לא להחזיק את כל ה-50 בכל זמן נתון, למשל . . .(לירן) עצם העובדה שאתה מסתכל על זה כעל “50 מכונות” - זה בדיוק התפיסה של Data Center . . . אתה מתכנן מראש - “אני, בשביל לעמוד ביעדים שלי, צריך להגדיר 50 מכונות” - אני יודע כמה CPU, כמה RAM, כמה דיסק-קשיח יהיה בכל אחת מהן,אני יודע מה יהיה התפקיד של כל אחת מהןואני חושב במונח הזה של “50 מכונות”היום, ב-Cloud, אנחנו יכולים להרים מכונה בסדר גודל של בין 15 ל-60 שניות, הרבה פעמיםלפעמים כמה דקות, תלוי בתפקיד שלה.ו-Container-ים אנחנו יכולים להרים לפעמים בשניות בודדות וזה מאפשר לנו לחשוב בעולם אחר -מאפשר לנו לעלות הרבה יותר מהר, לרדת הרבה יותר מהראנחנו יכולים לתכנן את ה-Capacity שלנו ברמה של דקות קדימה - ולא שנים או חודשים.(רן) אז אלה חלק מהיתרונות של הענן - ואמרנו באמת שלא נבזבז את כל הפודקאסט בלדבר על היתרונות, אבל כמובן שאלו חלק מהיתרונות.אולי צריך לציין שזה לא תמיד היה ככה - כשהתחיל -S3, או כשהתחיל EC2, אז הדברים לא היו בהכרח ככה. זאת אומרת - להרים מכונה יכול היה לקחת דקות ארוכות, מחירי ה-Storage היו שונים . . . אבל עם הזמן זה משהו שבהחלט קרה, ונולדו טכנולגיות חדשות - Lambda לדוגמא, ויש עוד דוגמאות אחרות - שבעצם מאפשרות שינוי פרדיגמה, שינוי שיטה.אבל - עם כל דבר טוב, גם יש כמה אתגרים . . . אז יש לא מעט אתגרים בלאמץ Cloud-Native, ובעצם פה אתה . . . על זה אנחנו רוצים לדבר.אילו אתגרים מעניינים אתה חושב שכדאי להתחיל איתם?(לירן) אז אני אהיה קצת אנוכי, ואני אסתכל על זה מהפרספקטיבה שלי - בסוף, רוב הקריירה שלי, רוב הרקע שלי היה כמפתח תוכנה, כמהנדס תוכנה, ואני אנסה להסתכל על זה מהפרספקטיבה שלי - של איפה מפתחי תוכנה “סובלים” בעולם ה-Cloud.ואחד הדברים שקורים למפתחי תוכנה זה שפתאום הם מאבדים שליטה - אם פעם היינו מריצים את האפליקציה שלנו עם איזשהו שרת Java Enterprise או איזשהו WSGI ב-Python, משהו כזה שקל להרים מקומית, פתאום אנחנו עוברים לטכנולוגיות שנבנו עבור הענן.נורא קל וטוב ומדהים להריץ אותן בענן - אבל יכול להיות פתאום נורא קשה להריץ אותן על ה-Laptop שלנו . . . .בין אם זה Serverless, שלא באמת קיים על ה-Laptop שלנובין אם זה ב-Kubernetes, שהוא מאוד מאוד גדול ויקר במשאבים, בעבודה מקומית ובעבודה קטנה - הוא מדהים ב-Cloud ולא כזה טוב אצלנו.בין אם זה כל מיני תלויות ב-Cloudבין אם זה כל מיני שירותים של AWS - זה SQS ו-SNS ו-Databases מנוהליםפתאום בכל הדברים האלה, כשאתה מתחיל לעבוד מקומית - זה מאתגר.או שאתה עובד עם ה-Cloud המרוחק בכל פעם, עם בעיות Connectivity ו-Latency ועם חוסר או פחות שקיפות, או כשאתה מרים כל מיני סימולטורים אצלך, שהם הרבה פחות איכותיים והרבה פחות מסמלצים . . .מן הסתם, ככל שאתה עובד יותר עם עם סימולטורים ופחות עם “סביבת האמת”, ככה התוצאות שלך ישתנו ברגע שתעבור מה-Dev ל-Staging או ל-Production.(רן) אז אנחנו בעצם מדברים על חוויית המפתח, שהיא נפגעה . . . דרך אגב, שווה להגיד שלפני, אני חושב, שני פרקים דיברנו על הנושא של Serverless עם ינון מ-Via וגם הנושא הזה עלה - ואני חושב שהבעיה היא די ברורה: כל מי שאי פעם פיתח פונקציות Lambda או המקבילים שלהן מבין את הבעיה - זה רץ בענן, אבל להריץ על המחשב שלך . . . אולי תצליח, אבל זו לא תיהיה אותה הסביבה.וכמובן הזכרתי את כל השירותים שמסביב - אם אתה צריך איזה SQS אם אם אתה צריך S3 או אם אתה צריך משהו אחר, אז אתה צריך או להשתמש ב-Service המרוחק, ואז עדיין יש לך חווייה גרועה כי זה איטי - או להשתמש באיזושהי סימולציה מקומית, אבל אז לא בטוח שהסימולציה באמת פועלת אותו הדבר, לצורך העניין . . . אולי לדברים הבסיסיים כן, אבל הרשאות או דברים כאלה לא תמיד עובדים כמו שצריך - ואז אתה מקבל את הזבנג שלך ב-Production.אוקיי, אז האתגר של חוויית הפיתוח . . . דרך אגב, יונתן - אצלכם יש Workloads שהם גם ב-Cloud וגם לא ב-Cloud [פרק 382 Carburetor 27 - k8s and multi-cloud], באיזו גישה נקטתם בהקשר של חוויית מפתח?(יונתן) אז אצלנו רוב האפליקציות ורוב ה-Services רצים ב-Cloud - אבל כזה שהוא שלנו, זאת אומרת Private Cloud ולא Public Cloud.אנחנו, מבחינת Debugging - אולי נדבר על זה אח”כ, יש פה גם עניין של גישות, אני חושב, של האם אתה רוצה בכלל לדבג (Debug) ב-Production ואיך אתה עושה את זה - אבל מבחינת סביבת הפיתוח עצמה, אנחנו עובדים ב-Remote - זאת אומרת שאתה מריץ את ה-Service שאתה רוצה לדבג (to debug) אותו לוקאלית, וכל שאר ה-Services שאתה נסמך עליהם, Databases וכו', הם ב-Remote.(רן) ואם הם צריכים אותך, דרך אגב? יש איזשהו Tunnel כזה שגם הם יכולים לקרוא לך?(יונתן) אם הם צריכים אותך - לא . . . אבל אם אתה צריכים שניים שמדברים אחד עם השני, אז אתה יכולים להרים את שניהם לוקאלית, שזה נגיד יחסית פשוט.אבל לא תוכל לקבל פתאום, לא יודע . . . הודעות Kafka משירות אחר.(לירן) הודעות Kafka או webhooks נגיד, שמכניסים . . . וגם - להרים Service אחד, בטח אם זה Service שאתה מכיר, אותו ועובד עליו טוב זה עוד קל - ברגע שאתה מצרף אליו את ה-Service השני זה כבר יותר מורכב, במיוחד אם זה Service שאתה פחות מכיר, או Service של חבר שלךוזה נוטה להיות אקספוננציאלית-יותר-קשה ככל שהמספר עולה . . .כשמדברים עליו Design “נכון” של Cloud Native, כשאתה חושב על זה . . . אם אתה עושה אינקפסולציה (Encapsulation) נכונה, אתה תמיד עובד על Service אחד, אפילו עובד עם Unit Testing - והכל מדהים.אבל ברגע שהאבסטרקציה (Abstraction) הזו מתחילה להישבר, ברגע שאתה צריך שני microServices או שלושה microServices, אז זה ניהיה הרבה יותר Messy [לא זה] ו“מציק”.(רן) גם בוא לא נשכח, שאני מניח שהרבה מהלקוחות לא מתחילים מוצר מאפס . . . הרבה מהלקוחות הם אולי במצב קצת יותר טוב מ-Lift & Shift, אבל בכל זאת הם לא מתחילים את כל הארכיטקטורה שלהם מאפס.אז עושים כמה התאמות לענן, כדי באמת להינות מה-Benefits שלו, אבל עדיין לא הכל כל כך נקי וברור - ולא תמיד משתמשים באבסטרקציה (Abstraction) הנכונה, ואז זה ניהיה יותר מורכב.אז איך יוצאים מהסמטוחה הזאת? . . .(לירן) אז באמת, כמו שיונתן אמר, יש את הגישה ה . .. נקרא לזה “אופטימלית”, שבאה ואומרת “אני מרים את הקוד שלי על המחשב שלי, וכל השאר שיהיה מרוחק, שיהיה בענן”שזה עובד חלק מהזמן . . . זה בעיקר עובד כשה-Scope מוגדר היטב, כש”המערכת יחסים” פשוטה, כשאפשר לבדוק טוב מאוד עם Unit Testingובעיקר כשהשירותים בענן לא צריכים אותי - כשאני לא צריך לקבל דברים מה-Kafka, כשאני לא צריך לקבל דברים ב-webhooks, כשלא צריך לפתוח Tunneling אלי.זה יכול לעבוד מאוד טוב - ואז אני באמת יכול לעבוד עם כל הכלים המסורתיים שלי.דרך אגב - למי שמתעניין בזה, יש ל-Kubernetes כלי שנקרא Telepresence: זה Open source שעוזר לעשות את זה.זה עדיין לא תמיד הדבר הכי קל והכי פשוט - אבל זה יכול קצת לעזור עם Port-Forwarding ו“שטויות” אחרות.(רן) דרך אגב - מאוד מעניין איך הוא עובד, ברמת ה-Networking, אבל זה לפודקאסט אחר . . . יש שם הרבה טריקים ושטיקים . . . טוב, כל Kubernetes עושה שטיקים ברמת ה-Networking, אבל גם Telepresence באופן ספציפי . . .(לירן) שטיק אחד גדול זה, Kubernetes . . . ואז יש לך את האופציה - שתי הקיצוניויות האחרות:אחת זה באמת להרים את כל הסביבה מקומית - שזה הולך וניהיה יותר ויותר קשה ככל שהסביבה יותר מורכבת, אבל אם יש לך נגיד שניים-שלושה-חמישה, אולי עשרה microServices, אתה עוד יכול להסתדר עם זה.אני כן אגיד שהרבה פעמים זה כאב ראש - הרבה פעמים אתה מוצא את עצמך מתחזק בעצם שני סטים של Deployment-ים, נגיד Kubernetes ו - Docker-Compose מקומית.אפילו אם אתה עושה Kubernetes מקומית - עדיין כנראה שה-Load Balancer יהיה שונה מקומית ומרוחק, יכול להיות שה-Database יהיו שונים ומרוחקים, אופרטורים . . . כל מיני Provider-ים שנמצאים בסביבה ה-Cloud-ית לא בהכרח יהיו זמינים מקומית, ואתה תמצא את עצמך מתחזק שתי קונפיגורציות.והאופציה השלישית, שהיא לקחת את הכל ל-Cloud - להגיד ש”אני מרים את כל הסביבה שלי ב-Cloud”, ואז בעצם כל שינוי בסביבה זה בעצם אומר איזשהו תהליך Deployment ו-CI/CD ו-Build.יש כלים, פה ושם, כמו Skaffold, כמו Tilt, כמו Garden, שעושים לזה אופטימיזציה ומנסים לעשות את זה הכי קל והכי מהר.אבל זה עדיין שרת מרוחק, שאתה מפתח עליו, שאתה מנטר אותו מרחוק - ואין לך את אותה רמה של יכולת “לצלול לתוך הקוד” שלך ולהבין אותו, כמו שאתה יכול מקומית.(רן) אני חושב ש . . . (א) יש כל מיני קומבינציות שונות, אבל קטיגורית יש גם את האופציה של Dev-Container - לפתח על Container מרוחק, שאולי נמצא בתוך ה-Datacenter, וכל מה שאתה עובד עליו זה איזשהו Frontend, איזשהו IDE שמדבר איתו, אבל ה-Codebase עצמו והקומפילציה והכל נמצאים מרוחק.אבל פה, דרך אגב, אני חייב להגיד שמעבר לחוויית המשתמש - דיברנו על Latency, דיברנו על חוויית המפתח - אבל מעבר לזה, יש גם את העניין הזה של “אתה מלכלך”... אתה מלכלך את Production, אתה משתמש בדאטה של Production, אתה יכול בטעות “לשתות” הודעות מ-Kafka שלא היית אמור לשתות, או לכתוב ל-Database שלא היית אמור לכתוב אליו - וזו בעיה לא של חוויית מפתח, זו בעיה של הנכונות של ה-Production . . .(יונתן) או של ה-Isolation . . . (רן) !Isolation - זו המילה שחיפשתי!(לירן) יש הרבה חברות שבהן זה לא בא בחשבון בכלל להתקרב ל-Production בתור מפתח - ואז כן, איך אתה עושה בעצם Isolation?האם אתה רץ באותו Cluster? ב-Cluster נפרד? על אותו Account או ב-Account שונה?הרבה אתגרים . . . .העולם הזה, של Remote Development, הוא סופר מעניין - יש Startup שנקרא Gitpod, אם אני זוכר נכון, שמתעסק עם זהגם GitHub הוציאו עכשיו איזושהי וריאציה של vscode שהיא Purely hostedאבל ממה שאני רואה וממה שאני קורא, זה עדיין לא שם.זה סופר-מגניב וזה וסופר-מבטיח, אבל לא הייתי ממליץ לאף אחד לבנות את ה-Development Environments שלו על . . . (רן) אני מכיר כבר כמה שעושים את זה . . .(לירן) באמת?(רן) . . . לא חברות גדולות . . .אבל כן.(יונתן) אם אני לא טועה, אפילו באינטל, לפני 15 שנה, עבדו ב-VNC על שרתים מרוחקים - וככה עבדו.(רן) יכול להיות - אבל האם המפתחים אהבו את זה?(יונתן) שאלה . . .(לירן) יש עכשיו כל מיני Web-first IDEs שנועדו להיות Hosted, ואמורים לתת חווייה מאוד טובה, אבל הבעיה היא שוב - עד כמה הם יכולים לבנות סביבת פיתוח מלאה.זה לא רק להריץ את הקוד - זה להריץ אותו, זה לדבג אותו, זה לספק את כל המעטפת שאתה רגיל ואוהב מה-Laptop שלך.(רן) ובכל אופן - את בעיית ה-Refresh, שדיברנו עליה קודם - זה לא פותר . . . זה אולי עושה אותה אפילו יותר גרועה, במובן הזה שעכשיו זה נורא קל להריץ דברים בתוך ה-Datacenter של Production, אז למה שלא תעשה את זה כל הזמן? . . . הנה - שכחת איזשהו Service באוויר ופתאום הכל נתקע בלילה. . . אילו פתרונות, דה-פקטו, אתה רואה שאנשים באמת מוצאים בשטח?(לירן) אז האמת שאנחנו רואים שאנשים מאמצים קצת מכל דבר, איזשהו שילוב של הדבריםקצת יש לי פרספקטיבה - אתה יכול להגיד שאף אחד מהפתרונות האלה לא טובים, ואתה יכול להגיד שהפתרונות האלה, כל אחד מהם טוב למשהו ספציפי.אבל אף אחד מהם לא נותן מענה לכולם כל הזמן.בסוף, אנחנו רואים שכל חברה שאנחנו עובדים איתה, כל חברה שאני מדבר איתה, מוצאת איזשהו שילובמן הסתם, ככל שאפשר לעבוד יותר מקומית אז זה יותר קל, וזה משהו שמפתחים מתרגלים אליו.אבל הרבה פעמים זה לא עובד - ואיפה שזה לא עובד, אז עוברים לדברים היותר מורכבים - להריץ את הכל Containerized מקומית, להריץ את הכל ב-Cloud, זה נורא תלוי ב-Use cases.דיברנו קצת על ה-Use case של ה-Incoming Data, של “אני רוצה עכשיו להרים webhook או להרים API ולראות מה קורה כשפונים אליו - אז כנראה שאני אצטרך להרים אותו ב-Cloudלעומת זאת, אם אני יכול יותר למשוך Data מאיזשהו Database, יש סיכוי טוב שאני אוכל להריץ את הקוד מקומית, עם איזשהו Batch Process, ולדבג אותו תוך כדי - והחיים שלי יהיו יותר יפים.ואז, בעצם, כשאתה מריץ את הקוד מרוחק, אז אתה היום קצת נופל לכלי-Production . . . זאת אומרת, אתה כבר לא יכול לעבוד עם ה-Debugger כמו שאתה רגיל, ואתה גם לא יכול לערוך קוד on-the-fly ולראות את זה.עובדים הרבה יותר באוריינטציה כמו שהיית עושה Troubleshooting ב-Production - עובדים עם כלי Observability, עם לוגים, עם מטריקות, עם Tracing - ומנסים להשתמש בכלים האלה כדי להבין מה קורה עם הקוד.מכיוון שה-Deployment-ים הם הרבה יותר איטיים, הרבה יותר מוסרבלים.(רן) כן, וזה, נראה לי, מביא אותנו גם קצת לאתגר הבא, של המורכבות , זאת אומרת - אם בעבר דברנו על ה-Scenario שהיה לך איזשהו AppServer, ובתוך ה-AppServer הייתה לך לוגיקה נורא-נורא מסובכת, אבל כל זה היה בתוך איזשהו Server בודד, או אולי פרוש על איזה Server אחד או שניים - נגיד AppServer ו-Database, אבל לא הרבה יותר מזה - היום, למעשה, לוגיקה פרושה על פני מספר Server-ים, אולי מספר פונקציות, תורים, Database-ים, Hook-ים ועוד הרבה מאוד פטנטים אחרים . . . חלקם חדשניים וחלקם אולי לא כל כך - אבל לפעמים אתה מגלה שנגיד HTTP Request של User בודד עובר בקלות דרך עשרה-חמישה-עשר דברים שונים, כשלא כולם זה בהכרח בבעלותך . . . זאת אומרת, יכול שחלק מהם בבעלות ה-Cloud Provider, חלק מהם אצל איזשהו Hook, נגיד שאתה כותב קובץ ומייצר Hook וכו'.זה ניהיה מורכב . . . איך מטפלים? איך מבינים את המורכבות הזאת? איך מבינים כשיש בעיות?(לירן) זה ניהיה מורכב, זה ניהיה מאוד מורכב . . . דווקא בעולם הזה, כלי ה-Observability שיש לנו היום הם מאוד מאוד טובים.אני לא יודע, ככה . . . חבר'ה בקהל שמקשיבים לנו, האם יצא להם לשמוע את המונח “Observability”זה מונח שמדבר בעצם על היכולת להבין מה קורה במערכת - מבחוץ.להבין האם היא במצב תקין או לא במצב תקיןואולי טיפה למה . . .יש היום אוסף של כלים כאלה, החל מעולמות הלוגים המסורתיים שאליהם אנחנו רגילים, דרך עולמות המטריקות - Prometheus וזה - ועד רמות ה-API, שזה כלים שהם קצת יותר כבדים, שמאפשרים יותר לצלול לעומק, ובאמת לעקוב, ברזולוציה מאוד בסיסית, על הבקשות האלה - בקשות HTTP ובקשות אחרות לאורך המערכת, לראות אילו Services עובדים . . . וכל הכלים האלה נותנים לנו איזשהו פידבק ראשוני, של כמה שגיאות יש במערכת, כמה זמן לוקח למערכת - ואולי גם מכווינים אותנו בערך לאיזו קומפוננטה (Component) עושה בעיות, איזו קומפוננטה חווה קשיים..(רן) אבל שוב, אני אקשה - דיברנו על קשיים . . . - אז אם פעם יכולת ללכת ל-JBoss שלך . . . יונתן, אני יודע שאתה נזכר בזה גם . . .(יונתן) !WebSphere [הוזכרו גם ב-412 Serverless at Via](רן) WebSphere . . . אז אתה יכול ללכת אליו, ולשים שם Breakpoint . . .להגיד “אוקיי, עכשיו אני אשלח Request, ונראה מה קורה ב-Breakpoint”.ועכשיו - אתה אולי, במקרה הטוב, יכול באמת להתחבר ולשים Breakpoint, וגם לא תמיד, אבל בדרך, אתה לא תראה את כל ה-Stack . . . יהיה לך מאוד מאוד קשה להבין מה ה-State שהביא אותך עד לשם, ושוב - לא תמיד אפשר לייצר Breakpoints, ברמה הטכנית.(לירן) זה באמת החסרון הגדול של שימוש בכלי Observability למטרות פיתוח.כלי Observability הם מאוד מאוד Rigid באופי שלהם - צריך להגדיר מראש מה רוצים לעשות, צריך להכניס את הלוגים לקוד, צריך להכניס את המטריקות לקוד . . .הכלי Tracing, דרך אגב - ה-API-ים יודעים לנטר איזשהו overview ראשוני, בעצמם, Out-of-the-Box, אבל מעבר ל-Basic זה, אתה צריך להוסיף בעצמך כל נקודה שאתה רוצה לנטר.וגם בכל פעם שאתה רוצה לשנות - זה אומר לשנות קוד, לעשות re-Deployment . . .עכשיו - כשמדובר על הקוד שלך, במיוחד אם זה רכיב שאתה עובד עליו עכשיו, אז זה לא כזה נוראבטח בסביבת Dev, לבנות את ה-Java, לעשות Transpile ל-JavaScript, לבנות את ה-Container, לעשות לזה Deployment . . . בין חמש לעשרים דקות ואתה מסודר.אבל זה הרבה יותר כואב כשזה לא הקוד שלך - בין אם זה microService ליד, שאותו אתה כבר פחות מכיר - פחות מכיר את ה-Build שלו, פחות מכיר את התהליכים שלו, פחות מכיר את ה-Deployment שלו.וזה יכול להיות גם Open Source . . . זה יכול להיות עכשיו איזשהו קוד Open source, ועכשיו לפתוח את הקוד Open Source הזה בשביל להוסיף Log ולהבין איך עושים Re-build ל-Package ואז את ה-Dependencies שלך להפנות ל-Package שבנית . . . - זה כבר יכול להיות סיפור בהיקף של איזה חצי-יום ויותר, וזה די מבאס.(יונתן) זה אולי מבאס - אבל יש גם הצד השני: עבודה כזאת שאתה עושה - על להוסיף מטריקה במקרים מסויימים, לזרוק Event . . . - זה קשה, אבל זה גם נכסזה נשאר איתךכש-Debugging הוא . . . אתה עושה Debugging, ואחרי זה הוא נעלםבמקרה הטוב הוא נעלם, ולא משאיר אחריו שום Stateוכל הידע שצברת משם הוא כבר לא שם, זאת אומרת - אני לא אומר שלא צריך Debugging בכלל, אבל מבחינתי, מי שפותח Debugger אז זה קצת “מוצא אחרון”', זה אומר שאולי היה חסר לו משהו לפני זהאו שלפעמים, באמת, יש דברים שאי אפשר בלי - אבל זו גישה קצת אחרת.(לירן) אני ממש בעד Observability ואני אוהב Observability, כש-Observability זה בערך אחד הדברים הכי חשוביםשווה להשקיע את הזמן בלבנות Observability מצויין למוצר - על אחת כמה וכמה ב-Productionזה סופר חשוב שהמפתחים שבנו את הקוד יקחו אחריות על זה - שהם יודעים מה קורה איתו, שהוא מדלוור (Delivers) ערך ללקוחות קצה - והדרך היחידה לעשות את זה זה עם לוגים ומטריקות ועם Observability.הבעיה עם זה היא ש-Observability זה הרבה משחק של ניסוי וטעיה - אתה לא תמיד יודע בהתחלה איזה לוג הכי חשוב . . .כמות הפעמים שראיתי בקריירה שלי מפתח שם Log - ובא ואומר “זה סופר-סופר חשוב!” - רק שזה קורה 10,000 פעם בשנייה ומפיל את המערכת, או לפחות מקפיץ את החשבון של ה-Elastic . . .(רן) זו מערכת מאוד חשובה, כנראה, אם היא קוראת 10,000 פעמים בשנייה . . . (יונתן) . . . או שאולי אתה מגלה פתאום שזה לא היה כזה חשוב כמו שחשבת . . .(לירן) או שאתה מגלה שאיזושהי מטריקה . . . אתה רוצה לשלוח איזושהי מטריקה ואתה מגלה ששלחת אותה בשעות במקום בשניות, ועכשיו המערכת Input לא מצליחה לקלוט אותה . . . בסוף, אני חושב שאת ה-Observability הכי טוב הכנסנו כתוצאה מתקלות - ב-Rookout, משהו לא עבד, תחקרנו ותחקרנו והבנו למה זה לא עובד - וגם הבנו איך לשפר את ה-Observability שלנו כדי שבפעם הבאה זה לא יקרה, או כך שנדע על זה יותר מהר ויותר בקלות.זה פשוט תהליך איטרטיבי (Iterative) . . .(רן) את זה כנראה אפשר להגיד על כל דבר בחיים - את הדברים הכי טובים אתה עושה רק אחרי שטעית [ד”ש לדאגלס], אבל כן - אני לגמרי מזדהה עם התופעה הזאת.(לירן) ובהקשר הזה - הטענה שלי כלפי הכלי Observability הקיימים זה פשוט האיטיות . . . המסורבלות . . .כשאני כבר יודע מה אני רוצה, אני אעשה לזה את ה-Commit, אני אעשה לזה את ה-Deployment, והכל יהיה בסדר, בטח למי שיש CI/CD איכותיזה יקח את השעה-שעתייםהבעיה שזה תהליך של ניסוי וטעיה, שלעפמים לוקח לי עשרה או אפילו עשרים ניסיונות לדעת מהי המטריקה שאני צריך לדעת, מה ה-Log שאני צריךואת זה - זה מה שאנחנו ב-Rookout מאמינים - שהרבה יותר כיף וקל ומועיל לעשות את זה באיטרציות זריזותלהצביע על שורה -לקבל ממנה Log; להצביע על שורה - לקבל ממנה מטריקהלראות שזה באמת מה שאתה רוצה, לראות שזה באמת מה שרצית לראותואז בעצם לקבע את זה בכלים כאלה ואחרים כך שזה יגיע באופן קבוע, וישמר את הידע הזה לאורך זמן.(יונתן) אז זה בעיקר כלים כדי להבין מה קורה במערכת או שזה גם כדי לשנות התנהגות - לשנות לוגים או לשנות If-ים? . . .(לירן) הפרספקטיבה שלנו ב-Rookout, מה שאנחנו עושים, זה שאנחנו רוצים להפוך את העולם הזה, של Observability, לדינאמי - שתוכל, כמפתח, לבוא ולהצביע על כל שורה בקוד שלך ולהגיד “אני רוצה לדעת מה קורה פה, אני רוצה לדעת איך הגעתי לפה”גם ברמה ה-Stack trace וגם ברמת Tracing - איפה הבקשה הזאת עברה קודם? מהם הערכים של המשתנים שלי? וגם לנצל את הדברים האלה בצורה קצת יותר חכמה - “תייצר לי פה מטריקה חדשה”, “תייצר לי פה Log חדש”וכשאנחנו גם מבינים שיש פה כל מיני תוספות ומורכבויות נוספות על Productionלמשל: “אני רוצה לראות מה קורה כשמגיעים לשורה הזאת בקוד” - אבל עבור לקוח ספציפי.או - “תראה לי איך הקוד שלי מטפל כשהלקוח הזה שולח לי פה בקשה”“תראה לי איך הקוד שלי מטפל, כשקיבלתי מה -S3 איזושהי הודעת שגיאה”.(רן) נגיד Conditional Breakpoints . . . משתנה ש”כאשר הערך שלו מגיע ל-X אז תעצור”(לירן) כן - הטכנולוגיה שאנחנו אוהבים לקרוא לה “Non-breaking breakpoints”, שזה אומר שנותנים לך בעיה שהיא דומה ל-Breakpoint, מראים לך את מה שה-Breakpoint היה מראה - אבל לא עוצרים לך את הקוד בעצם.(יונתן) עכשיו יותר ויותר שרתים - לפחות כאלה שצריכים להתמודד עם Scale גדול - הם א-סינכרוניים, זאת אומרת שדברים לא בהכרח קורים בסדר שלהם, ה-Stack trace יכול להיראות כמו גיהינום.איך אתם מתמודדים עם זה?[דיברת על אינטל - אז Out-of-Order Execution](לירן) אז אנחנו מתמודדים עם זה בכמה דרכים - הכי משמעותי זה בגדול לעקוב אחרי Request-יםאנחנו מאפשרים לעקוב אחרי ה-Distributed Tracing Information, שאת חלקו אנחנו יודעים לייצר לעצמנו ואת חלקו אפשר בעצם לקבל מכלי APM שונים שאתם משתמשים בהם, אפילו כלי Open Source כמו OpenTracing או OpenTelemetry או OpenCensus וכל המלחמה שהם עושים על התקינה . . .(רן) כי זה הכל אותו הדבר, לא? . . . (לירן) בערך . . . כמו כל תקן טוב.באמת צריך לחשוב, ככה - גם לראות את ה-Stack Trace הקלאסי, של “מאיפה הקוד שלך הגיע?”, אבל גם לראות את ה-Stack Trace הלוגי של ה-Span-ים ושל ה-Trace-ים, של “מאיפה הבקשה הזאת הגיעה?”, “איך היא נכנסה למערכת?” ו”איפה היא בשלב הזה, כרגע?”(רן) אתגר נוסף, שאני בטוח ש . . . - אני בטוח שאפשר להמשיך לדבר על Observability, אבל בוא נמשיך - אז אתגר נוסף שאני יכול לחשוב עליו זה אם מישהו, ונחזור ל-Scenario שהיה לך Web Server אחד ו-Database, והיית משחרר אליו גרסא, אז אתה יודע: היית משחרר גרסא 5 ואחר כך גרסא 6 ואחר כך גרסא 7 . . . אולי 7.1, אולי 7.2 - אבל אוקיי, אתה יודע וכבר די ברור לך מה קורה שם.היום ב-Production, ודרך אגב - זה אולי לא ייחודי ל-Cloud אבל זה ניהיה יותר קל ב-Cloud Native - יש לך הרבה מאוד Services, הרבה מאוד רכיבים אחרים, ולכל אחד יש גרסא אחרת לחלוטין.אני מנחש שב-Outbrain משחררים הרבה מאוד גרסאות ביום . . . (יונתן) נכון - וגם לא כל הזמן לאותו ה-Service יש את אותה הגרסא ב-Production: לפעמים מריצים A/B Testing, אם אתה מריץ כמה Flavour-ים . . .(רן) נכון . . . אז בכל זמן נתון, נגיד לכל Service יש גרסא אחת או שתיים ב-Production - ובנוסף, יש כמה מאות של Services שונים - ובנוסף, יש רכיבים שהם לא שלך, שגם לפעמים מקבלים Update או כל מיני דברים כאלה, מוזרים . . . וקשה מאוד לקבל תמונה קוהרנטית של “רגע, אז מה יש עכשיו ב-Production? איזה קוד נפרש עליו?” . . .(לירן) קשה להחריד . . . למעשה, לפני איזה שנתיים-שלוש, כשהיו לנו אתגרים ראשונים - היה מוצר, התחלנו אצל לקוחות, היו לנו את הפידבקים שלהם - והיינו בשוק מכמה לקוחות מתקשים להבין מה לעזאזל רץ להם ב-Production . . . זאת אומרת - הם בוחרים שרת, מתחילים לשים עליו Breakpoint-ים - וה-Breakpoint-ים לא קופצים להם . . . אז אנחנו אומרים להם: “חבר'ה - זו לא הגרסת קוד שרצה לכם ב-Production”, והם עונים: “זה כן” . . .ואחרי שעתיים של Support אומרים: “חבר'ה, זה לא הקוד שרץ לכם ב-Production, ה-Breakpoint-ים לא קופצים כי אתם מסתכלים על גרסא חדשה, והגרסא ב-Production היא מלפני שבוע” - או הפוך . . .ואחד הדברים הכי משמעותיים שראינו במוצר זה הצורך להביא עבור הלקוחות את הקוד - לא לסמוך על המפתח שנמצא בקצה שיתחיל להבין איזה קוד נמצא עכשיו איפה, אלא שברגע שהוא בוחר שרת או Service או Deployment ב-Kubernetes או Whatever - להראות לו “תקשיב - זה מה שרץ שם כרגע”.יש סיכוי טוב שכבר בזה הוא מצא את ה-Bug, כי בעצם זו בכלל לא הגרסא שהוא חשב . . . ואם לא - אז ברגע שהוא מתחיל לדבג, הוא לפחות רואה בעיניים בעיניים באמת איך הקוד שנמצא שם מתנהג, ולא איך הקוד שהוא חושב שנמצא שם מתנהג . . .(רן) אז איך זה עובד ברמה הטכנית? זאת אומרת - יש את הסיפור המפורסם, אני מניח שהרבה מכירים, על חברת Algo-Trading, שבטעות השאירו איזשהו שרת ב-Data center שלהם עם הגרסא הלא נכונה, וככה הפסידו את המכנסיים והתחתונים שלהם, ופשטו רגל . . .(לירן) 400 מליון דולר . . . (רן) כן . . . אז אני לא זוכר את שם החברה [Knight, הזכרנו בפרק הקודם], אבל בטוח שנמצא את זה ברפרנס [טו-שה . . .] - אז איך זה עובד ברמה הטכנית? זאת אומרת - מה, לכל גרסא יש איזושהי חתימה, ואתה מוצא את החתימה שלה וככה אתה מוצא את ה-Code base?(לירן) אז האמת שפשוט בנינו סט של Best Practices, שאפשר גם למצוא בבלוג שלנו הרבה מהם, על איך לתייג גרסאות - אם זה ברמת ה-CI, לדחוף את ה-Git-Commitבין אם זה של כל מיני קונפיגוקציות של Maven ו-Gradle ו-MSBuild - על איך לקנפג את זה כך שזה ישים בארטיפקטים (Atrifacts) את ה-Hash-ים.בין אם זה ברמת Containers - אנחנו פשוט מצאנו כמה קבצים ב - .git המסתורי הזה שנמצא לכם בכל מקום - רק קחו את השלושה-ארבעה קבצים האלה, זרקו אותם פנימה - ותוכלו לדעת בדיעבד איך ה-Container.חשוב גם להגיד שכחברה אנחנו, כמדיניות, לא נוגעים בקוד-מקור של הלקוחות - אנחנו לא מעבירים source-code ,לא מזיזים Source-code - ולכן זה מאוד חשוב לנו למצוא דרכים שהלקוחות יוכלו לעשות את זה בעצמם, בלי שבעצם הדאטה הזה יעבור דרכנו.(רן) הבנתי . . . (יונתן) תגיד - בעצם, החברה שלך מוכרת מוצרים למהנדסים? אתה CTO, אתה מנהל את המהנדסים האלה . . . מה הם אומרים על המוצר שלכם?(לירן) מה המהנדסים שלנו אומרים? . . .(יונתן) כמשתמשים . . .(לירן) אני חושב שזה אחד הדברים הכי כיפיים, גם כמי שכנראה שמגייס עובדים ומנהל עובדים, אבל גם באופן כללי - לפתח מוצר שאתה מבין מה הוא עושה, שאתה מכיר את ה-User-ים, שאתה רואה את ההנאה שלהם בעיניים - זה מאוד מספק.כשהחבר'ה באים ונפגשים עם לקוחות, ורואים את המפתחים אצל הלקוחות שלנו יושבים באמצע הלילה ומדבגים באגים, ושוברים על זה את הראש - ואז הם רואים איך Rookout עוזר להם - וזה ממש ממש מאיר להם את העיניים.(יונתן) אין כמו לראות אחרים מדבגים באמצע הלילה . . .(לירן) רק בסופ”ש שעבר, לקוח התקשר אלינו, שבאותו לילה הם התעוררו בשתיים בלילה לדבג איזה משהו, הייתה תקלה בProdcution - והם פתרו אותה איתנו ב-15 דקותאז אם כבר העירו אותך בשתיים בלילה כי המערכת נשברה וצריך לטפל בזה - לפחות שזה יקח 15 דקות ולא תישאר ער עד הבוקר . . .(רן) ברור . . . מזל שלא משלמים לכם לפי שעות . . . .בסדר - אז יש אתגרים, אני בטוח שיש עוד, אבל אנחנו מתקרבים לקראת סיום.אז קודם כל - אני בטוח שכל מי שפיתח בסביבה שהיא Cloud-Native מזדהה, לפחות עם חלקם.חלקם פתורים בתעשייה, במידה מסויימת, וחלקם לא - אני בטוח שככל שנפתור, ככה יווצרו עוד בעיות . . . תיהיה לנו עוד עבודה.אבל זה מעניין מאוד, ואתגרים סופר-רלוונטיים למפתחים.לפני השיחה שלנו, לפני שהתחלנו להקליט, סיפרת לנו שהתחלת פודקאסט [!](לירן) כן - אז האמת שבשבוע שעבר הקלטנו את שני הפרקים הראשונים של הפודקאסט שלנו - זה הולך להיות ה-Production-first Mindset, זה השם שלו.אני מאמין שככה - בעוד שבוע-שבועיים תתחילו לראות פרקים של זה ב-Spotify וב-Apple ובכל המקומות האחרים שאתם אוהבים לראות ולקלוט פודקאסטים.אז אתם מוזמנים גם להקשיב לנו.(רן) מעולה - רעיון טוב. והוא יהיה באנגלית?(לירן) הוא יהיה באנגלית - אנחנו מראיינים גם הרבה חבר'ה מהארץ, כל מיני יזמים כמו רון רייטר ואופיר ארליךוגם כל מיני טכנולוגים מחו”ל כמו Steve Chin - חבר'ה מאוד רציניים שיספרו גם מהפרספקטיבה שלהם על האתגרים של ה-Cloud Native ובאופן כללי על האתגרים של להביא קוד ל-Production ומה שזה אומר.(רן) מעולה - אז לירן, תודה רבה! היה מרתק, היה כיף, תודה שבאת. האזנה נעימה ותודה רבה לעופר פורר על התמלול!

mindset service state challenges design benefits data gardens open event startups code shift web services networking production software cloud scale isolation basic remote knight commit lift cto ram best practices messy capacity hook user tunnel package api laptops storage provider stack open source refresh input scope java server databases github bug dev tracing log container cluster kafka deployment tilt cpu containers data centers s3 ides ide component kubernetes backend frontend flavour lambda elastic abstraction purely ci cd serverless microservices breakpoint apm debugging cloud native latency observability l'iran iterative spotify apple ec2 tunneling unit testing outbrain encapsulation telepresence vnc codebase cloud provider carburetor breakpoints jboss load balancer containerized websphere

CHECKOUT Basil Karam from Life Interiors | #096

Play Episode Listen Later Jul 8, 2021 5:36

In this episode of Add To Cart, we checkout Basil Karam from Life Interiors. The online homewares store had a massive 2020 and are on track for an even bigger 2021 off the back of a re-platforming over to Shopify Plus, a smart omni-channel set up and investment in technologies including augmented reality and artificial intelligence. Links from the episode:Made.comPrincipals by Ray DalioGoogle MeetFrom Replicas to a Unique Experience: The Life Interiors Story | #072Questions answered in the podcast:What is the weirdest thing you've ever bought online? Who is your favourite retailer? Which retail fad do you wish was history?Can you recommend a book or podcast that our listeners should immediately get into? Finish this sentence. The future of retail is… About your co-host: Basil Karam from Life InteriorsBasil is an entrepreneur with a track record of starting, growing and scaling high-growth technology enabled businesses. With more than 20 years experience delivering complex technology solutions in the cloud his expertise branches the fields of retail, technology and digital marketing. Basil is CEO of Life Interiors, a leading design-focused, technology-led vertically integrated furniture and homewares retailer on a mission to offer great design at an attainable price across several channels including retail, e-commerce and some of Australia's largest furniture and homewares marketplaces including Temple and Webster, Zanui. Prior to Life Interiors, Basil worked at IBM implementing WebSphere e-business solutions across Telstra before moving to pureprofile a venture backed start-up to be part of the founding technical team and eventually heading up innovation in the CTO / CIO roles. Pureprofile launched its revolutionary SaaS platform internationally from Australia into the United Kingdom and the US and eventually listed on the ASX.You can contact Basil at LinkedInAbout your host: Nathan Bush from 12HIGHNathan Bush is the founder and lead strategist at eCommerce consultancy, 12HIGH. He has led eCommerce for businesses with revenue $100m+ and has been recognised as one of Australia's Top 50 People in eCommerce four years in a row. You can contact Nathan on LinkedIn, Twitter or via email.Please contact us if you: Want to come on board as an Add To Cart sponsor Are interested in joining Add To Cart as a co-host Have any feedback or suggestions on how to make Add To Cart betterEmail hello@addtocart.com.au We look forward to hearing from you! See acast.com/privacy for privacy and opt-out information.

ceo australia united kingdom temple finish ecommerce ibm saas checkout cio webster basil interiors telstra asx karam shopify plus add to cart websphere nathan bush add to cart betteremail

CHECKOUT Basil Karam from Life Interiors | #096

Play Episode Listen Later Jul 8, 2021 5:36

ceo australia united kingdom temple finish ecommerce ibm saas checkout cio webster basil interiors telstra asx karam shopify plus add to cart websphere nathan bush add to cart betteremail

EDI, Java Batch, MicroProfile, JSON-API and OpenAPI

Play Episode Listen Later Jul 3, 2021 49:47

An airhacks.fm conversation with Michael Edgar (@xlateio) about: custom Pentium 100, a telnet based, MUD game, Vallhalla MUD, BBS was used to connect to the network, enjoying Apple 2 at school, enjoying Sonic Sega games, learning C-structures at collage, learning 68000 assembly, from Assembly to Visual Basic and Java, starting at an insurance company and learning EDI, X12 and EDIFACT in EDI universe, the fascination with EDI, the beginners mind and Java Connector Architectures, the EDI "hello, world", starting to understand COBOL, back to Java with WSAD and IBM WebSphere, using JDBC, Servlets and Java Server Pages (JSP), using Java Batch processing (jbatch), using Java Batch DSL features, from WebSphere to Wildfly, misusing WildFly as Tomcat, from WildFly to MicroProfile using smallrye, JWT and OpenAPI committer, reusing Java Bean Validation as openAPI metadata, using jandex index for annotation scanning, smallrye OpenAPI already uses Bean Validation annotations, JSON API is used by Ember, JSON API is similar to odata, JSON-API is generated from JAX-RS, JPA and Bean Validation, JSON-API is used by EmberJs, xlate, RedHat OpenShift Streams for Apache Kafka Michael Edgar on twitter: @xlateio

apple assembly java batch mud bbs cobol tomcat jwt visual basic pentium open api jpa json api emberjs jdbc websphere x12

From Replicas to a Unique Experience: The Life Interiors Story | #072

Play Episode Listen Later Apr 18, 2021 45:30

In this episode of Add To Cart, we are joined by Basil Karam, CEO and co-founder of online homewares store, Life Interiors. As with many in the homewares category, Life Interiors had a massive 2020 and are on track for an even bigger 2021 off the back of a replatforming over to Shopify Plus, a smart omnichannel set up and investment in technologies including augmented reality and artificial intelligence. In this chat, we hear the Life Interiors story, including how they started on eBay and as a replica furniture company - a far cry from today where they are now one of Australia’s leading furniture designers and retailers. The next frontier? A BHAG of doing $100m online! Basil is at heart a technologist and it is fascinating to get his view on how to build an online business that can scale but still be unique. Links from the episode:Life InteriorsBusiness CatalystMagentoShopify PlusSearchspringProntoNetsuiteAWS PersonalizeAugmented Reality at Life InteriorsBrosaKoalaPareto PrincipalSignet’s Honeycomb Mailers (sponsored)Shopify & Rollie Nation (sponsored)Questions answered:What have been the most significant challenges of re-platforming for Life Interiors?What’s the relationship between online and offline for Life Interiors and how do you measure attribution for each?How and why did Life Interiors migrate from selling replica furniture to creating your own designs?This episode was brought to you by… SignetLike bees to the honeycomb, retailers are loving Signets new sustainable alternatives to traditional eCommerce packaging. They have recently introduced honeycomb mailers into their eco-friendly range. Made from Kraft paper the 100% recyclable padded mailers offer the same protection as plastic bubble mailers without costing the earth. Signet has over 5,500 packaging solutions to help leading eCommerce businesses step up their packaging game. Visit signet.net.au to find out more.Shopify PlusAustralian brand Rollie Nation makes footwear that is lightweight and one of the favourites of suitcase stuffers around the globe, so when Rollie Nation wanted to put a greater focus on direct to consumer, they migrated to Shopify Plus, with integrations into Gorgeous for customer service, , Smile for loyalty, Klaviyo for direct marketing and Okendo for customer reviews, Rollie Nation were able to deliver a site that was as lightweight as their shoes. They immediately achieved a 62% improvement in page speed, which contributed to a 3.5% increase in conversion. As Limp Bizkit would say they’re now rollin’ rollin’ rollin’. To read more of Rollie Nation’s story and see other case studies visit the customers sections on shopify.com.au/plus.About your host: Nathan Bush from 12HIGHNathan Bush is the founder and lead strategist at eCommerce consultancy, 12HIGH. He has led eCommerce for businesses with revenue $100m+ and has been recognised as one of Australia’s Top 50 People in eCommerce four years in a row. You can contact Nathan on LinkedIn, Twitter or via email.About your co-host: Basil Karam from Life InteriorsBasil is an entrepreneur with a track record of starting, growing and scaling high-growth technology enabled businesses. With more than 20 years experience delivering complex technology solutions in the cloud his expertise branches the fields of retail, technology and digital marketing. Basil is CEO of Life Interiors, a leading design-focused, technology-led vertically integrated furniture and homewares retailer on a mission to offer great design at an attainable price across several channels including retail, e-commerce and some of Australia's largest furniture and homewares marketplaces including Temple and Webster, Zanui. Prior to Life Interiors, Basil worked at IBM implementing WebSphere e-business solutions across Telstra before moving to pureprofile a venture backed start-up to be part of the founding technical team and eventually heading up innovation in the CTO / CIO roles. Pureprofile launched its revolutionary SaaS platform internationally from Australia into the United Kingdom and the US and eventually listed on the ASX.You can contact Basil at LinkedInPlease contact us if you: Want to come on board as an Add To Cart sponsor Are interested in joining Add To Cart as a co-host Have any feedback or suggestions on how to make Add To Cart betterEmail hello@addtocart.com.au We look forward to hearing from you! See acast.com/privacy for privacy and opt-out information.

From Replicas to a Unique Experience: The Life Interiors Story | #072

Play Episode Listen Later Apr 18, 2021 45:30

ceo australia united kingdom temple unique smile ecommerce kraft ebay ibm saas shopify cio webster basil gorgeous interiors replicas telstra asx klaviyo bhag signet shopify plus add to cart okendo websphere nathan bush add to cart betteremail

Episode #95: Going Serverless with IBM Cloud Code Engine with Jason McGee

Serverless Chats

Play Episode Listen Later Apr 5, 2021 39:26

About Jason McGeeJason McGee, IBM Fellow, is VP and CTO at IBM Cloud Platform. Jason is currently responsible for technical strategy and architecture for all of IBM’s Cloud Platform, across public, dedicated, and local delivery models. Previously Jason has served as CTO of Cloud Foundation Services, Chief Architect of PureApplication System, WebSphere Extended Deployment, WebSphere sMash, and WebSphere Application Server on distributed platforms. Twitter: @jrmcgee LinkedIn: https://www.linkedin.com/in/jrmcgee/ IBM Cloud Code Engine: Learn more during this live virtual event on April 14th (also available on-demand after April 14th) Read more: https://www.ibm.com/cloud/code-engine Get started today: https://cloud.ibm.com/docs/codeengine?topic=codeengine-getting-started Watch this episode on YouTube: https://youtu.be/yH_mgW2kGzUThis episode sponsored by IBM Cloud.Transcript:Jeremy: Hi, everyone. I'm Jeremy Daly and this is Serverless Chats. Today I'm joined by Jason McGee. Hey Jason, thanks for joining me.Jason: Thanks for having me.Jeremy: So you are an IBM fellow and the VP and CTO of the IBM Cloud platform. So I'd love it if you could tell our guests a little bit about yourself and what it is that you do at IBM.Jason: Sure. I spend my day at IBM worried about developers and platform services on our public cloud. So I'm responsible for both the technical strategy and the delivery of our Kubernetes and OpenShift platforms, our serverless environments, and kind of all the things that surround that space, logging, and monitoring and other developer tools that kind of make up the developer platform for IBM Cloud.Jeremy: And what about yourself? What's your background?Jason: Been a software, kind of middleware guy, my whole life. I used to be the chief architect for WebSphere app server. So I spent the last 20 plus years working on enterprise application platforms and helping companies be able to build mission-critical business systems.Jeremy: Awesome. So I had Michael Behrendt on the show not too long ago and it was great. We talked about a whole bunch of different things. IBM's point of view of serverless. We talked a little bit about the future of serverless and we talked about the IBM Cloud Code Engine, which I want to get into, but for the benefit of our listeners and just because I'm so fascinated by some of the things that IBM is doing now with serverless, it's just super interesting. So could you sort of give me your point of view or IBM's point of view on serverless and just sort of refresh the listener's memory sort of about how IBM is thinking about serverless and how they're probably thinking about it maybe differently than some of the other cloud providers?Jason: Yeah, sure. I mean, it's such a fascinating space and it's really changed a lot, I think, over the last five years or so from its kind of maybe beginnings in being very aligned with serverless functions and kind of event-driven computing and becoming a more general concept about how developers especially can consume cloud platforms. I think if you look at the IBM perspective on serverless, there's a couple layers to the problem that we think about. First is we've been pretty clear that we think Kubernetes and distributions of Kubernetes like OpenShift are kind of the key foundation compute environment for developers to use going forward. And we've done a ton of work in kind of building out our Kubernetes and OpenShift platforms and delivering them as a service on our public cloud. And that's an incredibly flexible platform that you can really build any kind of application. I think over the last five years, we've proven we can run anything on Kubernetes databases and AI and stateless apps and whatever you want.Jeremy: Right.Jason: So very, very flexible. However, sometimes flexible also means complicated and it means that there's lots to manage and there's lots of concepts to get your head around. And so we've been thinking a lot about, well, how do you actually consume a platform like Kubernetes more easily? How does the developer stay more focused on what they're really trying to do, which is like build application logic, solve problems? Now they don't really want to stand up coop clusters and configure security policies. They just want to write code and run code and they want to get the power of cloud to do that. Right? And so I think serverless has kind of morphed to be, for us, more about the experience that we can build on top of that container platform that's more oriented around how developers get work done and allows them to kind of more easily take advantage of the scale and power of public clouds without having to kind of take on the burden of a lot of that kind of work and management.And so the work that we've been doing is really aligned in that direction, that we've been working in projects like Knative, in the open source community to build simpler abstractions on top of Kubernetes. And we've been starting to deliver those in our cloud through things like Code Engine.Jeremy: Yeah. And I think that's interesting too because I always have, this is probably the wrong way to say it, but it's sort of a chip on my shoulder about Kubernetes because it just got so complicated. Right? It's just so many things that you have to do, so hard to manage. And as a serverless guy myself, I love just the simplicity of being able to write some code and just get it out there, have it auto scale, tie into all those events. So I think that a lot of cloud providers have sort of moved that way to say like, "Well, we're going to manage your Kubernetes cluster for you." Right? Which essentially is just, I think moving backwards, but also moving forwards at the same time, if that makes sense. But so in terms of the use cases that this opens up because now you're not necessarily limited to a sort of bespoke implementation of some serverless platform, you have a lot more capabilities. So what types of use cases does this open up?Jason: Yeah. I mean, I may have a couple of comments on that. I mean, so I think with Kubernetes, you have the complexity of managing the Kubernetes environment, but even if that's totally taken care of for you, and even if you're using a managed Kubernetes service like the things we offer on IBM Cloud, you still have that kind of resource burden of using Kubernetes. You have services and pods and replica sets and namespaces and all kinds of concepts that you have to kind of wrap your head around and know how to use in the right way. And so there's a value in like, "Can we abstract that? Can we move away from that?" And it's not like this idea hasn't been tried before. I mean, we've had paths platforms, like kind of Cloud Foundry style, Heroku, very opinionated paths environments in the past and they definitely simplify the user experience. However, they came with this negative, which is if you don't fit within the box of the opinion ...Jeremy: Right.Jason: ... then you can't do what you want to do. And the cost of going outside the box was super high. Maybe you had to completely switched platforms. You were completely blocked. You to switch to some other approach. And so part of what's informing us and as we think about this is how do you have more of a continuum? You have a simple model. It's aligned around what you're doing. Just run my source code, just run my container image. I want to run a batch job, but it's all running on one platform. They're running next to each other. You can drop down a layer into Kubernetes if you want to. If what you're trying to accomplish needs some of that flexibility, you should have access to it without having to kind of start over. And so that's kind of how we've approached the problem a little bit differently is bringing this all together into kind of one unified serverless environment on top of Kubernetes.And that lets us handle different use cases. That lets those handle kind of stateless, data processing and functions. That lets us handle simple web apps. That lets us handle very data-intensive, high-scale computation and data processing, async processing like batch all in one combined way.Jeremy: Right. Yeah. And I think it's interesting because there are artificial limitations may be put in place sometimes on serverless platforms. If you think about AWS Lambda, for example, you get 15 minutes of compute and they bumped things up. So now, and again, I've just sort of grew up in the AWS environment, but they have things like 10 gigs for a function or something like that. And so they've increased these things, but they are sort of artificial limits that I think, depending on the type of workload that you're doing, they can really get in your way, especially if, like you said, you're doing these data-intensive things. So from an IBM perspective, I mean that's sort of gone, right?Jason: Right. Exactly. That's a great, very concrete way to look at the problem. The approaches that have been taken in some of the other cloud environments is these different use cases like serverless functions, single containers, batch processing, they're different services. And every service has its own kind of limitations or rules about what you can and cannot do. How long your thing can execute, how big your code can be, how much data you can transfer. We've taken a different approach to say, "Let's eliminate all those limits and let's have one logical service, one environment that supports all those styles." We can still expose a simplified kind of consumption model for the developer like just give me your source code or just give me your image, but I can run it in a way that doesn't have those computational limits, and therefore I can do more. Right? I can run more kinds of workloads. I don't run up against some of those walls that kind of stopped me from getting my work done.Jeremy: Right. Right. Yeah. And I like that approach too because I'm a big fan of managed services. I think that if you have a service that does image recognition for you, that's great. And do you have a service that does queuing for you? That's great. But in some cases, you start stringing together so many different services and I feel like you lose a lot of that control. So I like that idea of just basically being able to say, "Look, I've got the compute. I can do whatever I need to do with it. It will scale to whatever I needed to scale to." And I think that's where this idea of IBM Cloud Code Engine comes in, which just became GA so I'd love it if you could tell the listeners exactly what that is.Jason: Yeah, absolutely. So, so Code Engine is the new service that we launched that makes some of these concepts I've been talking about real. It is a service that allows developers to deploy functions, containers, source code, batch jobs, into IBM Cloud. The entire environment behind that application is managed for you. So we handle you don't manage clusters, you don't provision infrastructure. You can scale all the way to zero. So you can literally only pay for what you're using. You can scale up to thousands of cores that are in parallel processing your application and we manage that entire runtime environment for you. So you can think of it as a multi-tenant shared Kubernetes-based runtime environment that you can run your workloads on that presents to you the personality that you need for different workloads. And because it's all in one service, if you have an application that's like a mix of some single containers and batch jobs, they can actually talk to each other, they can talk to each other over a private network connection. They can work together instead of being kind of siloed in these completely different environments.Jeremy: Right? Yeah. And so from the developer, I guess, perspective, you had mentioned that you can deploy just code or you could deploy a container if you want to. So what does that developer experience look like? So is this something where I could just say, "Look, I don't need to have a whole ops team now managing this for me. If I just want to write code, deploy it into these things, I'm sure there's some things I need to know," but for the most part, what does that developer experience look like?Jason: Yeah. So you absolutely could do it without a whole ops team. The experience right now, there's like maybe kind of three basic entry points. You can give me source code and we will take care of compiling that source code, combining with a runtime, executing it for you, giving it a web end point, scaling it. You can give me some hints about kind of how much resource you think you need and things like that and we can scale that up and down and manage it for you, including all the way down to zero. That's nice if you're coming from maybe a historical paths background or it's just like, "Here's my code, run it for me." You can have that experience with Code Engine. You could also start with a container image. So lots of developers now, because of things like Kubernetes and Docker, are very familiar and comfortable with packaging up their application as a container image, but you don't want to then deal with creating a cluster and dealing with Kubes.So you can just say like, "Here's my image, run it for me." And one of the advantages we have with Code Engine is we can really do that with any container image. You don't have to have a container image that follows some particular framework that's built in a very special way. We can take any container image and you can just literally point me at the image and say, "Run this for me," and Code Engine will execute it and scale it and manage it for you. Or you can start with a batch job interface. So like a more of an async kind of parallel job submission model. So maybe I'm doing Monte Carlo simulations or data processing and I want to parallelize that across a whole bunch of machines and cores, Code Engine gives you an interface for that. So as a developer, you kind of start with one of those three entry points and let Code Engine take care of how to run that and scale it and keep it highly available and things like that.Jeremy: Right. So I love the idea of the batch jobs. I want to talk about that a little bit more, but let's go back to some of the use cases here. So what if I was building just like a REST API, that seems to be a very popular, serverless use case, what would I do for that? Do I need to have some sort of an API type gateway type thing in front of it? Or how does that work?Jason: No, Code Engine provides all that for you. So you would literally either just take your implementation and package it in a container or point us at your source code directory. If you have source code, we use things like Paketo Buildpacks to build a runtime around that source code. And so you can use different languages. So you can either point us, with our CLI tool, you point us at the source code directory and we'll build it and package it in a runtime and run it for you. Or you point us out a container image that you've uploaded to our container registry or to your container registry of choice and then Code Engine will execute that for you. It will give you that web end point, right? So it'll give you a HTTP end point that you can use to access that service. And it will watch the demand on that system and scale it up and down as needed. And by default, we'll just scale it to zero. So it'll just be kind of registered in the system and it'll take care of scaling it up as needed to handle the demand on the app.Jeremy: All right. Cool. And then what about these batch jobs? So I talked a little bit about this with Michael and this idea of being able to run massively parallel execution. So how does that all work?Jason: Yeah. So similar, obviously with batch, there's a little bit more kind of metadata that you have to provide to describe the job and what you want to execute and how things relate to each other. So there's some input data you provide along with the implementation of the batch job, which itself could just be like a container image and you submit that job. So the CLI interface is a little bit different. You're not standing up a long-running REST end point, you're submitting a job to Code Engine for execution, and it will go take that job and execute it and parallelize it for you. You can also use Frameworks on top. One of the things we've been doing a lot of work on, maybe Michael talked about it a little bit when he was here, is some work we're doing around Ray. Ray is a really interesting new project that lets you do kind of distributed computing, especially around data workloads in a really easy way.And so you can actually stand up Ray on top of Code Engine and so Ray acts as kind of the application interface for the developer to be able to easily parallelize their code, particularly Python code, and then Code Engine acts as the runtime below it. And you can take a simple function in Python, mark it as Ray remote and it'll now execute on the cloud and distribute itself across a thousand cores. And you get your answer back 20 times faster than you would have running it locally. And so you can have those kinds of async environments as well.Jeremy: Awesome. And so what about some customers? So do you have customers that are having success with this now?Jason: Yeah, we have a number. I mean, we have the European Microbiology Laboratory, which is using it to do science processing and provide access for scientists to the large-scale compute environments of the cloud. We have some airlines that are leveraging this. The airline scenarios, I think, the scenario is actually kind of interesting because it shows the power of combining REST end points, more interactive workloads with batch workloads. In their case, they're exploring using it to do dynamic pricing. So if you think about how you do dynamic pricing, there's kind of two dimensions. It's like, there's a very interactive, somebody is getting a price on a ticket or a route, and you want to be able to present them with dynamic price information as part of that web interaction. But then there's like a data processing angle.You're looking at all kinds of data coming from your backend systems from route data, from the fleet and historical information. And you're trying to decide what the right price table is for that route. And so you're doing batch processing in the background, and then you're doing this interactive processing. You can implement both halves on serverless with Code Engine and they scale as needed. If you're getting a lot of traffic on the web front end, it scales up as needed without you having to do anything. So they can kind of combine both halves in one environment.Jeremy: Right. Right. And so in terms of, I think we kind of talked about this a little bit, but when you see all these different services, right, and no matter what it is, whether it's Google's Kubernetes engine that they run or it's EKS on AWS or something like that, I think a lot of people look at these and like, "Oh, it's just another managed Kubernetes cluster." Right? So what are the major differences? I know we talked about it a little bit, but maybe you could just be a little bit more succinct and sort of talk about why is it so different than other sort of previous generations of tools or some of the other competing products out there.Jason: Yeah. So if you look kind of behind the curtain on Code Engine, you'd see a couple of things. One is there is Kubernetes there, there is a Kubernetes environment there. The differences that Kubernetes environment is completely managed by the Code Engine service. So we're not, if you look at, in IBM Cloud, we have the IBM Cloud Kubernetes service and our Red Hat OpenShift service. So in those services, we're managing a cluster on your behalf, but we give you the cluster. It's like, "Here's your Kube cluster. We'll manage its life cycle, but you have direct access to it." With Code Engine, we have Kube cluster there, we completely manage it in all respects. You have no kind of direct access to it. That allows us to manage scale and capacity. We run that in a multi-tenant way. I mean, we have security and isolation between tenants, but logically you can think of it as like a big Kube cluster that lots of users are sharing, which is how the pay as you go model ultimately works because we're keeping track of what you're actually running and just charging you for that.So one part of it is fully managing that runtime environment. We've layered on top of that things like Knative so that we have that developer abstraction like a simpler way to define services, to do the source code and image stuff that I talked about. That's coming through largely through things like Knative, which again, we're completely running for you, but it gives you some of that simple interface now that we talked about, and we're doing that in an open-source way with the community. So it's not like proprietary to IBM Cloud. And then on top of that, we built kind of the batch processing system. So batch scheduling and some of these unique interfaces, the command line interface and the user experience to get into that environment for the different workflows that I talked about. And one of the cool things is, because we built it on top of that Kubernetes layer, we can also expose the Kubernetes API if we want.So like the Ray example I gave you, Ray doesn't really know anything about Code Engine, but Ray knows how to deploy and leverage a Kube cluster. So we're able to actually hand Ray the Kubernetes API server end point inside of Code Engine for your instance. And that framework can use Kubernetes to stand itself up. And then you can use the kind of simple abstractions on top, and that's still all in Code Engine. It's still pay as you go and it still scales to zero. And so that's what I meant by this you can kind of blend the lines and drop down to or the framework can drop down to something like Kubernetes as needed to give you that flexibility.Jeremy: Yeah, that's awesome. So you mentioned you have a fully managed Kubernetes service and then you also have a bunch of other serverless services that run within the IBM Cloud. So OpenWhisk or, I guess, IBM Cloud functions now. And then also, I mean, you mentioned Cloud Foundry, which is sort of a pass, but it also sort of an easy-to-use serverless environment in a sense. Right? And so I guess, is this like an evolution? Is this where you suggest people go?Jason: Yeah. Yeah. So I think the simplest way to think about it is yes, Code Engine is the evolution of those ideas. It doesn't necessarily have a direct technical lineage, always, between those projects, but the problem that functions with IBM Cloud functions that Whisk was trying to solve and the problem that Cloud Foundry was trying to solve with source code, start from source code paths, are both represented in what we're doing in Code Engine. So Code Engine will be the kind of natural evolution path for those workloads and for the problems that those users are using those platforms for. The Cloud Foundry one, I think, is super interesting, in the sense that with the rise of Kubernetes has clearly pivoted many people who were doing Cloud Foundry into doing Kubernetes.Jeremy: Yeah.Jason: And people are using Kubernetes as their foundation and the Cloud Foundry project, which we're deeply involved in, has done a lot of work to kind of realign Cloud Foundry with Kubernetes in a better way. But what never went away, what people always still saw value in with Cloud Foundry was the simple push my source code developer experience. Right? And so that still carries forward. And with Code Engine, we're taking that same experience that we had in Cloud Foundry, and we're bringing it into this new service and bringing it onto Kubernetes seat, so the developer still gets that similar experience, but without the boundaries that we talked about. The challenge with Cloud Foundry was always like, oh, as soon as you want to do stateful things, or you want to do async jobs, Cloud Foundry didn't solve that problem. Go use a Kube cluster or go use some completely different environment. And so it's kind of the same experience with the boundaries removed and that's where we would see people go.Jeremy: Right. So if I'm in one of those services, now, if I've got things written in Cloud Functions or in Cloud Foundry, and I've hit some of those limits, or I just want to take advantage of some of the cooler things that Code Engine does, is there a simple migration path for those?Jason: Yeah. In general, yes. For Cloud Foundry, for sure. It's pretty straightforward to take the same source code directory that you have and just push it to Code Engine instead. Right? So I think the path for a Cloud Foundry, I mean, there's edge cases with everything obviously, but the base of workflow is the same. You can use the same source input directories. We mapped to Paketo Buildpacks, which Cloud Foundry, a lot of that stuff came out of Cloud Foundry. And so that has a really clean path. For Cloud Functions. There's a little bit of a timing thing in general, yeah, you can take your same functions. You can run them on Code Engine. OpenWhisk has some advantages still that we haven't quite gotten built into Code Engine yet. It's got faster startup times, for example, right? The runtime model behind Code Engine, we're still starting a container, like a full container.In OpenWhisk we had done a bunch of work on warm start of containers and container pooling so we can get like small number of milliseconds startup times on those functions. And some of that hasn't worked its way into Code Engine yet. So there are still some cases with Cloud Functions where it has some capability that doesn't quite exist in Code Engine yet, but over time that will get filled in and there'll be a simple path there to move all those workloads over to Code Engine as well.Jeremy: Right. So with Code Engine, because you mentioned this idea of sort of like the cold starts. So does Code Engine keep containers warm for a certain amount of time or is it always a cold start?Jason: It is, in general, a cold start. It can keep some of them, like in the scale up scale down cycle, it may keep them around for a while, so it doesn't be overly aggressive about scaling them down and bringing them right back. But it's not doing some of the warm start tricks yet that OpenWhisk was doing where we have a pool of primed container instances, and then we're injecting code into them and running them. That's work-in-progress. There's work to do both in Knative to improve that stack and then stuff to do in Code Engine. There's a balancing act there too ...Jeremy: Yeah, definitely.Jason: ... on things like network isolation and getting on customer VPC networks and other things which are harder to do in that warm start model.Jeremy: Yeah, definitely. All right. So if somebody wanted to get started with Code Engine, what's the best way for them to do that, just sign up and start writing some code or how do they do that?Jason: Yeah, kind of. I mean, obviously, we've been talking a lot about how developers use these things. And so I always think the best way to get started is either to build something on it or to try out some specific source code project. We have a lot of things that we've done to try to make that easy. So there's a Code Engine landing page on IBM Cloud. It has some great examples to guide you through those three starting points I talked about, start from source code, start from image and do batch. We have some really nice tutorials, like specific text analysis tutorials, for example, that'll show you how to build applications on Code Engine. And we actually have a pretty cool Git repo, which will take you through tons of samples of how to use Code Engine to solve all kinds of problems.So there's a lot of really good code assets out there that a developer could go to and actually try something real on Code Engine and the getting started experience is super easy. You've got IBM Cloud, you log in and you go to Code Engine, you create a project, you push an image and then a couple of minutes you'll have something up and running that you can play with.Jeremy: Amazing. All right. So I love watching the evolution of things and again, just this different way that, that IBM is thinking about serverless and, again, trying to make it easier. Because I always look back and I think of Lambda when it first came out, I was like, "Oh, it's so easy. You just put some code there and it's just done for you." And then we got more and more complex and more and more complex. And not that we didn't need to, I mean, some of this complexity is absolutely necessary, but I'm just curious, seeing the evolution and where things have gone, I talked to a bunch of people earlier about, Roger Graba, for example, who was one of the first people involved with the IBM or the OpenWhisk project, I guess it was Apache OpenWhisk or it became Apache OpenWhisk, whatever what it was, seeing that evolution and seeing the changes that these different cloud providers have gone through, seeing the changes that IBM has gone through and where you sort of are now with Cloud Code Engine.I'd love to get your perspective here on where you think this is going, not just maybe what the future is for IBM, but what you think the future of serverless is and just cloud computing maybe in general. I know that's a lot of question.Jason: I'll give you a long answer.Jeremy: Perfect. Jason: So that brings to mind two things. First, let me talk about the complexity thing for a second. Managing complexity is always hard. You are so right. That many things start out with a value prop of like, this is easy. And then as people use, the more you add more, and then three years later, we're like, "We need a new thing that's easy because that other thing is too hard now." And there's no magic pill for that. That's always a hard problem to manage. However, one of the things I like about the approach that we're trying to take with Code Engine is because we've layered it on Kubernetes, It gives us a way to kind of decide where we want that complexity to show up. When we had a Cloud Functions OpenWhisk stack and we had a Cloud Foundry stack and you had a Kubernetes stack, you had to try to solve all problems within each stack.So each stack was getting more complex because you were trying to like, "Oh, I need storage. And I need like private networking. And I need all these things." With Code Engine, I think we have an opportunity to say, once you cross some line, we're just going to ask you to drop down a layer and go use it directly in Kubernetes, right? You can push some of the complexity down and that allows us to hold a harder line on complexity in the developer layer on top. So it's the balancing act we're trying to play is because we built it on a common platform, we don't have to solve all problems in Code Engine directly.Jeremy: Right.Jason: So that's kind of my viewpoint on the complexity problem. On the evolution, it's really interesting. So one of the other things that my team's working on and launched recently is this thing called IBM Cloud Satellite, which is about distributing cloud outside of cloud data centers so you can kind of consume cloud services anywhere you want. So cloud computing in general, and this is not just an IBM thing, in the industry cloud computing is diversifying to be kind of omnipresent. You can consume cloud on-prem, at the edge, in our cloud data centers, wherever you want. There's a programming model dimension to that problem, too. As you specially go to the edge, you kind of want some of these simple to consume, easy to deploy, scale to zero, resource-efficient, you need some kind of model like that because at the edge, especially, you don't have 2000 cores worth of compute to go deal with.You have one box in a retail store, or you have two servers in the back of the distribution center. And so I think things like Code Engine layered on top of distributed cloud and in our case, things like Satellite, is actually a really powerful combination. I think we're going to see serverless become the dominant application development and deployment model, especially for these edge use cases, because it combines ease of deployment and management with efficiency and scale to zero footprint, which are all really attractive when you get outside of a mega data center like you have in cloud.Jeremy: Right. Right. So I love this idea, too, about sort of expose the complexity when the complexity needs to be exposed. I love this idea of sort of creating same defaults, right? If you could default Kubernetes to do all the optimal things that you would need it to do for use case X, if you could just do that for me and then if I say, "Oh, I want to tweak this one thing," then be able to kind of go down to that level. But I love this idea of you mentioned about edge too because that's one of those things that I think, from a programming model, as you said, how do you write code that's sort of, I guess, environment-aware? How does it know what's running at the edge versus running in a data center versus running maybe in a hybrid cloud and partially in your own private cloud or your own private data center? That model, just wrapping your head around it from a developer standpoint, I think is incredibly complex right there.Jason: Yeah. It is. And sometimes it's like, how do they know? And then sometimes it's like, how do I just operate at a high enough level of abstraction that like the differences between those environments can get handled below me? If I'm consuming Kubernetes clusters directly, the shape of that Kubernetes cluster in like a retail store or a telco data center in Atlanta somewhere or in the cloud are going to all be different because you have a different amount of capacity. You have a different networking arm. So you're going to have to deal with the differences. If I'm giving you a container image and saying, "Run this," the developer doesn't have to deal with those differences. The provider might have to deal with those differences but the developer doesn't have to deal with those differences. So that's where I think things like serverless and approaches like Code Engine really come to be much more valuable because you're just dealing at this higher level of abstraction and then Satellite and Code Engine and other services can kind of magically deal with the complexity for you.Jeremy: Yeah. And so I know we talked a lot about Kubernetes and what's running underneath a lot of these services. Is that something you see, though, as being that sort of common format across all these different services, or do you think that something will evolve beyond Kubernetes to become a standard?Jason: Right now, I really think that Kubernetes will become the base platform. What Kubernetes is will probably keep evolving. And I'm not saying it's Kubernetes forever, but I don't think we should underestimate the power of the kind of industry-wide alignment that exists around containerization and Kubernetes as the next infrastructure platform, if you will, because that's kind of really what it is. And I told you at the beginning, I used to build webs for apps servers. So I was like very involved in the whole Java app server era, the late 90s and early 2000s. And at that time, the industry kind of aligned around two platforms, Java and .net, as the two dominant, at least enterprise, application platforms. We have everyone aligned on Kube. Literally, there's nobody in the industry who's not like, "Kubernetes is the platform." So I think it will be the abstraction for infrastructure in all these environments. The question will be, how do you consume it? Who manages it? How's it delivered? How does it optimize itself? And then at what level do you consume?And I don't think Code Engine is the end of it at all. I think there's lots of room for improving the consumption experience on top of Kubernetes for these developer use cases.Jeremy: Yeah. Yeah. And that's actually was going to be my next question, sort of where do you see, what's the next evolution of Code Engine, right? So is that going to be kind of driving into specific use cases more and trying to solve those or becoming more flexible? How do you see the developers, I don't know, in five years, maybe this probably a hard question, but in five years, how are we going to be writing cloud applications?Jason: Yeah. It's a great and super hard question, but I think projects like Ray, I think, are an interesting forward look into where this might go. One of the things that I've always felt like, if I look at the whole history of paths in particular over the last five, six, seven years, paths has always been about simplifying the experience for the developers, but fundamentally, most paths environments don't change anything about how you write the code. They change how you package the code, how you deploy the code, how the code is executed, and how the dependencies of the code are satisfied. But the actual code you write probably wasn't any different. Right? And that's where I think there's the next step is like, how do we actually get into the languages, into the code structure itself to be able to take advantage of cloud capacity, to be able to take advantage of scale and there's lots of projects that have taken attempts at that.Ray, as an example, I think is a particularly interesting one, because there's some good examples where you can take a Python function, you literally add like one annotation to it in the language, and now it becomes remotely executable and horizontally scalable for you.Jeremy: Right.Jason: It's that kind of stuff that I think three or four years from now, there'll be a lot more of, where we're actually changing how code is written because that code can assume there's some containerized, scalable fabric out there somewhere that it can go execute on top of.Jeremy: Right. Yeah. And I think that that pendulum swing for developers, especially, well, developers in the cloud, who's they used to be writing a bunch of code, whether it was JavaScript or Python or Java, whatever it was and then all of a sudden now they have to switch context and be like, "All right, now I have to write a YAML file in order to configure my cloud resources," and that sort of back and forth. So yeah, that marrying of basically saying like a programming language for the cloud is a really interesting concept.Jason: And I think the distributed cloud notion, funnily enough, is a big enabler of that. Because, I don't know, the other tension I see right now is like, let's say you wanted to use Lambda or you want to use serverless functions. That only works in your cloud environment, but you're also running something at the edge or you're running something in your data center, so you're forced to kind of use different approaches, which tends to force you to kind of some common denominator models.Jeremy: Right. Right.Jason: And so you're kind of holding back from really adopting some of these newer models because of the diversity. Well, if cloud goes everywhere and those services go everywhere, then now I can just say, "Well, I'll use the serverless model everywhere. And so I can really deeply adopt it." So I think the distributed cloud thing will open up the opportunity to embed these approaches more deeply in kind of day-to-day development activities.Jeremy: Yeah. No, I love that. I'm all for that approach because I think this split-brain sort of approach to it is getting very complex and it's not super easy. So is there anything else that you'd like to let the listeners know about IBM Cloud Code Engine?Jason: No. I mean, I think we touched on a lot of the motivation behind it and the kind of core capabilities. I would just encourage you to go check it out, go check out the space, go give it a try and love to hear people's feedback as they do that.Jeremy: Awesome. Well, first of all, I got to make sure I thank IBM Cloud for sponsoring this episode because just the team over there and everything that all of you are working on is amazing stuff and I appreciate the support. We appreciate the support in the community for what you're doing. So if people want to find out more about you or more about Cloud Code Engine, how do they do that?Jason: Yeah. And you can find me on Twitter, JRMcGee, or LinkedIn. For me personally, I love to talk to people. For Code Engine, I think the best place to start is the product page, which is ibm.com/cloud/code-engine. And from there, you can get to all of the code examples I talked about.Jeremy: Awesome. All right. Well, I will put all that stuff in the show notes. Thanks again, Jason.Jason: Yeah. Great. Thanks, Jeremy.

google ai managing run ga cloud ibm cto api engine satellites python aws java faa javascript mcgee frameworks monte carlo docker git kubernetes lambda baas serverless chief architect cli whisk heroku rest apis eks kube aws lambda cloud platforms yaml openshift ibm cloud vpc cloud foundry ibm fellow red hat openshift knative jason it jason yeah jason so kubernetes api websphere ibm cloud platform cloud code jeremy so openwhisk apache openwhisk

How EJBGen, TestNG and ...Android happened

Play Episode Listen Later Mar 31, 2021 63:58

An airhacks.fm conversation with Cedric Beust (@cbeust) about: Apple II was the first love, building an Apple II emulator, the C64 domination, starting with Basic, then switching to 6502 assembly, cracking games for fun, learning Pascal, starting to study Math because Computer Science was not available, working as administrator at school, switching to Amiga 1000 then Amiga 2000, joining the demo scene, the impact of remote applications as PhD, working with C++ and CORBA, C++ language involvement, meeting Bjaerne Stroustroup, evolving a language is hard, starting with Java 1996, joining Sun Labs in 1998, implementing "persona" at Sun Labs with Java, Sun was not the right place to work with Java, applying at Imprise to work on Borland Application Server, meeting the WebLogic developers at a party, joining WebLogic, C++ was hard to work with, Java was a fresh air, the EJB container team was 10 developers, writing EJBGen, working on Java annotations, the relation between EJBGen and xdoclet, the Attribute Oriented Programming with XDoclet, the metadata should be in the near of Java code, joining the JCP to create Java Annotations, starting at Google to work with Adwords, motivated by shortcomings of JUnit, TestNG was created in 2004, WebLogic vs. WebSphere, tests should depend on each other, TestNG was an exploration of a modern framework, Google's mobile team were 5 people in 2005, starting a mobile Gmail project at Google on J2ME, Java Mobile, Google Android's acquisition, working with Andy Rubin to develop a Java-based OS, a team of 5 developers started to build Android, Android was strategic for Larry Page, users should be in power-this was the spirit of Android, Android development was "Top Secret", leaving Google to join a startup, building internal tools for supervision at LinkedIn, creating a calendar assistant at a startup, starting as "firefighter" at Yahoo in Java space, starting okta, okta is an "universal" SSO, implementing SSO across companies at okta, okta's backend is written in Java Cedric Beust on twitter: @cbeust, Cedric's blog

I don't hate your DTOs

Play Episode Listen Later Mar 11, 2021 67:12

An airhacks.fm conversation with Christian Beikov (@c_beikov) about: Nintendo, then Pentium 3, the rpg maker, blockly - the visual programming language from google, switching to C programming at highschool, starting with Java 1.5 and Swing, Java was really appealing, using NetBeans for development, developing a RPG game in Java, learning programming at HTL, studying software engineering at Vienna University, trying to implement an Operating System in Java, trying to start with Java Maxine, jos the free Java Based Operating System, jnode -"Java New Operating System Design Effort", starting with PHP, trying to port Java "standard" library to PHP, Java Server Faces (JSF) offers a nice programming model, starting the blazebit company at highschool, architecting Java EE software at supply-chain management, initiating the opensource Blaze Persistence project, running JSF on WebSphere classic was painful, SaS based JSF business, great primefaces experience, Blaze-Persistence on 80th airhacks.tv switching from WebSphere to Wildfly 10, migrating from WildFly to openshift and PostgreSQL, starting another startup: Sweazer - the tinder for shopping with Java EE and Apache Cordova, working on Hibernate at RedHat, Adobe PhoneGap is EoL, optimizing costs for RDS on AWS, clouds can be too expensive, WildFly worked perfectly in the clouds, WildFly ran on EC2, reducing the amount of data with blaze persistence entity views, using JSON aggregation functions to reduce network traffic by folding collections, using multi-set strategy to aggregate results into a JSON document, reducing the selected columns for performance, Markus Winand - the SQL ambassador, "Blaze-Persistence: Use Modern SQL like native JPA", indices over caching, the JPA "dot" operator produces inner joins, Blaze-Persistence query builder supports CTEs, Common Table Expressions (CTE), Java Persistence API is productive enough for startups, Blaze-Persistence generates implementation for interfaces, Blaze-Persistence maps deep query result hierarchies into DTOs, Open Session in View concept was bad for performance, Blaze-Persistence supports Java Records, article: Blaze-Persistence: Use Modern SQL like native JPA commercial support is available for Blaze-Persistence, Christian Beikov on twitter: @c_beikov, and Christian's company: blazebit.com

nintendo rpg swing aws java sas php operating systems sql red hat rds json postgresql eol hibernate ec2 pentium vienna university jsf jpa htl java ee open session netbeans apache cordova ctes websphere dtos

Kamenicky Encoding, Enterprise Java and Helidon

Play Episode Listen Later Dec 21, 2020 52:24

An airhacks.fm conversation with Daniel Kec (@DanielKec) about: playing games on dell 386dx, playing Commander Keen, wolfenstein, golden axe, hexen, beautiful markup with microsoft frontpage, On the Internet, nobody knows you're a dog, Hot Metal Pro, Net Object Fusion, Frontpage, HTML editors, Adobe Pagemill, NetBeans and IntelliJ IDE, Turbo Pascal at high school, enjoying Transistor-transistor logic TTLs and IC, the problem with CMOS and static charge, transition from Turbo Pascal to Borland Delphi, private, university in prague, Kamenicky Encoding and codepage 895, starting to love Java after Visual Basic experiences, starting with JDK 1.6, xelphi and forte for Java, episode with Jaroslav Tulach, x-definition validation language for XML, the super senior developer, find a bug: Donald Knuth and TeX, writing plugins for Netbeans, inheriting the register of traffic accidents, using WebSphere with wizards and EJB 2.1, migrating to Eclipse and xdoclet, rational developer studio IDE, MDA as solution for generating superfluous artifacts, the great dash dispute, parkinson's law of triviality, transition from EJB 2.1 to EJB 3.0, analyzing logfiles with the R programming language, R runs on GraalVM, starting at Oracle at the Java Architecture for XML Binding (JAXB), Jersey, Helidon team, Daniel Kec on twitter: @DanielKec and on github: github.com/danielkec

C, Java, Distributed Computing, Hazelcast and Apache Kafka

Play Episode Listen Later Aug 8, 2020 62:52

An airhacks.fm conversation with Viktor Gamov (@gAmUssA) about: Russian, pirate 286 intel knock-off, starting with BASIC, typing programs from magazines, fun with computer graphics primitive in BASIC, Flash animations with ActionScript, drawing buttons with Visual Basic, learning C/C++ at the university, implementing a log scraper in Pearl to get an aggregated view, Unreal Tournament was the secret goal, enjoying the lack of no compilation in excel macros, Java and Flex development, creating GUIs with Borland C++ builder at university, the size of statically compiled libraries matters, optimising the size with MS Visual C++, exploring DirectX SDK, OpenGL vs. DirectX, enjoying MSDN with Visual Studio .net and C#, the Russian Development Software Network rsdn.org, Thinking in C++ over Thinking in Java, nice looking and opensource Eclipse IDE, writing web servers in Java, JRE vs. JDK, Moscow State University for Railway Engineering, writing backends with WebSphere and RAD, WebSphere Community Edition 5.0 vs. Geronimo vs. Tomcat, Borland JBuilder with JBCL, great DeveloperWorks from IBM, Scott Davis' articles about Groovy, smart and motivated kids, nice Ruby and Rails, Scott Davis and Grails, working on Russian Google -> Yandex, working with Yakov Vain in Flex and Java, writing the Enterprise Web Development book, working for Hazelcast and Talip Ozturk, speaking at JavaOne, working as solution architect, meeting Cay Horstmann - author of Core Java book, the CAP theorem, from Hazelcast to Conluent and Apache Kafka, building kafka-tutorials.confluent.io, Kafka and JMS are following opposite principles, from JMS persistent topics to Kafka, from Hadoop and Big Data to Kafka, BigData and lambda architecture, from batch to real time processing, data is an immutable set of events, no replay in JMS, the outbox pattern, Change Data Capture (CDC), debezium, Viktor Gamov on twitter: @gAmUssA, Victor's website: gamov.io

VB, WebSphere, JBoss, GlassFish and Vaadin Flow

Play Episode Listen Later Aug 1, 2020 56:58

An airhacks.fm conversation with Simon Martinelli (@simas_ch) about: gaming and BASIC programming with C64, reading a Markt and Technik book about C64 programming, building a volleyball tournament application with C64, writing a Visual Basic application for track and field competition, MS Access applications were maintained by business people, maintaining an application for 30 years, no love for Eclipse RCP, Swiss Railways implemented the train disposition system with Eclipse RCP, a disruptive keynote for Swiss Railways, starting with COBOL on mainframe and IMS, mixing COBOL and assembler for performance, serverless programming with COBOL, COBOL security mechanism is nice, mainframe is virtualized and similar to docker, mainframe jobs are like docker containers, database and business logic are not distributed on AS 400, running as much as possible on a single machine could become a best practice, helping to solve the "year 2000 problem", WebSphere with TopLink, Oracle, MQ Series and Swing, the transition from mainframes to WebSphere, replacing MQ Series with Apache Kafka, from "in-memory" remoting to EJB-remoting, using Eclipse SWT for performance reasons, Swing Application Framework was never released, the SWT's problem was OSGi, GlassFish was introduced as a lightweight alternative to WebSphere, Java EE 5 was an lightweight alternative, working together on QLB, the forgotten NetBeans contribution, teaching at the University of Bern, Eclipse's maven integration is still mediocre, heavy IntelliJ, focussing on JBoss performance and OR-mapping, JBoss vs. GlassFish at the University, killer use cases for Camel, transforming EDI into XML, pointless ESBs, shared deployments on JBoss were problematic, Vaadin flow with web components, generating Vaadin frontend on-the-fly, vaadin generates Web Components / Custom Elements for the frontend, exposing metadata via REST, Simon Martinelli on twitter: @simas_ch, Simon's website: 72.services and blog.

university basic oracle swing eclipse technik markt bern ims xml cobol c64 apache kafka visual basic intellij swt java ee jboss netbeans vaadin websphere ejb esbs osgi

Visual Studio Code: Java, XML and Quarkus

Ordinarily Extraordinary - Conversations with women in STEM

Play Episode Listen Later Jun 6, 2020 60:12

An airhacks.fm conversation with Fred Bricon (@fbricon) about: Amstrad CPC X1120 for gaming, a material science degree, web programming over C, finite element simulations, the solid under stress, sorting blankets at the army, COBOL training, buildings portals with JSP templates, Visual Basic, WebSphere frontend with COBOL backend, CI/CD with Cruise Control, Apache Ant for automation, the Eclipse-based WSAD, terrible Eclipse support for Apache Maven 2, deploying WARs to JBoss, support for Maven and Java EE didn't exist, working on m2e eclipse project, starting to work on JBoss Tools, Eclipse Q4E, WAR overlays in Eclipse, OpenShift IDEs tooling, starting to work with Visual Studio Code for Java, VSC language server protocol (lsp), Gorkem Ercan started the exploration for VSC for Java, building language server with headless Eclipse process in 2016, Microsoft wanted to make Visual Studio Code a great Java experience, JDTLS Java Development Tools Language Server, working on XML extension for VSC, Quarkus Tools for Visual Studio Code, VSC Quarkus Extension will come with MicroProfile and Quarkus specific support, IBM contributes to Quarkus / MicroProfile language server, VSC MicroProfile support is going to be independently installable, Eclipse plugin installation process is painfully slow, two releases of VSC a month, Fred Bricon on twitter: @fbricon and @VSCodeJava

war microsoft wars ibm eclipse java maven cruise control ci cd xml cobol visual studio code visual basic vsc jsp java ee jboss websphere

Tammy Schluender - Computer Science, Utility Industry Middleware Administrator

Play Episode Listen Later Jun 5, 2020 32:04

Tammy currently works as a middleware administrator. She has held several positions in software administration while working at the same company for her entire career. She has a degree in computer science and shares her perspectives and experiences.Episode NotesMusic used in the podcast: Higher Up, Silverman Sound StudioAcronyms and DefinitionsWeblogic – a leading e-commerce online transaction processing (OLTP) platform, developed to connect users in a distributed computing environment and to facilitate the integration of mainframe applications with distributed corporate data and applications. (www.oracle.com)WebSphere – a set of Java-based tools from IBM that allows customers to create and manage sophisticated business Web sites. The central WebSphere tool is the WebSphere Application Server (WAS), an application server that a customer can use to connect Web site users with Java applications or servlets. Java – a general-purpose computer programming language that is concurrent, class-based, object-oriented, and specifically designed to have as few implementation dependencies as possible. (www.raponline.org)ERP System – The integrated management of main business processes, often in real time and mediated by software and technology. (Wikipedia)Mainframe – he central data repository, or hub , in a corporation's data processing center, linked to users through less powerful devices such as workstations or terminals. (https://www.ibm.com/support/knowledgecenter/zosbasics/com.ibm.zos.zmainframe/zconc_whatismainframe.htm)Fact CheckMontana State University has two classes – The Joy and Beauty of Computing and The Joy and Beauty of Data. (www.msu.edu)

beauty data web ibm computer science administrators java utility computing erp system middleware oltp websphere

From JMS Unit Tests to OpenLiberty

The Podlets - A Cloud Native Podcast

Play Episode Listen Later Apr 11, 2020 65:05

An airhacks.fm conversation with Alasdair Nottingham (@nottycode) about: bbc micro, basic programming with archimedes computers by acorn, playing simcity 2000 on 286, brother as valorant creative director at riot games, enjoying programming - except prolog, functional C, starting with Java and JDK 1.1.8 in 1999, Java is great because it is lacking pointers, built-in data structures in Java, forgetting about public static void main, writing Unit Tests without JUnit, deleting "red" tests, writing unit tests for the IBM MQ JMS client, joining the IBM WebSphere team, writing product samples, extending a pearl wiki, running MQ series as a sidecar, developing a Java based JMS solution in WebSphere v6, writing "mediation" for websphere MQ, almost serverless mediators, rebuilding WebSphere on top of OSGi, no worries about code ownership, isolating app server libraries with OSGi, OpenLiberty started in 2010, just enough application server concept, the costs of memory, optimizations vs. developer experience, responsiveness over memory consumption, fashion trends in IT industry, Scala's XML support, coding architects are valuable, OpenLiberty was opensourced in 2017, not at IBM, Alasdair Nottingham on twitter: @nottycode

ibm java scala xml mq jms unit tests jdk junit websphere osgi

Application Transformation with Chris Umbel and Shaun Anderson (Ep 19)

Play Episode Listen Later Mar 2, 2020 45:43

Today on the show we are very lucky to be joined by Chris Umbel and Shaun Anderson from Pivotal to talk about app transformation and modernization! Our guests help companies to update their systems and move into more up-to-date setups through the Swift methodology and our conversation focusses on this journey from legacy code to a more manageable solution. We lay the groundwork for the conversation, defining a few of the key terms and concerns that arise for typical clients and then Shaun and Chris share a bit about their approach to moving things forward. From there, we move into the Swift methodology and how it plays out on a project before considering the benefits of further modernization that can occur after the initial project. Chris and Shaun share their thoughts on measuring success, advantages of their system and how to avoid roll back towards legacy code. For all this and more, join us on The Podlets Podcast, today! Follow us: https://twitter.com/thepodlets Website: https://thepodlets.io Feeback: info@thepodlets.io https://github.com/vmware-tanzu/thepodlets/issues Hosts: Carlisia Campos Josh Rosso Duffie Cooley Olive Power Key Points From This Episode: A quick introduction to our two guests and their roles at Pivotal. Differentiating between application organization and application transformation. Defining legacy and the important characteristics of technical debt and pain. The two-pronged approach at Pivotal; focusing on apps and the platform. The process of helping companies through app transformation and what it looks like. Overlap between the Java and .NET worlds; lessons to be applied to both. Breaking down the Swift methodology and how it is being used in app transformation. Incremental releases and slow modernization to avoid roll back to legacy systems. The advantages that the Swift methodology offers a new team. Possibilities of further modernization and transformation after a successful implementation. Measuring success in modernization projects in an organization using initial objectives. Quotes: “App transformation, to me, is the bucket of things that you need to do to move your product down the line.” — Shaun Anderson [0:04:54] “The pioneering teams set a lot of the guidelines for how the following teams can be doing their modernization work and it just keeps rolling down the track that way.” — Shaun Anderson [0:17:26] “Swift is a series of exercises that we use to go from a business problem into what we call a notional architecture for an application.” — Chris Umbel [0:24:16] “I think what's interesting about a lot of large organizations is that they've been so used to doing big bang releases in general. This goes from software to even process changes in their organizations.” — Chris Umbel [0:30:58] Links Mentioned in Today’s Episode: Chris Umbel — https://github.com/chrisumbel Shaun Anderson — https://www.crunchbase.com/person/shaun-anderson Pivotal — https://pivotal.io/ VMware — https://www.vmware.com/ Michael Feathers — https://michaelfeathers.silvrback.com/ Steeltoe — https://steeltoe.io/ Alberto Brandolini — https://leanpub.com/u/ziobrando Swiftbird — https://www.swiftbird.us/ EventStorming — https://www.eventstorming.com/book/ Stephen Hawking — http://www.hawking.org.uk/ Istio — https://istio.io/ Stateful and Stateless Workload Episode — https://thepodlets.io/episodes/009-stateful-and-stateless/ Pivotal Presentation on Application Transformation: https://content.pivotal.io/slides/application-transformation-workshop Transcript: EPISODE 19 [INTRODUCTION] [0:00:08.7] ANNOUNCER: Welcome to The Podlets Podcast, a weekly show that explores Cloud Native one buzzword at a time. Each week, experts in the field will discuss and contrast distributed systems concepts, practices, tradeoffs and lessons learned to help you on your cloud native journey. This space moves fast and we shouldn’t reinvent the wheel. If you’re an engineer, operator or technically minded decision maker, this podcast is for you. [EPISODE] [0:00:41.0] CC: Hi, everybody. Welcome back to The Podlets. Today, we have an exciting show. It's myself on, Carlisia Campos. We have our usual guest hosts, Duffie Cooley, Olive Power and Josh Rosso. We also have two special guests, Chris Umbel. Did I say that right, Chris? [0:01:03.3] CU: Close enough. [0:01:03.9] CC: I should have checked before. [0:01:05.7] CU: Umbel is good. [0:01:07.1] CC: Umbel. Yeah. I'm not even the native English speaker, so you have to bear with me. Shaun Anderson. Hi. [0:01:15.6] SA: You said my name perfectly. Thank you. [0:01:18.5] CC: Yours is more standard American. Let's see, the topic of today is application modernization. Oh, I just found out word I cannot pronounce. That's my non-pronounceable words list. Also known as application transformation, I think those two terms correctly used alternatively? The experts in the house should say something. [0:01:43.8] CU: Yeah. I don't know that I would necessarily say that they're interchangeable. They're used interchangeably, I think by the general population though. [0:01:53.0] CC: Okay. We're going to definitely dig into that, how it does it not make sense to use them interchangeably, because just by the meaning, I would think so, but I'm also not in that world day-to-day and that Shaun and Chris are. By the way, please give us a brief introduction the two of you. Why don't you go first, Chris? [0:02:14.1] CU: Sure. I am Chris Umbel. I believe it was probably actually pronounced Umbel in Germany, but I go with Umbel. My title this week is the – I think .NET App Transformation Journey Lead. Even though I focus on .NET modernization, it doesn't end there. Touch a little bit of everything with Pivotal. [0:02:34.2] SA: I'm Shaun Anderson and I share the same title of the week as Chris, except for where you say .NET, I would say Java. In general, we play the same role and have slightly different focuses, but there's a lot of overlap. [0:02:48.5] CU: We get along, despite the .NET and Java thing. [0:02:50.9] SA: Usually. [0:02:51.8] CC: You both are coming from Pivotal, yeah? As most people should know, but I'm sure now everybody knows, Pivotal was just recently as of these date, which is what we are? End of January. This episode is going to be a while to release, but Pivotal was just acquired by VMware. Here we are. [0:03:10.2] SA: It's good to be here. [0:03:11.4] CC: All right. Somebody, one of you, may be let's say Chris, because you've brought this up, how this application organization differs from application transformation? Because I think we need to lay the ground and lay the definitions before we can go off and talk about things and sound experts and make sure that everybody can follow us. [0:03:33.9] CU: Sure. I think you might even get different definitions, even from within our own practice. I'll at least lay it out as I see it. I think it's probably consistent with how Shaun's going to see it as well, but it's what we tell customers anyway. At the end of the day, there are – app transformation is the larger [inaudible] bucket. That's going to include, say just the re-hosting of applications, taking applications from point A to some new point B, without necessarily improving the state of the application itself. We'd say that that's not necessarily an exercise in paying down technical debt, it's just making some change to an application or its environment. Then on the modernization side, that's when things start to get potentially a little more architectural. That's when the focus becomes paying down technical debt and really improving the application itself, usually from an architectural point of view and things start to look maybe a little bit more like rewrites at that point. [0:04:31.8] DC: Would you say that the transformation is more in-line with re-platforming, those of you that might think about it? [0:04:36.8] CU: We'd say that app transformation might include re-platforming and also the modernization. What do you think of that, Shaun? [0:04:43.0] SA: I would say transformation is not just the re-platforming, re-hosting and modernization, but also the practice to figure out which should happen as well. There's a little bit more meta in there. Typically, app transformation to me is the bucket of things that you need to do to move your product down the line. [0:05:04.2] CC: Very cool. I have two questions before we start really digging to the show, is still to lay the ground for everyone. My next question will be are we talking about modernizing and transforming apps, so they go to the clouds? Or is there a certain cut-off that we start thinking, “Oh, we need to – things get done differently for them to be called native.” Is there a differentiation, or is this one is the same as the other, like the process will be the same either way? [0:05:38.6] CU: Yeah, there's definitely a distinction. The re-platforming bucket, that re-hosting bucket of things is where your target state, at least for us coming out of Pivotal, we had definitely a product focus, where we're probably only going to be doing work if it intersects with our product, right? We're going to be doing both re-platforming targeted, say typically at a cloud environment, usually Cloud Foundry or something to that effect. Then modernization, while we're usually doing that with customers who have been running our platform, there's nothing to say that you necessarily need a cloud, or any cloud to do modernization. We tend to based on who we work for, but you could say that those disciplines and practices really are agnostic to where things run. [0:06:26.7] CC: Sorry, I was muted. I wanted to ask Shaun if you wanted to add to that. Do you have the same view? [0:06:33.1] SA: Yeah. I have the same view. I think part of what makes our process unique that way is we're not necessarily trying to target a platform for deployment, when we're going through the modernization part anyway. We're really looking at how can we design this application to be the best application it can be. It just so happens that that tends to be more 12-factor compliant that is very cloud compatible, but it's not necessarily the way that we start trying to aim for a particular platform. [0:07:02.8] CC: All right. If everybody allows me, after this next question, I'll let other hosts speak too. Sorry for monopolizing, but I'm so excited about this topic. Again, in the spirit of understanding what we're talking about, what do you define as legacy? Because that's what we're talking about, right? We’re definitely talking about a move up, move forwards. We're not talking about regression and we're not talking about scaling down. We're talking about moving up to a modern technology stack. That means, that implies we're talking about something that's legacy. What is legacy? Is it contextual? Do we have a hard definition? Is there a best practice to follow? Is there something public people can look at? Okay, if my app, or system fits this recipe then it’s considered legacy, like a diagnosis that has a consensus. [0:07:58.0] CU: I can certainly tell you how you can't necessarily define legacy. One of the ways is by the year that it was written. You can certainly say that there are certainly shops who are writing legacy code today. They're still writing legacy code. As soon as they're done with a project, it's instantly legacy. There's people that are trying to define, like another Michael Feathers definition, which is I think any application that doesn't have tests, I don't know that that fits what – our practice necessarily sees legacy as. Basically, anything that's occurred a significant amount of technical debt, regardless of when the application was written or conceived fits into that legacy bucket. Really, our work isn't necessarily as concerned about whether something's legacy or not as much as is there pain that we can solve with our practice? Like I said, we've modernized things that were in for all intents and purposes, quite modern in terms of the year they were written. [0:08:53.3] SA: Yeah. I would double down on the pain. Legacy to us often is something that was written as a prototype a year ago. Now it's ready to prove itself. It's going to be scaled up, but it wasn't built with scale in mind, or something like that. Even though it may be the latest technology, it just wasn't built for the load, for example. Sometimes legacy can be – the pain is we have applications on a mainframe and we can't find Cobol developers and we're leasing a giant mainframe and it's costing a lot of money, right? There's different flavors of pain. It also could be something as simple as a data center move. Something like that, where we've got all of our applications running on Iron and we need to go to a virtual data center somewhere, whether it's cloud or on-prem. Each one of those to us is legacy. It's all about the pain. [0:09:47.4] CU: I think is miserable as that might sound, that's really where it starts and is listening to that pain and hearing directly from customers what that pain is. Sounds terrible when you think about it that you're always in search of pain, but that isn't indeed what we do and try to alleviate that in some way. That pain is what dictates the solution that you come up with, because there are certain kinds of pain that aren't going to be solved with say, modernization approach, a more a platformed approach even. You have to listen and make sure that you're applying the right medicine to the right pain. [0:10:24.7] OP: Seems like an interesting thing bringing what you said, Chris, and then what you said earlier, Shaun. Shaun you had mentioned the target platform doesn't necessarily matter, at least upfront. Then Chris, you had implied bringing the right thing in to solve the pain, or to help remedy the pain to some degree. I think what's interesting may be about the perspectives for those on this call and you too is a lot of times our entry points are a lot more focused with infrastructure and platform teams, where they have these objectives to solve, like cost and ability to scale and so on and so forth. It seems like your entry point, at least historically is maybe a little bit more focused on finding pain points on more of the app side of the house. I'm wondering if that's a fair assessment, or if you could speak to how you find opportunities and what you're really targeting. [0:11:10.6] SA: I would say that's a fair assessment from the perspective of our services team. We're mainly app-focused, but it's almost there's a two-pronged approach, where there's platform pain and application pain. What we've seen is often solving one without the other is not a great solution, right? I think that's where it's challenging, because there's so much to know, right? It's hard to find one team or one person who can point out the pain on both sides. It just depends on often, how the customer approaches us. If they are saying something like, “We’re a credit card company and we're getting our butts kicked by this other company, because they can do biometrics and we can't yet, because of the limitations of our application.” Then we would approach it from the app-first perspective. If it's another pain point, where our operations, day two operations is really suffering, we can't scale, where we have issues that the platform is really good at solving, then we may start there. It always tends to merge together in the end. [0:12:16.4] CU: You might be surprised how much variety there is in terms of the drivers for people coming to us. There are a lot of cases where the work came to us by way of the platform work that we've done. It started with our sister team who focuses on the platform side of things. They solve the infrastructure problems ahead of us and then we close things out on the application side. We if our account teams and our organization is really listening to each individual customer that you'll find that there – that the pain is drastically different, right? There are some cases where the driver is cost and that's an easy one to understand. There are also drivers that are usually like a date, such as this data center goes dark on this date and I have to do something about it. If I'm not out of that data center, then my apps no longer run. The solution to that is very different than the solution you would have to, "Look, my application is difficult for me to maintain. It takes me forever to ship features. Help me with that." There's two very different solutions to those problems, but each of which are things that come our way. It's just that former probably comes in by way of our platform team. [0:13:31.1] DC: Yeah, that’s an interesting space to operate in in the application transformation and stuff. I've seen entities within some of the larger companies that represent this field as well. Sometimes that's called production engineering or there are a few other examples of this that I'm aware of. I'm curious how you see that happening within larger companies. Do you find that there is a particular size entity that is actually striving to do this work with the tools that they have internally, or do you find that typically, most companies are just need something like an application transformation so you can come in and help them figure out this part of it out? [0:14:09.9] SA: We've seen a wide variety, I think. One of them is maybe a company really has a commitment to get to the cloud and they get a platform and then they start putting some simple apps up, just to learn how to do it. Then they get stuck with, “Okay. Now how do we with trust get some workloads that are running our business on it?” They will often bring us in at that point, because they haven't done it before. Experimenting with something that valuable to them is — usually means that they slow down. There's other times where we've come in to modernize applications, whether it's a particular business unit for example, that may have been trying to get off the mainframe for the last two years. They’re smart people, but they get stuck again, because they haven't figured out how to do it. What often happens and Chris can talk about some examples of this is once we help them figure out how to modernize, or the recipes to follow to start getting their systems systematically on to the platform and modernize, that they tend to like forming a competency area around it, where they'll start to staff it with the people who are really interested and they take over where we started from. [0:15:27.9] CU: There might be a little bit of bias to that response, in that typically, in order to even get in the door with us, you're probably a Fortune 100, or at least a 500, or government, or something to that effect. We're going to be seeing people that one, have a mainframe to begin with. Two, would have say, capacity to fund say a dedicated transformation team, or to build a unit around that. You could say that the smaller an organization gets, maybe the easier it is to just have the entire organization just write software the modern way to begin with. At least at the large side, we do tend to see people try to build a – they'll use different names for it. Try to have a dedicated center of excellence or practice around modernization. Our hope is to help them build that and hopefully, put them in a position that that can eventually disappear, because eventually, you should no longer need that as a separate discipline. [0:16:26.0] JR: I think that's an interesting point. For me, I argue that you do need it going forward, because of the cognitive overhead between understanding how your application is going to thrive on today's complex infrastructure models and understanding how to write code that works. I think that one person that has all of that in their head all the time is a little too much, a little too far to go sometimes. [0:16:52.0] CU: That's probably true. When you consider the size the portfolios and the size of the backlog for modernization that people have, I mean, people are going to be busy on that for a very long time anyway. It's either — even if it is finite, it still has a very long life span at a minimum. [0:17:10.7] SA: At a certain point, it becomes like painting the Golden Gate Bridge. As soon as you finish, you have to start again, because of technology changes, or business needs and that thing. It's probably a very dynamic organization, but there's a lot of overlap. The pioneering teams set a lot of the guidelines for how the following teams can be doing their modernization work and it just keeps rolling down the track that way. It may be that people are busy modernizing applications off of WebLogic, or WebSphere, and it takes a two years or more to get that completed for this enterprise. It was 20, 50 different projects. To them, it was brand-new each time, which is cool actually to come into that. [0:17:56.3] JR: I'm curious, I definitely love hear it from Olive. I have one more question before I pass it out and I think we’d love to hear your thoughts on all of this. The question I have is when you're going through your day-to-day working on .NET and Java applications and helping people figure out how to go about modernizing them, what we've talked about so far is that represents some of the deeper architectural issues and stuff. You've already mentioned 12 factor after and being able to move, or thinking about the way that you frame the application as far as inputs of those things that it takes to configure, or to think with the lifecycle of those things. Are there some other common patterns that you see across the two practices, Java and .NET, that you think are just concrete examples of stuff that people should take away maybe from this episode, that they could look at their app – and they’re trying to get ahead of the game a little bit? [0:18:46.3] SA: I would say a big part of the commonality that Chris and I both work on a lot is we have a methodology called the SWIFT methodology that we use to help discover how the applications really want to behave, define a notional architecture that is again, agnostic of the implementation details. We’ll often come in with a the same process and I don't need to be a .NET expert and a .NET shop to figure out how the system really wants to be designed, how you want to break things into microservices and then the implementation becomes where those details are. Chris and I both collaborate on a lot of that work. It makes you feel a little bit better about the output when you know that the technology isn't as important. You get to actually pick which technology fits the solution best, as opposed to starting with the technology and letting a solution form around it, if that makes sense. [0:19:42.4] CU: Yeah. I'd say that interesting thing is just how difficult it is while we're going through the SWIFT process with customers, to get them to not get terribly attached to the nouns of the technology and the solution. They've usually gone in where it's not just a matter of the language, but they have something picked in their head already for data storage, for messaging, etc., and they're deeply attached to some of these decisions, deeply and emotionally attached to them. Fundamentally, when we're designing a notional architecture as we call it, really you should be making decisions on what nouns you're going to pick based on that architecture to use the tools that fit that. That's generally a bit of a process the customers have to go through. It's difficult for them to do that, because the more technical their stakeholders tend to be, often the more attached they are to the individual technology choices and breaking that is the principal role for us. [0:20:37.4] OP: Is there any help, or any investment, or any coordination with those vendors, or the purveyors of the technologies that perhaps legacy applications are, or indeed the platforms they're running on, is there any help on that side from those vendors to help with application transformation, or making those applications better? Or do organizations have to rely on a completely independent, so the team like you guys to come in and help them with that? Do you understand my point? Is there any internal – like you mentioned WebLogic, WebSphere, do the purveyors of those platforms try and drive the transformation from within there? Or is it organizations who are running those apps have to rely on independent companies like you, or like us to help them with that? [0:21:26.2] SA: I think some of it depends on what the goal of the modernization is. If it's something like, we no longer want to pay Oracle licensing fees, then of course, obviously they – WebLogic teams aren't going to be happy to help. That's not always the case. Sometimes it's a case where we may have a lot of WebLogic. It's working fine, but we just don't like where it's deployed and we'd like to containerize it, move it to Kubernetes or something like that. In that case, they're more willing to help. At least in my experience, I've found that the technology vendors are rightfully focused just on upgrading things from their perspective and they want to own the world, right? WebLogic will say, “Hey, we can do everything. We have clustering. We have messaging. We've got good access to data stores.” It's hard to find a technology vendor that has that broader vision, or the discipline to not try to fit their solutions into the problem, when maybe they're not the best fit. [0:22:30.8] CU: I think it's a broad generalization, but specifically on the Java side it seems that at least with app server vendors, the status quo is usually serving them quite well. Quite often, we’re adversary – a bit of an adversarial relationship with them on occasion. I could certainly say that within the .NET space, we've worked a relatively collaboratively with Microsoft on things like Steeltoe, which is a I wouldn't say it's a springboot analog, but at least a microservice library that helps people achieve 12-factor cloud nativeness. That's something where I guess Microsoft represents both the legacy side, but also the future side and were part of a solution together there. [0:23:19.4] SA: Actually, that's a good point because the other way that we're seeing vendors be involved is in creating operators on Kubernetes side, or Cloud Foundry tiles, something that makes it easy for their system to still be used in the new world. That's definitely helpful as well. [0:23:38.1] CC: Yeah, that's interesting. [0:23:39.7] JR: Recently, myself me people on my team went through a training from both Shaun and Chris, interestingly enough in Colorado about this thing called the SWIFT methodology. I know it's a really important methodology to how you approach some of the application transformation-like engagements. Could you two give us a high-level overview of what that methodology is? [0:24:02.3] SA: I want to hear Chris go through it, since I always answer that question first. [0:24:09.0] CU: Sure. I figured since you were the inventor, you might want to go with it Shaun, but I'll give it a stab anyway. Swift is a series of exercises that we use to go from a business problem into what we call a notional architecture for an application. The one thing that you'll hear Shaun say all the time that I think is pretty apt, which is we're trying to understand how the application wants to behave. This is a very analog process, especially at the beginning. It's one where we get people who can speak about the business problem behind an application and the business processes behind an application. We get them into a room, a relatively large room typically with a bunch of wall space and we go through a series of exercises with them, where we tease that business process apart. We start with a relatively lightweight version of Alberto Brandolini’s event storing method, where we map out with the subject matter experts, what all of the business events that occur in a system are. That is a non-technical exercise, a completely non-technical exercise. As a matter of fact, all of this uses sticky notes and arts and crafts. After we've gone through that process, we transition into Boris diagram, which is an exercise of Shaun's design that we take the domains that we've, or at least service candidates that we've extrapolated from that event storming and start to draw out a notional architecture. Like an 80% idea of what we think the architecture is going to look like. We're going to do this for slices of – thin slices of that business problem. At that point, it starts to become something that a software developer might be interested in. We have an exercise called Snappy that generally occurs concurrently, which translates that message flow, Boris diagram thing into something that's at least a little bit closer to what a developer could act upon. Again, these are sticky note and analog exercises that generally go on for about a week or so, things that we do interactively with customers to try to get a purely non-technical way, at least at first, so that we can understand that problem and tell you what an architecture is that you can then act on. We try to position this as a customer. You already have all of the answers here. What we're going to do as facilitators of these is try to pull those out of your head. You just don't know how to get to the truth, but you already know that truth and we're going to design this architecture together. How did I do, Shaun? [0:26:44.7] SA: I couldn't have said it better myself. I would say one of the interest things about this process is the reason why it was developed the way it was is because in the world of technology and especially engineers, I definitely seen that you have two modes of thought when you come from the business world to the to the technical world. Often, engineers will approach a problem in a very different way and a very focused, blindered way than business folks. Ultimately, what we try to think of is that the purpose for the software is to enable the business to run well. In order to do that, you really need to understand at least at a high-level, what the heck is the business doing? Surprisingly and almost consistently, the engineering team doing the work is separated from the business team enough that it's like playing the telephone game, right? Where the business folks say, “Well, I told them to do this.” The technical team is like, “Oh, awesome. Well then, we're going to use all this amazing technology and build something that really doesn't support you.” This process really brings everybody together to discover how the system really wants to behave. Also as a side effect, you get everybody agreeing that yes, that is the way it's supposed to be. It's exciting to see teams come together that actually never even work together. You see the light bulbs go on and say, “Oh, that's why you do that.” The end result is in a week, we can go from nobody really knows each other, or quite understands the system as a whole, to we have a backlog of work that we can prioritize based on the learnings that we have, and feel pretty comfortable that the end result is going to be pretty close to how we want to get there. Then the biggest challenge is defining how do we get from point A to point B. That's part of that layering of the Swift method is knowing when to ask those questions. [0:28:43.0] JR: A micro follow-up and then I'll keep my mouth shut for a little bit. Is there a place that people could go online to read about this methodology, or just get some ideas of what you just described? [0:28:52.7] SA: Yeah. You can go to swiftbird.us. That has a high-level overview of more the public facing of how the methodology works. Then there's also internal resources that are constantly being developed as well. That's where I would start. [0:29:10.9] CC: That sounds really neat. As always, we are going to have links on the show notes for all of this. I checked out the website for the EventStorming book. There is a resources page there and has a list of a bunch of presentations. Sounds very interesting. I wanted to ask Chris and Shaun, have you ever seen, or heard of a case where a company went through the transformation, or modernization process and then they roll back to their legacy system for any reason? [0:29:49.2] SA: That's actually a really good question. It implies that often, the way people think about modernization would be more of a big bang approach, right? Where at a certain point in time, we switch to the new system. If it doesn't work, then we roll back. Part of what we try to do is have incremental releases, where we're actually putting small slices into production where you're not rolling back a whole – from modern back to legacy. It's more of you have a week's worth of work that's going into production that's for one of the thin slices, like Chris mentioned. If that doesn't work where there's something that is unexpected about it, then you're rolling back just a small chunk. You're not really jumping off a cliff for modernization. You're really taking baby steps. If it's a two step forward and one step back, you're still making a lot of really good progress. You're also gaining confidence as you go that in the end in two years, you're going to have a completely shiny new modern system and you're comfortable with it, because you're getting there an inch of the time, as opposed to taking a big leap. [0:30:58.8] CU: I think what's interesting about a lot of large organizations is that they've been so used to doing big bang releases in general. This goes from software to even process changes in their organizations. They’ve become so used to that that it often doesn't even cross their mind that it's possible to do something incrementally. We really do often times have to get spend time getting buy-in from them on that approach. You'd be surprised that even in industries that you’d think would be fantastic with managing risk, when you look at how they actually deal with deployment of software and the rolling out of software, they’re oftentimes taking approaches that maximize their risk. There's no way to make something riskier by doing a big bang. Yeah, as Shaun mentioned, the specifics of the swift are to find a way, so that you can understand where and get a roadmap for how to carve out incremental slices, so that you can strangle a large monolithic system slowly over time. That's something that's pretty powerful. Once someone gets bought in on that, they absolutely see the value, because they're minimizing risk. They're making small changes. They're easy to roll back one at a time. You might see people who would stop somewhere along the way, and we wouldn't necessarily say that that's a problem, right? Just like not every app needs to be modernized, maybe there's portions of systems that could stay where they are. Is that a bad thing? I wouldn't necessarily say that it is. Maybe that's the way that – the best way for that organization. [0:32:35.9] DC: We've bumped into this idea now a couple of different times and I think that both Chris and Shaun have brought this up. It's a little prelude to a show that we are planning on doing. One of the operable quotes from that show is the greatest enemy of knowledge is not the ignorance, it is the illusion of knowledge. It's a quote by Stephen Hawking. It speaks exactly to that, right? When you come to a problem with a solution in your mind that is frequently difficult to understand the problem on its merit, right? It’s really interesting seeing that crop up again in this show. [0:33:08.6] CU: I think even oftentimes, the advantage of a very discovery-oriented method, such as Swift is that it allows you to start from scratch with a problem set with people maybe that you aren't familiar with and don't have some of that baggage and can ask the dumb questions to get to some of the real answers. It's another phrase that I know Shaun likes to use is that our roles is facilitator to this method are to ask dumb questions. I mean, you just can't put enough value on that, right? The only way that you're going to break that established thinking is by asking questions at the root. [0:33:43.7] OP: One question, actually there was something recently that happened in the Kubernetes community, which I thought was pretty interesting and I'd like to get your thoughts on it, which is that Istio, which is a project that operates as a service mesh, I’m sure you all are familiar with it, has recently decided to unmodernize itself in a way. It was originally developed as a set of microservices. They have had no end of difficulty in getting in optimizing the different interactions between those services and the nodes. Then recently, they decided this might be a good example of when to monolith, versus when to microservice. I'm curious what your thoughts are on that, or if you have familiarity with it. [0:34:23.0] CU: What's actually quite – I'm not going to necessarily speak too much to this. Time will tell as to if the monolithing that they're doing at the moment is appropriate or not. Quite often, the starting point for us isn't necessarily a monolith. What it is is a proposed architecture coming from a customer that they're proud of, that this is my microservice design. You'll see a simple system with maybe hundreds of nano-services. The surprise that they have is that the recommendation from us coming out of our Swift sessions is that actually, you're overthinking this. We're going to take that idea that you have any way and maybe shrink that down and to save tens of services, or just a handful of services. I think one of the mistakes that people make within enterprises, or on microservices at the moment is to say, “Well, that's not a microcservice. It’s too big.” Well, how big or how small dictates a microservice, right? Oftentimes, we at least conceptually are taking and combining services based on the customers architecture very common. [0:35:28.3] SA: Monoliths aren't necessarily bad. I mean, people use them almost as a pejorative, “Oh, you have a monolith.” In our world it's like, well monoliths are bad when they're bad. If they're not bad, then that's great. The corollary to that is micro-servicing for the sake of micro-servicing isn't necessarily a good thing either. When we go through the Boris exercise, really what we're doing is we're showing how domain-based, or capabilities relate to each other. That happens to map really well in our opinion to first, cut microservices, right? You may have an order service, or a customer service that manages some of that. Just because we map capabilities and how they relate to each other, it doesn't mean the implementation can't even be as a single monolith, but componentized inside it, right? That's part of what we try really hard to do is avoid the religion of monolith versus microservices, or even having to spend a lot of time trying to define what a microservice is to you. It's really more of well, a system wants to behave this way. Now, surprise, you just did domain-driven design and mapped out some good 12-factor compliant microservices should you choose to build it that way, but there's other constraints that always apply at that point. [0:36:47.1] OP: Is there more traction in organizations implementing this methodology on a net new business, rather than current running businesses or applications? Is there are situations more so that you have seen where a new project, or a new functionality within a business starts to drive and implement this methodology and then it creeps through the other lines of business within the organization, because that first one was successful? [0:37:14.8] CU: I'd say that based on the nature of who our customers are as an app transformation practice, based on who those customers are and what their problems are, we're generally used to having a starting point of a process, or software that exists already. There's nothing at all to mandate that it has to be that way. As a matter of fact, with folks from our labs organization, we've used these methods in what you could probably call greener fields. At the end of the day when you have a process, or even a candidate process, something that doesn't exist yet, as long as you can get those ideas onto sticky notes and onto a wall, this is a very valid way of getting – turning ideas into an architecture and an architecture into software. [0:37:59.4] SA: We've seen that happen in practice a couple times, where maybe a piece of the methodology was used, like EventStorming just to get a feel for how the business wants to behave. Then to rapidly try something out in maybe more of a evolutionary architecture approach, MVP approach to let's just build something from a user perspective just to solve this problem and then try it out. If it starts to catch hold, then iterate back and now drill into it a little bit more and say, “All right. Now we know this is going to work.” We're modernizing something that may be two weeks old just because hooray, we proved it's valuable. We didn't necessarily have to spend as much upfront time on designing that as we would in this system that's already proven itself to be of business value. [0:38:49.2] OP: This might be a bit of a broad question, but what defines success of projects like this? I mean, we mentioned earlier about cost and maybe some of the drivers are to move off certain mainframes and things like that. If you're undergoing an application transformation, it seems to me like it's an ongoing thing. How do enterprises try to evaluate that return on investment? How does it relate to success criteria? I mean, faster release times, etc., potentially might be one, but how was that typically evaluated and somebody internally saying, “Look, we are running a successful project.” [0:39:24.4] SA: I think part of what we tried to do upfront is identify what the objectives are for a particular engagement. Often, those objectives start out with one thing, right? It's too costly to keep paying IBM or Oracle for WebLogic, or WebSphere. As we go through and talk through what types of things that we can solve, those objectives get added to, right? It may be the first thing, our primary objective is we need to start moving workloads off of the mainframe, or workloads off of WebLogic, or WebSphere, or something like that. There's other objectives that are part of this too, which can include things as interesting as developer happiness, right? They have a large team of a 150 developers that are really just getting sick of doing the same old thing and having new technology. That's actually a success criteria maybe down the road a little bit, but it's more of a nice to have. In a long-winded answer of saying, when we start these and when we incept these projects, we usually start out with let's talk through what our objectives are and how we measure success, those key results for those objectives. As we're iterating through, we keep measuring ourselves against those. Sometimes the objectives change over time, which is fine because you learn more as you're going through it. Part of that incremental iterative process is measuring yourself along the way, as opposed to waiting until the end. [0:40:52.0] CC: Yeah, makes sense. I guess these projects are as you say, are continuous and constantly self-adjusting and self-analyzing to re-evaluate success criteria to go along. Yeah, so that's interesting. [0:41:05.1] SA: One other interesting note though that personally we like to measure ourselves when we see one project is moving along and if the customers start to form other projects that are similar, then we know, “Okay, great. It's taking hold.” Now other teams are starting to do the same thing. We've become the cool kids and people want to be like us. The only reason it happens for that is when you're able to show success, right? Then other teams want to be able to replicate that. [0:41:32.9] CU: The customers OKRs, oftentimes they can be a little bit easier to understand. Sometimes they're not. Typically, they involve time or money, where I'm trying to take release times from X to Y, or decrease my spend on X to Y. The way that we I think measure ourselves as a team is around how clean do we leave the campsite when we're done. We want the customers to be able to run with this and to continue to do this work and to be experts. As much as we'd love to take money from someone forever, we have a lot of people to help, right? Our goal is to help to build that practice and center of excellence and expertise within an organization, so that as their goals or ideas change, they have a team to help them with that, so we can ride off into the sunset and go help other customers. [0:42:21.1] CC: We are coming up to the end of the episode, unfortunately, because this has been such a great conversation. It turned out to be a more of an interview style, which was great. It was great getting the chance to pick your brains, Chris and Shaun. Going along with the interview format, I like to ask you, is there any question that wasn't asked, but you wish was asked? The intent here is to illuminates what this process for us and for people who are listening, especially people who they might be in pain, but they might be thinking this is just normal. [0:42:58.4] CU: That's an interesting one. I guess to some degree, that pain is unfortunately normal. That's just unfortunate. Our role is to help solve that. I think the complacency is the absolute worst thing in an organization. If there is pain, rather than saying that the solution won't work here, let’s start to talk about solutions to that. We've seen customers of all shapes and sizes. No matter how large, or cumbersome they might be, we've seen a lot of big organizations make great progress. If your organization's in pain, you can use them as an example. There is light at the end of the tunnel. [0:43:34.3] SA: It's usually not a train. [0:43:35.8] CU: Right. Usually not. [0:43:39.2] SA: Other than that, I think you asked all the questions that we always try to convey to customers of how we do things, what is modernization. There's probably a little bit about re-platforming, doing the bare minimum to get something onto to the cloud. We didn't talk a lot about that, but it's a little bit less meta, anyway. It's more technical and more recipe-driven as you discover what the workload looks like. It's more about, is it something we can easily do a CF push, or just create a container and move it up to the cloud with minimal changes? There's not conceptually not a lot of complexity. Implementation-wise, there's still a lot of challenges there too. They're not as fun to talk about for me anyway. [0:44:27.7] CC: Maybe that's a good excuse to have some of our colleagues back on here with you. [0:44:30.7] SA: Absolutely. [0:44:32.0] DC: Yeah, in a previous episode we talked about persistence and state of those sorts of things and how they relate to your applications and how when you're thinking about re-platforming and even just where you're planning on putting those applications. For us, that question comes up quite a lot. That's almost zero trying to figure out the state model and those sort of things. [0:44:48.3] CC: That episode was named States in Stateless Apps, I think. We are at the end, unfortunately. It was so great having you both here. Thank you Duffie, Shaun, Chris and I'm going by the order I'm seeing people on my video. Josh and Olive. Until next time. Make sure please to let us know your feedback. Subscribe. Give us a thumbs up. Give us a like. You know the drill. Thank you so much. Glad to be here. Bye, everybody. [0:45:16.0] JR: Bye all. [0:45:16.5] CU: Bye. [END OF EPISODE] [0:45:17.8] ANNOUNCER: Thank you for listening to The Podlets Cloud Native Podcast. Find us on Twitter at https://twitter.com/ThePodlets and on the http://thepodlets.io/ website, where you'll find transcripts and show notes. We'll be back next week. Stay tuned by subscribing. [END]See omnystudio.com/listener for privacy information.

Java EE, Jakarta EE, MicroProfile and the Big Bang

Play Episode Listen Later Nov 3, 2019 69:00

An airhacks.fm conversation with Kevin Sutter (@kwsutter) about: C64 for gaming - Datasette included with 16, how to break in and modify the code, the high school teletype course in Basic on serious machines in Austin Minnesota, applied math in high school, compute science degree in Pascal at the University of Wisconsin, working for Sperry and the merger with Burroughs, information and systems and Unisys, writing code in Pascal-like language, writing chip-design simulators in Alabama, the best software engineering project award, SOM and DSOM, (not ISAM) IBM buys Transarc, from Transarc to WebSphere, the "bring up lab" - the early CI / CD, the performance boost of JDK 1.1.8, the Java Connector Architecture (JCA) for JDBC and JMS around 2000, working on caching, data grid, object grid, and eXtreme Scale with Billy Newport, WebSphere eXtreme Scale and "Eventual Consistency", leading the JPA spec and the first opensource interaction around 2005, BEA donates kodo to apache which became openJPA, the convenient way to become a committer, Java is nicer than C++, IBM buys Gluecode - the company which provides commercial support for the Geronimo Application Server, David Blevins worked on openEJB at the same time, becoming a Java EE architect for WebSphere product in 2013, the development with OpenLiberty is more fun, IBM moves to EclipseLink but still supports openJPA, Microprofile involvement, Microprofile became immediately popular, Ian Robinson and Mark Little met at Devoxx UK and started the initial conversation about MicroProfile in 2016, MicroProfile 1.0 started with JSON-P, CDI and JAX-RS APIs from Java EE, Oracle proposes the opensourcing of Java EE, the meeting with Oracle in London to talk about opensourcing Java EE, behind the scenes of the Big Bang "javax" migration to "jakarta", the relation between the steering committee and the platform group, the relation between Jakarta EE and MicroProfile, the advantages of keeping Jakarta EE and MicroProfile separate, opentracing.io became opentelemetry which affects MicroProfile distributed tracing, MicroProfile iterates faster than Jakarta EE, from opentracing.io to opentelemetry.io, SOAP deprecation, openJPA started from a project named KODO, the openliberty guides, microprofile.io and jakarta.ee, start.microprofile.io, Jakarta EE Blogs Kevin Sutter on twitter: @kwsutter and github: https://github.com/kwsutter

The First Line of Quarkus

Play Episode Listen Later Sep 2, 2019 115:24

An airhacks.fm conversation with Emmanuel Bernard (@emmanuelbernard) about: Amstrad PC 1512, the first PC computer ever made by Amstrad, two floppies are better than a hard drive, deleting double dots, C/PM OS, BIOS as cheating detection, creating snake game in BASIC, playing with Turbo Pascal, from GO TOs over loops to procedures, objects, aspects to functional programming, exploring Mandrake Linux, Tibco Messaging and C++, killing yourself with casting, the C discipline checker - an enforced linter, 120 errors caused by Coke break, no version control -- no time machine, starting with Java 1.2, replacing buttons with images in Swing / AWT, memory leaks in Java UI, creating ASP websites for fnac, building shopping cart with VB, going back with Visual Basic debugger, exploring Java as C# alternative, WebSphere vs. WebLogic, WebLogic was the JBoss of early 2000's, Apache Excalibur container, editing TopLink files with Eclipse IDE, replacing TopLink with early Hibernate, providing Hibernate support, the Rational Unified Process Workbench, hacking the organization is important, the gradient from hacking to politics, JOnAS was big in France, translating Hibernate documentation, patching Hibernate via CVS and email, Gavin King, Oracle and annotations as XML replacement, xdoclet was a great EJB annotation PoC, Cedric Beust created XDoclet, early Apache Geronimo participation, a French engineer will only tell you what you can do better, XML mapping with deeply nested annotations as prototype, EJB 3 specification comprised the component model and the persistence, Eclipse IDE was late with annotation support, working on EntityManager API with Bill Burke, joining forces with Java Data Objects (JDO) to participate on JPA, switching from fnac to JBoss, the first day at JBoss, Gaving King and Christian Bauer were Hibernate consultants, Steve Ebersole worked on Hibernate Core and Max Andersen on Eclipse tooling, Gavin King implemented an early bean validation prototype and Emmanuel took it over, contributing to a mature opensource project is really hard, Google App Engine wanted to use Hibernate as persistence backend, then google decided to use datanucleus.org, Book Driven Development is better than Conference Driven Development, Emmanuel started OGM - the Object Grid Mapper, in NoSQL space the model is simpler, JSON-P or JSON-B can be used as replacement for JPA entities, JDBC is hard to use what explains the success of ORM products, RedHat acquired JBoss, the switch from 200 employee company to 2000 employees company, developer is king at RedHat, RedHat acquired JBoss right after the introduction of JPA, becoming an architect, debezium was started by Randall Hauch then continued by Gunnar Morling, creating architecture slides with Google Docs, throughput driven optimizations, with containers throughput becomes less important, Java was designed for throughput and not memory efficiency and startup time, openJDK team, middleware team at Redhat had conversations about the future of Java on containers, Kubernetes is your cluster manager, WildFly is the flagship and the integration point, Sanne Grinovero was behind optimizations, Java's metaspace was too high, Java is a highly dynamic environment and therefore hard to optimize, the Excelsior JET VM, GCJ, Project Maxwell, GraalVM and the compiler is written in Java, WildFly Swarm became Thorntail and was an attempt to make the runtime smaller, Java's memory usage is the real problem, Quarkus came with the idea to make all the optimization at build time, not runtime, Emmanuel started Quarkus with Jason Greene and Bob McWhirter, the very first line of Quarkus code was written in a pub, the Quarkus project name was Shamrock what was the name of the pub, 3 months time for a PoC, hibernate, CDI, JAX-RS and JDBC drivers had to be optimized for the MVP, June 2018 was the very beginning of Quarkus, the shamrock pub is located in Australia, docker containers are immutable and the WAR deployment does not fit into this model, ThornTail's hollow JARs separate the business logic from the architecture, one of the Quarkus inspirations is the Play framework, Hibernate Panache got the idea from Play persistence, wad.sh watches changes and redeploys WARs on-the-fly, QuarkEE makes Quarkus look like a Java EE application, Quarkus on GraalVM is the perfect storm, Jakarta EE is a good way to reset Java EE expectations, the j4k conference, Emmanuel Bernard on twitter: @emmanuelbernard, Emannuel's website: https://emmanuelbernard.com

Keycloak as Fun

Play Episode Listen Later Aug 25, 2019 78:18

An airhacks.fm conversation with Sebastien Blanc (@sebi2706) about: Thomson MO5, every school in France needs to have a computer, printing the name with BASIC, the REM sadness, making yellow boxes, programming Logo in French, writing "root" and "house" procedures, no procedures in BASIC, the ACSLogo for Mac OS X, Berkeley Logo (UCBLogo), the Amstrad PC1512, using AMOS programming language for writing games, writing invoicing software with 14 and AMOS, Zak McKracken and the Alien Mindbenders, Siemens Nixdorf PC, QuickBasic on Siemens Nixdorf DX2-66, the Persistence of Vision Raytracer, average calculation for school notes with QuickBasic, writing ballistic games for TI BASIC (TI 99/4A), playing Nirvana on e-guitar, starting with Java in 2002, the Rational Rose Logo Edition, learning Java EE on JOnAS, Apache Tapestry, consulting with Apache Jetspeed, writing Java EE code for 7 years, hardtimes with WebSphere, Xerces and ClassLoading, refactorings to Maven, mobile web / Grails involvements, starting at RedHat's mobile team - AeroGear, Matthias Wessendorf, Matthias loves Java Server Faces (JSF), the unified push server, starting keycloak involvement, the security challenge, the keycloak religion, keycloak ships as WildFly distribution, keycloak is a WildFly subsystem, keycloak uses hibernate for persistence, keycloak manages users with credentials, keycloak ships with ready to UI to manage users, keycloak functionality is exposed as REST services, there is a Java client available - as REST wrapper, keycloak is a "remote" proxy realm, keycloak ships with adapters for major application servers out-of-the-box, keycloak comes with SSO - different application servers can share the same session, the security realm is a "territory", in keycloak a session is optional -- a microservice can use JWT token, using OIDC tokens, keycloak comes with servlet filters for servers without adapter support, the new keycloak approach is the Keycloak Gatekeeper, Keycloak Gatekeeper is a sidecar service, apache mod_auth_openidc, keycloak is oidc compliant -- any generic OIDC library should work, the JWT creation tool JWTenizr, the "Securing JAX-RS Endpoints with JWT" screencast, the oauth flows, oauth authorization flow, implicit flow and the hybrid flow, access token has to have short lifetime, using services accounts for schedulers, keycloak has a logout backchannel - available from servlet filter, pushing a timestamp also causes logout, HttpServletRequest#logout also logouts, the killer feature: keycloak stores the private keys in one place and makes public keys available via URI, Sebastien Blanc on twitter: @sebi2706

france french basic logo persistence nirvana ui java rem maven red hat uri 4a mac os x sso jwt grails java ee zak mckracken xerces alien mindbenders websphere oidc

Why Wizards Hate Dependency Injection with Aspects

Play Episode Listen Later Jul 14, 2019 90:19

An airhacks.fm conversation with Jarek Ratajski (@jarek000000) about: Starting programming immediately with C 64, mysterious machines, touching the ZX spectrum once, amazing TV show about science Sonda, unofficial access to adults library, learning C64 basic with Atari ST manual, learning assembly because of: SYS 2064, GOTO and sisters, writing encryption software, writing the Snake game, writing Pong in Haskell, reinventing the C by writing assembly macros on Amiga 500, writing simulation for the stock market with Windows 95 and C, the Trumpet Winsock, first good experience with Swing programming and Forte for Java, problem with Borland C++ licenses, publishing software with Java, linux had great C-compilers but no mainstream UI libraries, "Java must go away", Java Vectors and Hashtables, writing Content Management Systems with Java, converted JavaScript developers, JSP-only projects, fear of reuse, the HashTable pattern, probably Java won't disappear, becoming Java advocate, first projects with JServ, WebSphere 1, W3C Jigsaw, Tomcat 3 was better behaving, than jserv, Caucho's Resin, migrating to EJB 3 and Java EE, writing commercial Java game with JMonkey Engine and JBoss backend, fighting with interfaces and over-engineering, the wizard look and feel, appearing in a bank as wizard, container injection is not needed, constructors are the perfect replacement for dependency injection, aspects are problematic, try and error programming leads to mess, @PostConstruct is one of the most insane constructs, writing just POJOs, Slaying Sacred Cows: Deconstructing Dependency Injection by Tomer Gabel, the real problem are aspects, CDI on Tomcat, Java's dynamic proxy, ratpack and jooq, building servers with libraries without classpath scanning, Time Injection would be useful, Jarek Ratajski on twitter: @jarek000000 and on github

Plugging Things Together With Reactive Programming

Play Episode Listen Later Jul 7, 2019 71:39

An airhacks.fm conversation with Gordon Hutchison (@hutchig) about: Playing chess with zx81, huge computer scene in Glasgow, BBC micro then saving for Acron Electron -- the cheaper BBC Micro, programming text adventure games, Forth on RML 380 Z, Sun's OpenBoot was written in Forth, Dragon 32, controlling the computer world with 13, programming colourful fractals, "do whatever you have permission to", then accessing the printer queue, transactions research and Java, IBM develops Java Transaction Service (JTS), travelling to Javasoft in Silicon Valley to transfer the JTS knowledge, moving from JTS to JVM implementation group at JDK 1.2 timeframe, having fun with IBM Java classloader, heap corruption, "lighter" experience with Eclipse RCP, Java Transaction API, Java Transaction Service and CORBA's Object Transaction Service, tranactions are a gift, just learn databases, "we don't need your transactions" in 2006, reused blog post from 15 years ago will be a big hit, IT became fashion -- everything is just reframed, implementing RAID algorithms, enjoying Java EE experience with OpenLiberty, deploying 50 times a conference session with wad.sh, having more coffee with classic WebSphere, OpenLiberty loose applications, OpenLiberty guide to loose applications, starting TX at facade level, JPA and transactions, getting two copies of the same object in the same request, every request is a transaction, loosing up the thread context, project Loom, transactions are making the developer's live simple, the pre-prepare phase, errors on CICS vs. MTS, solving the transaction diamond problem, reactive programming and backpressure, application servers and backpressure, you are not Google, reactive platform at Uber, too much sophistication, too complex to debug, and the human problem, functional reactive programming, plugging things together in reactive programming is appealing, the simple interface between publisher and subscriber, reactive programming as integration hub, learn Java streams first and reactive concepts will come easily, HTTP request / response model does not fit well with reactive programming, backpressure and kafka, Kafka's configuration, reactive streams operators as enabling layer, microprofile reactive messaging is similar to Message Driven Beans, Event Sourcing with debezium.io and Apache Kafka, event sourcing with GRPC, Apache Pulsar the "Kafka.next", SmallRye, CloudEvents and MicroProfile, SOAP envelope Gordon Hutchison on twitter: @gordhut, on GitHub: https://github.com/hutchig

Episode 179: I don’t know if it has a pickle plugin

Software Defined Talk

Play Episode Listen Later May 16, 2019 77:20

I don’t know if it has a pickle plugin Salesforce synergizing at IBM and Red Hat, VMware buys Bitnami, and Linux Desktop market share analysis. Plus, pickles. Opening comments: The intersection between business books and dog vomit. Democracy sausage. Coté can’t get extra pickles (https://www.instagram.com/p/Bxh5ikuiFuK/). Let me close out this topic of pickles. It’s not Burger King. Enterprise Salespeople don’t get tattoos T-shirt currency arbitrage. Literally misspelled responsibility Tacos and IT transformation 7 layer burrito of IT transformation. BSD and Linux are the same, right? (Don’t email me.) Don’t watch Coté’s old videos (https://www.youtube.com/user/redmonkmedia/videos). Did the cat walk on your keyboard? Relevant to your interests VMware to acquire Bitnami (https://blog.bitnami.com/2019/05/vmware-to-acquire-bitnami.html): VMware’s desires (https://cloud.vmware.com/community/2019/05/15/vmware-to-acquire-bitnami/): “Upon close, Bitnami will enable our customers to easily deploy application packages on any cloud— public or hybrid—and in the most optimal format—virtual machine (VM), containers and Kubernetes helm charts. Further, Bitnami will be able to augment our existing efforts to deliver a curated marketplace to VMware customers that offers a rich set of applications and development environments in addition to infrastructure software.” Coté: so Bitnami is a thing that packages up software (https://en.wikipedia.org/wiki/Bitnami) for you in (VMs?) containers and stuff, maybe with some Helm chart stuff for deploying to kubernetes? And a service that manages them in EC2? Jay@451 (https://clients.451research.com/reportaction/97114/Toc): “The acquisition will also help VMware support applications in various forms – including VMs, containers and Kubernetes Helm charts – across the different infrastructures. With Bitnami, VMware is also positioned to support ISVs and open source software components with Bitnami's catalog of curated, secured, certified components.” “VMware says it has acquired Bitnami for its multi-cloud competency and its Kubernetes expertise. VMware's acquisitions of CloudVelox, Heptio and CloudHealth have signaled its appetite for multi-cloud and Kubernetes.” The New Stack coverage: “Monocular, a service described by Bitnami as an open source search and discovery frontend for Helm Chart repositories.” https://thenewstack.io/vmware-to-acquire-bitnami-the-app-marketplace-platform-and-container-packager/ (https://thenewstack.io/vmware-to-acquire-bitnami-the-app-marketplace-platform-and-container-packager/) Holy high street, Sainsbury's! Have you forgotten Bezos' bunch are the competition? (https://www.theregister.co.uk/2019/05/10/aws_summit_london/) Coté’s collection of interesting bits (https://cote.io/2019/05/10/how-sainsbury-uses-aws/), including: “This was effectively taking a WebSphere e-commerce monolith with an Oracle RAC database, and moving it, and modularising it, and putting it into AWS.” “’Today, we run about 80 per cent of our groceries online with EC2, and 20 per cent is serverless.’ In total, the company migrated more than 7TB of data into the cloud. As a result, or so Jordan claimed, the mart spends 30 per cent less on infrastructure, and regularly sees a 70-80 per cent improvement in performance of interactions on the website and batch processing.” Australian $50 bills (https://www.theguardian.com/australia-news/2019/may/09/australian-50-note-typo-spelling-mistake-printed-46-million-times) Symantec CEO Greg Clark steps down, stock drops (https://www.cnbc.com/2019/05/09/symantec-ceo-greg-clark-steps-down-stock-drops-.html?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) GitHub Package Registry: Your packages, at home with their code (https://github.co/2DZiJGY) JFrog and Sonatype watch out How Windows and Chrome quietly made 2019 the year of Linux on the desktop (https://t.co/FvmA86HFdU?ssr=true) It’s time for another installment of Coté’s Pedantry on Market Share Analysis (tm). Windows ships a Linux in a nifty VM. Chromebook market share was ~13% in Gartner’s 2016Q4 estimates (based on 9.4m Chromebooks (https://www.pcworld.com/article/3194946/chromebook-shipments-surge-by-38-percent-cutting-into-windows-10-pcs.html) shipped out of 72.6m laptops total (https://www.gartner.com/en/newsroom/press-releases/2017-01-11-gartner-says-2016-marked-fifth-consecutive-year-of-worldwide-pc-shipment-decline)). Meanwhile, Gartner estimates that something like 2bn mobile devices (phones and tablets) were shipped in 2016. Gartner said shipments for “PCs, tablets and mobile phones” was 2.33bn in 2016 (if I read the press release right (https://www.gartner.com/en/newsroom/press-releases/2018-01-29-gartner-says-worldwide-device-shipments-will-increase-2-point-1-percent-in-2018) - something around those numbers). …if you run-rate the Chromebook Q4 (which is very kind since Christmas and corporate end-of-year spending is in Q4), you get 2016 shipments of 37.6m Chromebooks. So, out of all types of computing devices, Chromebooks are, like 37.6m out of 2.3bn, or ~2%, right? Clearly: LINUX DESKTOP VICTORY! (I guess you could throw MacOS in there, but those who’d care say that was BSD or something, right? Even if you do throw them in and do *nix market share, what’s it like? Gartner says 2018Q4 (https://www.gartner.com/en/newsroom/press-releases/2019-01-10-gartner-says-worldwide-pc-shipments-declined-4-3-perc) Apple share was 7.2%, so add in Chromebooks and we’re at 9.2% - round it up for shits and giggles, and we’re at 10%. That anything?) iOS - FreeBSD (https://en.wikipedia.org/wiki/IOS_version_history)? Google now lists playable podcasts in search results (https://www.theverge.com/2019/5/10/18564035/google-search-podcasts-ios-desktop-web-playerPodcast) ParkMyCloud is Now Part of Turbonomic - ParkMyCloud (https://www.parkmycloud.com/blog/parkmycloud-turbonomic/) Amazon’s Away Teams laid bare: How AWS's hivemind of engineers develop and maintain their internal tech (http://go.theregister.com/feed/www.theregister.co.uk/2019/05/14/amazons_away_teams/) It’s the new Spotify Culture! Oppressive countries used a newly-discovered WhatsApp flaw to spy on activists (https://www.axios.com/whatsapp-uncovers-security-flaw-exposing-spyware-vulnerability-e7709499-b87b-42df-bff3-5d2a437f2114.html?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) The red hot 'FAANG' trade is officially over, now bet on your fellow 'MAAN' (https://www.cnbc.com/2018/10/25/faang-leadership-is-over-its-time-to-bet-on-your-fellow-maan.html) FOSDEM 2019 - The clusterfuck hidden in the Kubernetes code base (https://fosdem.org/2019/schedule/event/kubernetesclusterfuck/) Microsoft warns wormable Windows bug could lead to another WannaCry (https://arstechnica.com/information-technology/2019/05/microsoft-warns-wormable-windows-bug-could-lead-to-another-wannacry/) Suggested headline: “Wutzit! Washington Windows Wunderkin Wonder Why Worms WannaCry” Google replaces its Bluetooth security keys because they can be accessed by nearby attackers (https://www.cnbc.com/2019/05/15/google-finds-security-issue-with-its-bluetooth-titan-security-keys.html) New secret-spilling flaw affects almost every Intel chip since 2011 (https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/) Google is about to have a lot more ads on phones (https://www.theverge.com/2019/5/14/18623541/google-gallery-discovery-mobile-ads-announced) Donald Trump is short-circuiting the electronics industr (https://www.theverge.com/2019/5/15/18624690/trump-import-tax-tariff-laptop-smartphone-manufacturers)y IBM reps can sell IBM and Red Hat (https://www.zdnet.com/article/where-ibm-and-red-hat-go-from-here/#ftag=RSSbaffb68): ‘in the field, "IBM sales guys will get comped on Red Hat products, but our sales guys will only get comped on Red Hat products."’ Nonsense World’s Most Expensive Coffee Costs $75 A Cup; Now Being Sold In Southern California (https://losangeles.cbslocal.com/2019/05/13/worlds-most-expensive-coffee-elida-natural-geisha-klatch-coffee/) Sponsors To learn more or to try SolarWinds Papertrail free for 14 days, go to papertrailapp.com/sdt and make troubleshooting fun again. Conferences, et. al. ALERT! DevOpsDays Discount - DevOpsDays MSP (https://www.devopsdays.org/events/2019-minneapolis/welcome/), August 6th to 7th, $50 off with the code SDT2019 (https://www.eventbrite.com/e/devopsdays-minneapolis-2019-tickets-51444848928?discount=SDT2019). 2019, a city near you: The 2019 SpringOne Tours are posted (http://springonetour.io/). Coté will be speaking at many of these, hopefully all the ones in EMEA. They’re free and all about programming and DevOps things. Coming up in: Paris (May 23rd & 24th), San Francisco (June 4th & 5th), Atlanta (June 13th & 14th)…and back to a lot of US cities. ChefConf 2019 (http://chefconf.chef.io/) May 20-23. Matt’s speaking! (https://chefconf.chef.io/sessions/banking-automation-modernizing-chef-across-enterprise/) ChefConf London 2019 (https://chefconflondon.eventbrite.com/) June 19-20 Monktoberfest, Oct 3rd and 4th - CFP now open (https://monktoberfest.com/). Listener Feedback Tom from Schiermonnikooglaan in The Netherlands tell us “Thanks for the awesome podcasts” and we sent him laptop stickers. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) or LinkedIn (https://www.linkedin.com/company/software-defined-talk/) Listen to the Software Defined Interviews Podcast (https://www.softwaredefinedinterviews.com/). Check out the back catalog (http://cote.coffee/howtotech/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Recommendations Coté: my most recent stump-speech recording (https://www.brighttalk.com/webcast/14883/355253); UK GDS book, Digital Transformation at Scale (https://www.goodreads.com/book/show/40602234-digital-transformation-at-scale). If you like #exegesis stuff, check out this interview Coté did with Derrick Harris (https://twitter.com/cote/status/1126509481490169856). Also, buy my book, fools (https://leanpub.com/digitalwtf/)! Get that other one for free (https://pivotal.io/monolithictransformation). Use the code sdt for the next week to get it for $5 (https://leanpub.com/digitalwtf/c/sdt). Matt: Sending money internationally? Get yourself some TransferWise (https://transferwise.com/u/matthewr9). Planet Money podcast: How Uncle Jamie Broke Jeopardy (https://www.npr.org/2019/05/10/722198188/episode-912-how-uncle-jamie-broke-jeopardy) Semi-anti-recommendation: The Wandering Earth (https://www.imdb.com/title/tt7605074/) Brandon: Jonathan (https://www.netflix.com/title/81034599) on Netflix. DameWare SSH Movie Trailer (https://www.youtube.com/watch?v=kS5QM7ICdXU&hd=1) vs. MSFT Terminal Video (https://youtu.be/8gw0rXPMMPE). https://paper-attachments.dropbox.com/s_51870C828F2A7F66DBDF39F8A7E608A44CC306D9F1666C6E3AE7FE69FA4CAB9E_1558039286581_Screen+Shot+2019-05-17+at+6.14.52+am.png Outro: Burger King commercial, 1974 (https://www.youtube.com/watch?v=6XoTjchhyVQ).

christmas amazon netflix donald trump google apple australian microsoft holy whatsapp netherlands scale democracy ios windows jeff bezos ibm intel relevant slack burger king semi cfp conferences digital transformation bluetooth chrome aws linux pickle pcs helm vm devops screenshots macos gartner emea vmware alert red hat kubernetes chromebooks sainsbury plugin wannacry oppressive vms planet money cot transferwise bsd wandering earth ec2 isvs fosdem sdt sonatype linux desktop new stack bitnami heptio derrick harris websphere san francisco june atlanta june cloudhealth paris may rssbaffb68

11 | Mic Pam: Ecommerce Development, Magento, Shopify, WooCommerce

Digital Rage

Play Episode Listen Later May 13, 2019 46:23

Today we spoke with Mic Pam who runs a digital agency that specializes in e-commerce solutions. Mic talks about the wide range of e-commerce platforms, shifting trends, marketing, and SEO solutions.

Kafka vs. JMS/MQ

Play Episode Listen Later Apr 21, 2019 42:44

An airhacks.fm conversation with Andrew Schofield, Chief Architect, Event Streams at IBM about: 1982, Dragon 32 and Basic Programming with 12, starting with JDK 1.0, writing a JMS provider for WebSphere v6, no ceremony JMS, Apache Kafka considered simple, why writing a Kafka application is harder than a JMS application, there is a big architectural difference between Kafka and JMS, or message queuing and event stores, Kafka remembers historical data, JMS is about fowarding messages, with Kafka it is harder to write conversational systems, clustering singletons is hard, running Kafka on a single node is easy, "deliver once and only once" is the killer feature of persistent JMS queues, JMS topics are nicer - you can send messages to unknown receivers, the killer use cases for JMS and Kafka, JMS is good for system coordination and transaction integrity, Kafka is well suited for (IoT) event buffering and re-processability, 2PC, XA and the advantages of middleware, in distributed transactions everyone has to remember everything, we only need distributed and rock-solid persistence, kubernetes pods are stateless, challenges of using Kafka, setting up for production can take months for an average Java programmer with JMS background, restarting Kafka brokers can be challenging, in Kafka you are communicating with the cluster, MQ is a collection of individual queue managers, in MQ there is a directory of resources which knows where the queues are hosted. Andrew on github, and LinkedIn.

dragon ibm iot java kafka chief architect mq xa jms apache kafka jdk websphere

Jakarta EE, MicroProfile, OpenLiberty: Better Than Ice Hockey

The Jason & Scot Show - E-Commerce And Retail News

Play Episode Listen Later Apr 7, 2019 65:00

An airhacks.fm conversation with Andrew Guibert (@andrew_guibert) about: old IBM PCs and old school Legos, starting programming in elementary school to write video games, the market for enterprise software is better, than the market for video games, World of Warcraft is good for practicing team work, ice hockey, snowboarding and baseball, getting job at IBM by pitching Nintendo WII hacking, why Java EE is exciting for young developers, OpenLiberty is a dream team at IBM, providing Java EE support for WebSphere Liberty and WebSphere "traditional" customers, Java EE 8 was good, and MicroProfile is a good platform for innovation, quick MicroProfile iterations, sprinkling MicroProfile goodness into existing applications, MicroProfile helps glue things together, OpenLiberty strictly follows the Java EE standards, how OpenLiberty knows what Java EE 8 is, OpenLiberty is built on an OSGi runtime, features are modules with dependencies, OpenLiberty comprises public and internal features, Java EE 8 is a convenience feature which pulls in other modules / features, OpenLIberty also supports users features, OpenLiberty works with EclipseLink, as well as, Hibernate, OpenLiberty comes with generic JPA support with transaction integration, Erin Schnabel fixes OpenLiberty configuration at JavaONE, IBM booth with vi in a few seconds, Erin Schnabel is a 10x-er, IBM MQ / MQS could be the best possible developer experience as JMS provider, Liberty Bikes - a Java EE 8 / MicroProfile Tron-like game, scaling websockets with session affinity, tiny ThinWARs, there is MicroProfile discussion for JWT token production, controlling OpenLiberty from MineCraft, testing JDBC connections, BulkHeads with porcupine, all concurrency in OpenLiberty runs on single, self-tuning ThreadPool Andy on twitter: @andrew_guibert and github.

lego ibm minecraft world of warcraft jakarta ice hockey nintendo wii hibernate jwt jms jpa javaone java ee jdbc websphere bulkheads osgi ibm pcs

EP158 - NYC Holiday Store Visits

Play Episode Listen Later Dec 20, 2018 72:42

EP158 - NYC Holiday Store Visits We're in the peak of the holiday season, which means Jason is going to be visiting stores. This year he went to NYC and visited 33 new or updated store concepts. If you'd like to follow the tour yourself, here the Retailgeek NYC Retail Map. Some favorites this year included: Nike Dyson Allbirds Amazon 4 Star Casper Covergirl FAO Schwarz Glossier Google Hardware Macy’s (especially the B8ta shop-in-shop) Showfields Some disappointments included: Restoration Hardware Saks Apple Away Amazon News Bloomberg article had a great piece about the 1099 amazon delivery network Amazon extended delivery window Amazon new air hub in DFW WSJ article on CRAPfest Amazon Go in airports Small format Amazon Go Opening Amazon Go in UK Other News IBM sold its commerce platform (Websphere) to HCL Don't forget to like our facebook page, and if you enjoyed this episode please write us a review on itunes. Episode 158 of the Jason & Scot show was recorded on Monday, December 17th, 2018. Happy holidays everyone... talk to you in 2019! Transcript Jason: [0:25] Welcome to the Jason and Scott show this is episode 158 being recorded on Monday December 17th 2018 I'm your host Jason retailgeek Goldberg and as usual I'm here with your co-host. Scot Wingo. Scot: [0:42] Jason and welcome back Jason Scott show listeners Jason it's been like 10 days but your life has changed a whole lot since we last talked so you you had a birthday happy belated birthday. Jason: [0:55] Thank you much it's depressing the type that even bigger number into the the elliptical machine at the gym when I am frequent occasions when I use that. Scot: [1:05] WG&R on verify so go ahead and round down. Jason: [1:10] Yeah I don't want to only be cheating myself and I feel like my my I don't know if the math actually works out this way but in my mind I mean year older so it should be more impressed. Scot: [1:22] And then you have an exciting new gig or title something like SVP of digital Commerce retail payments and chief strategy officer. Jason: [1:37] I think that's exactly my title I've had to go to jumbo size business cards for the three people that still use business card. Scot: [1:44] Or hang out 3 like a like a tweet storm you have a business card storm. Jason: [1:48] 1 of 2 of 3 of I like that. Scot: [1:50] But in all seriousness you are now the chief Commerce strategy officer tell us what's this entail and the upwardly-mobile thing what's going on. Jason: [2:03] That was a lie the very least would like to think of others agree but yeah it innocence for the last six years have been working for a particular agency that was originally razorfish and then you know we merged with Sapient and became sapientrazorfish. But that agency is part of a much bigger a holding company called the pupusas group and so essentially, took a new role at the group level so you know hopefully I'll get to keep working with a lot of the. The colleagues and clients from from sapientrazorfish that I've always enjoyed but I'll have more responsibility and work opportunity to work with. A broader selection of group clients across a bigger geography and. Like most of these holding companies were a little more Silo then we should be done to best serve customers and so a big part of my job is to kind of. Pull together all the the capabilities within the group to better serve our Commerce clients and so. [3:15] That should be fun and you may know it was important that I get that promotion on my birthday because. When you have a birthday on LinkedIn you get a lot of well-intentioned well wishes. [3:34] And annoyingly LinkedIn won't actually send you emails with your mail from LinkedIn though just sending you an email each time you get something saying, go to LinkedIn to read this one sentence can the message and so basically on your birthday your email is is, put under a denial-of-service attack by LinkedIn and so that also happens when you change your your job and so I felt like, smart to do both on the same day so that like I might email would only be down for one day. Scot: [4:05] Cuz it's me you give me like a bull in a china shop in there tearing down silos and making people work together. Jason: [4:14] Hopefully it's a little more carrot than stick wouldn't be the first time I was inadvertently a little overly aggressive so I shall Endeavor to find the right balance there are a ton of of great capabilities and in groups in pupusas and it's it's, as far as I'm concerned I went from the the 32 pack of crayons to the hundred pack of crayons and so you know it's going to be fun to paint more colorful pictures. Scot: [4:47] I know it's hard to put a number on it but would you say over 80 to 90% of getting this new gig is related to the podcast should we thank listeners for their contributions. Jason: [4:59] Possibly that's slightly conservative. Scot: [5:02] We forget individual performance I think the the pr halo effect from, this kind of cited ever that we have this is probably responsible for most of your career trajectory hear the last at least 58 weeks. Jason: [5:19] I feel like that's absolutely true I feel like the listeners absolutely would have put me over the top but you alone are so influential with all the the leadership in Paris that I feel like just you putting in a good word, was was enough to drive the new promotion so thanks very much to Scott and thanks very much to all the listeners for supporting me. Scot: [5:40] I said you listen up French dude Jason needs promotion and he doesn't need one of these like. Everyday sea-level gigs he needs to be a double sea level and they came up the new tunnel ccso your CC level you like c-squared level. Jason: [5:58] Etsy I like that c-square that's how I'm that maybe it's cuz I'm more sort of exponential growth than I am linear growth I like that I like that alot. Scot: [6:08] I didn't go to the sea level meeting cuz I'm c-squared level. Jason: [6:13] Exactly I feel like the one negative ramification as we are now going to have to do a deep dive on the Peter Principle. Scot: [6:20] Well you hit the ground running and you have been in New York I've been watching your tweets my favorite is your Covergirl tweet that was a little. It's surprising and shocking to see on the cover of Covergirl so congratulations on that. Jason: [6:37] Yeah I feel like that would be more than any person needs to be thinking about but then I got in a Twitter conversation today with with some of our favorite journalist talking about the latest trends in women's fashion and now they're all super excited about seeing me where like flare denim at dinner cropped flare Denim and interrupt this year so so sorry for all the Twitter followers that had to read that. Scot: [7:07] Yeah that's going to be good with there will be pictures I will take them and post them. Jason: [7:12] But in all seriousness it is sort of a annual tradition than I have around my birthday is I pick a city that has a bunch of retail going on and I like to do a bunch of store visits around the holidays is is, people will know or might imagine. There's a lot of in addition to the sort of all the Evergreen retail there's a lot of popups that they Brands open around the holidays and if you're a retail and you're going to watch a big new flagship it wouldn't be uncommon that you try to get it launched. In time for Holiday Inn so usually it's a good time of year to see some new new retail Concepts or at least see the evolution of some. Some retail Concepts so this year I went to New York City for a couple days and I walked about 14 miles and visited 33 stores. Scot: [8:02] Give us give us the highs the lows The Good the Bad the Ugly how whatever kind of format you want to do. Jason: [8:10] So I mentioned 33 stores there were 11 that really jumped out at me as. As irrelevant and interesting for for one reason or another there were kind of for that I. I'm putting in the doghouse that were disappointing for one reason or another and then you know the rest I kind of characterizes middle of the road, the reason I pick New York this year was specifically was because Nike had just opened the new store on Fifth Avenue at flagship store called House of innovation 0:01. And now there's been a lot of buzz in our industry that this was a super Progressive omnichannel digital first retail store and so I had read a lot about it and I wanted to make sure I had a good. Good first-hand experience so that was kind of the anchor that pulled me to New York and then I put together a list if anyone is super masochistic. What I tend to do is put all these things in in Google Maps which little-known feature of Google Maps is great for custom maps. And it works on all that the apps on all the different mobile platform so I can actually put a link in the show notes to my Google Map and you can you can see why these doors are if you happen to be visiting New York and one. Want to check any of them out but so jumping into that Nike store I felt like it really lived up to the hype. [9:35] So this is a big store on Fifth Avenue you know some of the most expensive real estate in North America. It's a 6-story store and some of the Marquis experiences they talked about are these kind of. [9:51] Blend of digital and experiential. So for example they have a great Reserve online fry in-store experience you can if you live in New York you can shop on the mobile phone, I find some shoes in a size you want to try on and someone will pull those shoes and put them in a locker. Waiting for you and so when you get to the store you can use the mobile app to unlock the locker try on the shoes if you decide you want to buy them you can do at self-checkout on the mobile app and so essentially you can. [10:30] Get stuffed Asian in dressing room try it on. And buy it without ever having to have any interaction with an employee if you don't feel like you needed employee. [10:41] And said to me that was like an interesting sort of. Improvement in the frictionless reserve online try and store experience another Marquis Ranch they had is this mannequin shopping so you knows is a lot of folks might know. Apparel that you put on mannequins tends to sell dramatically better than the apparel that's just on the racks or on the Shelf. But it often can be tricky to shop the outfit on a mannequin cuz you see something on the mannequin and you don't necessarily know. What model that is or where you can go get that particular Peril in that you're the one thing the store can do is they can put the exact apparel on the mannequin on. On an end cap or display right next to the mannequin but then that creates all kinds of problems for the store where the inventory is fragmented some of its out on that is custom display and some of its in line in the rack and, when someone does a boat is order or something else now they can't find the apparel because it's floating all over the store. And so what Nike did is they actually put a QR code on every mannequin and you can scan this QR codes with the Nike app and it opens up. [11:52] At the digital experience with all the. The apparel that's rest on that mannequin and again you can click on any of those things to have them sent to a dressing room in your size you can self-checkout or you don't get help from a sales associate but it, it's kind of a cool digital way to shop the look on mannequins in the store. Scot: [12:16] I've seen some of the shoe stores are now doing some of the 3D printing word out of separate experience. Jason: [12:29] Yeah no no no Nike is all in on customized and custom products so. [12:36] Nike actually has a Big 5 store in Tribeca did the bottom floor is totally dedicated to customization and it supposed to custom shoes and custom jerseys so I can round the World Cup. [12:46] Like embroidering your name on on your team's Jersey and stuff like that in real time was huge and this. House of innovation takes that even a step further in this store you actually can have your your shoe models custom ink. I mean you literally wait for the ink to dry and then they give you. That the completely custom product in the store so the ground for the store is totally dedicated to custom. They have all these kind of experiential components to the floor where you can see like. The embroidery shop they have all the people like sewing on the machines and you can watch him making the custom product they have the die shop and you can you know these that you can look through the glass walls and watch all the people handcrafting. Your custom products and they have a bunch of digital stations where you can work with a sales associate and design your own shoe from scratch or. You can pick a custom-designed shoe that was designed by an influencer that you're aligned with so that could be a celebrity or it could be. You know some some talented independent designer that Nike had partnered with so if you don't want to just. Pick a random design from scratch you can you can rely on the talent of someone else to still make a shoe that's kind of unique in that everyone doesn't have and that isn't available at Foot Locker. [14:12] Yeah so they're definitely in on custom. They also at another store we've talked about it with Nike is this Nike at Melrose which is in Los Angeles, and it's big spin is it's localized so they pay close attention to what people shop for and that store and change the assortment really rapidly. In response to the the Nike Shoppers in in Los Angeles and so the bottom floor which is a sub-basement for and this this store is called Nike Speed Shop and it is essentially is dedicated to the best-selling. Products in New York City and again, yui you walk in on you see like that you know fastest selling items while the changes you know quite frequently depending on what the popular items are and you you can scan a QR code and how many of those items popped into a, a self-service Locker for you so again there they're kind of leveraging the the crowd generation and the the seamless. Self Service experience you can self checkout for anything in the store so you don't you don't have to get in line at a particular cashier they have self-checkout station throughout the store where you can like get bags and things like that. The. [15:27] So overall I'd say like this store does a better job of seamlessly integrating digital in a physical environment than almost any other store have been in and it's pretty exciting for that. The downside is. Most of these experiences are not ones that Shoppers are already used to and so the sales associates are having to do a heck of a lot of Education that teach people how to use all these amenities in the store. And it's kind of a cannon to when Banks first ride rolling out ATM machines you know they had to staff the self-service ATM machines with the last app to teach people how to use them or you know when the airlines you step to teach people how to use. That the digital boarding passes you know the Hope Is overtime everyone learns how to shop that store and use those amenities and they can cut back on the amount of staff that they need to train customers but then on the flip side. [16:18] Fifth Avenue is like one of the the highest tourist traffic shopping areas in the United States and so. You know the frequency of visit is probably a lot lower it's probably you know the one and only time a bunch of these people are going to shop that store so I think that the. [16:37] Education think could be an ongoing Challenge and one of the sort of pet peeve or suggestion I would have for Nike is the. All of these digital experiences are totally dependent on you having the Nike app which I. I hate having that app dependency because it's really hard to get users to download the app and to help users get their password and to get users to consistently use the app. And you know these days with Progressive web apps we could have all the same experience on a web experience. All these QR codes that are all over the store the the Apple phones now natively Sant scan QR phones in the app in the the camera app so you know you could have. Given the customer 90% of the same functionality with an iPhone with no app in it and Nike intentionally chose not to do that so when you scan any of those QR codes. That work in the Nike app with the the iPhone camera for example instead of giving you the the digital experience it takes you to the iTunes Store and tries to get you to download the Nike app so. You know they're there I can understand their goal to try to get good penetration of the app but I'd rather see him give him more seamless experience to the customers. Scot: [17:51] Yeah cuz the apps are pretty beefy and you know you're in the store on cell and is 4 Wi-Fi never really works it's always get glitchy and yeah. Talking to it and it just kind of creates a lot of friction. Jason: [18:07] Yeah I know and you know getting their stores that are worse like that Amazon go stores that you'll see a huge queue outside these doors that require an app to shopping. Yeah they they call him frictionless doors cuz it's just walk out technology and the irony is they just move the friction from the the cashier to the front door to the store. Scot: [18:26] Yeah it is one time that which is good. Jason: [18:28] No totally true. I mean I overall super favorable impression on the Nike store or I'll be excited to watch it continue to evolve as always anything new it's pretty easy to find a, a few refinements and and you know hopefully Nike works for those overtime if you go to that Nike store literally right next door to that Nike store is a Dyson Factory Store and I haven't seen this store talked about very much but this to me is a great store, in terms of experiential retail so like obviously Dyson is super premium product like that you know tend to be at at very premium price points to their competitors in the marketplace and so it requires it's already considered sale it requires a lot of explanation and demonstration about why the products are better and so this Dyson store does a really good job of, immersing you in all their products they show you exploded you know versions of all their product so you can see the inside and you can see all the craftsmanship and design in the products and Wyatt's. [19:32] Better and more expensive and then they do all kinds of clever things to let you experience the product so that the world's most expensive hair dryer as far as I know and so in the back of the store they have a Blow Bar where you know if you want you can go in and have your hair styled and they'll blow it out and dry it using that Dyson product info, you know you get this kind of great story that you you went shopping on your vacation on 5th Avenue when you got your hair done at Dice and then you got to experience this, this one-of-a-kind hair dryer and and hopefully it sold you the hair dryer if you want to buy a vacuum. [20:12] They next to all the vacuum displays they have like a complete assortment of. For treatment so they have carpet and tile and hardwood and they have a funny wall of. Different desserts that you can pick so you can you can like literally grab a beaker of dirt or a beaker of confetti or rubber balls or whatever you want to test and throw it on whatever kind of floor surfaces you want an, and literally vacuum up those those products and so I just to me it's a great example of experiential retail and really. Helping customers understand the value proposition in kicking in this, this a psychology we called the endowment effect where you feel like you already own the product in the store and and you feel like you have. Remorse if you walk to Home walked out of the store without taking the product. Scot: [21:06] Did you take advantage of the dry bar the blow dry bar. Jason: [21:09] I did not I do like sometimes it's funny I try to go in and test products that are maybe not, not targeted at me but I did not have time to get my my sending unit 3 centimeter hair. Can and I kind of think it would have dried in the time it took for my hair to get off the base into the chair so maybe when it worked anyway. Scot: [21:34] Yeah that have I think they're sold out of that hair dryer that I mean it is very expensive but it's quite popular it's kind of the the bee's knees. Jason: [21:43] Yeah I actually am thinking about getting hair extensions just so I have a reason to get one of those hair dryers. Scot: [21:49] I think you should definitely do that before then our attic so so we can all I'll see you with your I think I'm imagining a mullet I will look. Jason: [21:57] Not that hard to imagine there's probably some of your book somewhere. [22:03] Not not true so hit a couple other stores on 5th Avenue and maybe we'll talk about it later but then I shot down to Soho in Tribeca and Albert just had a pop up there for a while that do I frankly was not a very interesting store and they just open their first. Permanent store and I think they also did a terrific job I call Brazil courses a. A shoe brand that's that's doing particularly well but very similar to Dyson. They did a beautiful job I call the visual merchandising in this store is great but they really did this Rich storytelling about all of the materials that are used in all the Auburn products and they really kind of immerse you in the war of the products. And just you know much more so than like walking into a Footlocker and seeing a wall of sneakers you feel like you get an origin story for every material that then is used in every shoe. You know and you know they just made the product feel really aspirational and they try to use sustainable products in the shoe and they like you know really made you believe in the purpose and I just thought it was really, well design store from a visual merchandising standpoint like they're not relying on a lot of digital technology in that store but I felt like. [23:30] That's for combined with some of the other stores that I visited that are kind of newer I'll call them digitally native Brands although that's debatable in the case of all birds or Dyson, and I really felt like like some of the best retail we're seeing right now is from these new emerging brands. And an Auberge was another good example and a huge progression from their prop up to this permanent store so definitely congratulations to them on that. Scot: [23:55] They do a lot of really cool kind of seasonal exclusives in City exclusives like. Jason: [24:09] Yeah and exclusive that are the trigger scarcity is a huge play across a bunch of these brands in a bunch of these products and really really smart you know again in a world when you're a teenager that has to act cool amongst your thousand followers on Instagram you know. Getting the same product that's available in every mall in America you know does not fly very well but being able to get you know something that's exclusive or scares you know that's super well and we're seeing that and you know all of these these you know unique limited edition shoes from Adidas and supreme and g-star and all birds and all of those brands are seeing them in the super young kids toys all the laugh out loud surprise toys I know you buy a bunch of these Star Trek, Kinder surprise toy or Star Wars excuse me that was a horrible, not for a DM but a horrible swppp. The I don't know it maybe it's Friday and in some super weird creepy way that we don't want to get into. Scot: [25:15] Klingons. Jason: [25:17] Yeah but yeah scarcity I think is super smart are you are you a big all birds guy. Scot: [25:24] I think I have one pair but if I like him. Jason: [25:30] And that store is now like literally across the street from the Amazon forest our store we we've talked about that's or a lot in the past I did go back to that store I was interested to see how it involves since I was there on the grand opening and obviously that's a story that's. Allegedly completely curated by customers and so I walked in there in a very curious to see how much of the assortment had really changed since the last time I was in and I was pleasantly surprised that. A lot of it had changed like all the feature displays that you see when you walk in the front of the store were prominently featuring, different merchandise than they were at the Grand Opening and even a lot of the product categories. In the store had changed or evolved and so you know my my early indications are you no props. Amazon for living there promise on on sort of. Frequently and rapidly changing the mix in that store based on on customer curation. Scot: [26:31] I wonder if they do it or if they just kind of like close down and reshuffle for a day or if they're just kind of like nibble away at it, like you know 2% a day. Jason: [26:40] No it's a great question and I I don't know the answer. But yeah I would have to live there or visit a lot more frequently 10 notice that but I did I took a ton of pictures the first time I was there and I retook all those pictures and so on. I'm probably going to do a deeper dive in comparing the two sets of pictures but anecdotally it definitely felt like a lot of stuff at churned and obviously we're much closer to Holiday now and they're all these right. Seasonal products for holiday that are selling really well so not surprisingly those products all moved forward. You're secretly I feel like that store is first and foremost designed to sell Amazon branded products and those are kind of the Evergreen product that did not change. Oh, there's some new product since last time I was there so that the first time I got to see the microwave in person. Scot: [27:29] I'd like it. Jason: [27:30] I was surprised it's smaller than I was anticipating it does not feel like I feel like that was a load capacity microwave them then I have so I would have been a little scared to. Scot: [27:43] Talk out at the gym have Alexa make you some popcorn. Jason: [27:46] I did not I was pleased to see that it was plugged in so you could infect talk to it but you like they did not give you product and give you a chance to actually. Cook anything in it and I'm curious if the demo unit even had that hopefully it did not have them element in it but who knows. Scot: [28:03] The at this is a little bit off topic but the switching of the storm made me think of everyone's in retails favorite store in York stories did you get swing by there. Jason: [28:14] I did not swing my story I always love to go to this is story about the it just wasn't geographically convenient with all these other stores I did go to Macy's. Macy's is now a minority owner of story and I was curious to see if they had a disa story iteration in Macy's. And if they did I was not able to find it but the. Beta who's been on the store has has the shopping shops inside of Macy's and I went to that Macy's expecting. Then I go down to the basement where where they historically have put a lot of these Concepts and I was actually constantly surprised the beta store. Is like prominently featured at the front door in like one of the highest traffic entrances and so kind of smart around the holidays since a lot of the beta product is. Is very holiday gift friendly items but that all of the pods in the the beta display inside the Macy's were really hopping and it felt like. The exact same experience you'd get if you walked into a dedicated beta store and then. Scot: [29:22] Call Diem one of our interns just handed me a note make sure we reference episode 139 when we had beta founder the boo on telling us all about that. Jason: [29:33] Yeah absolutely and if you do remember that episode of Yuri wissen he'll tell you a story about how he called me early on in the evolution of that concept and I gave him some stupid advice, is his version and my version is I told him that in the long run, that he would be funded by a bunch of retailers and he would be shopping shops inside of a bunch of these stores, and your side note almost all the betas are now in Macy's and so I'm saying I'm right here saying I gave him bad advice you can judge for yourself. Scot: [30:06] He is not a c squared executive Teresa CEO. Jason: [30:12] He just has the one one see you in like Risk a bunch. Scot: [30:14] Yeah it's your on a whole nother like you're in another orbit like. Jason: [30:17] Yeah he would tell you this lame story about how he left his cushy job at Google to take this big entrepreneurial risk and worked really hard to build something and all that but you know as opposed to just like telling other people what to do and then running before they actually do it. Scot: [30:32] Helios One C drop the mic. Jason: [30:36] Potato potahto exactly. The also sort of in that that area I visited the Casper store you know again another great kind of showroom a store that has a bunch of experiential components like they have all these, design house vignettes where you can in fact, close the door and sweep on all these various mattresses but they even had they actually have and they have a cool branded term for it that I'm going to not remember unfortunately at the back of the store is is actually dedicated to a service where you essentially can rent a in isolation pod with a bed in it and take a nap, and if they've done like a really good job of creating this like super relaxing atmosphere and you know it. The hustle and bustle of a busy City you can come and take a timeout and catch up power nap and then kind of recharge I looked at that thing and said man like these guys up to be partnering with we work like you ought to have one of these. Nap stations in all the the work on demand. Scot: [31:50] If it's at Casper ride to go people are always surprised how many skus they have I think everyone kind of Associates in with kind of essentially once you a mattress live really expanded the offerings have got some pet stuff now right and they've got pillows and sheets. Jason: [32:09] Yeah betting and so that they have all that but also I thought you're going is they have a variety of different. Material treatments on the mattresses so there is a pretty good diversity of mattresses you can buy a different price points and so you can imagine, people wanting to to actually try those out in the United States they talk a lot about how you know retail and trying is an important part of their. Their growth strategy that that you know they like the pure digital experience and obviously they're kind of original Innovation was the ability to make a UPS shippable mattress and bypass the store but in the long run like you know the total addressable Market of people that are willing to buy a mattress sight unseen is much smaller than the, you know all the households in the US and so even these retail showrooms have been, become a big part of their growth strategy I can't remember if I threw it up on social media or not but they also have kind of a social photo booth in the store and that's why I took a picture in the Casper store and to me the, that these these instagrammable scenes inside of retail stores is another strong retail Trend like we talked on the show little bit in the past. There are these dedicated Concepts to instagrammable moments like the ice cream factory in in San Francisco and idea here is. [33:38] Pay a significant amount of money I 20 to 40 bucks to go into what amounts to a bunch of like unique photo sets to take your your selfies and all these you know unique and interesting ways. And there scarcity because that museum goes away after a couple of months and it creates a cool, sort of photo that you can share on on Instagram in a bunch of retailers have jumped in on this action and so the the Casper score was one, you mentioned earlier that cover girl had a pop up in Time Square and they had a great social photo booth so you got to go take, a glamour still Anna and impact video in the store and so I use that that glamour photo booth and put my shepherd girl picks her up, it's super smart as they capture your email address which you give them in order for them to send you the photos and you you share those photos on your social channels and amplify it and become an influencer for Casper CoverGirl, or a bunch of the other retail brand so I feel like that was a common trend. [34:46] Also up near 5th Avenue Rockefeller Center FAO Schwarz reopen. So that you know they were longtime icon on 5th Avenue their space is now being used for Apple. They went out of business but a new company bought the brand and they reopen the toy store in what used to be the NBC Experience Store in Rockefeller Center. And I. Scot: [35:13] Does it have the f e o clock in like that same kind of vibe that the old one. Jason: [35:17] Yeah it totally does it has all the iconic displays that the old store has it has the cost you and Toy Soldiers dancing outside the store and taking selfies with everyone and again another one of these instagrammable moments. And you know a round holiday in Rockefeller Center this was the busiest store in the area and had a shoe deal 9 to get into the store and so again like, you know creating scarcity just buy, you know you go to Rockefeller Center to check out what's going on and look at the ice rink and see the Christmas tree and blam there's a huge line of people waiting to get in somewhere and it instantly makes you want to get in there too and it it it. It seems like there's definite evidence that the debt brand still carry some weight with consumers and at least around holiday. Seems like it was doing terrific. Scot: [36:07] Did a baby geek get like a drivable little Rolls-Royce Wraith. Jason: [36:13] She did not I have as I think documented on some of these other shows already made the mistake of buying him some drivable Vehicles like only two. How to get home and come to my senses and realize that I'm now paying for a separate City parking space for my son's truck my three-year-old son's truck yes. Scot: [36:33] Five of them in one city park. Jason: [36:35] Yeah that's true I probably could fit more but we don't need to tell him that. So glossy are is another great digital brand is doing really well in the beauty and cosmetics base and they open the store in Tribeca again. These guys do a lot of custom assortments instead of the whole store is really a showroom and you shop the store you you, you know try Cosmetics you pick stuff that you want and then you go to a will call window and actually pick up your custom, serrated bag with your name on it of your Cosmetics you can do that online and they have a a pick up station at the very front of the store for for online orders or or you know they have an in-store pickup station, for folks that have shop the in-store experience and this door was hopping like there was a line at almost every display for people to check out, and again a big chunk of the store was dedicated to both them like doing your makeup and glamming you up and taking an Instagram photo in you know a bunch of staged. [37:42] Scents that they had and so you kind of Sharon amplify The Experience so another good example of that. Google has a pop-up store in Chicago and New York called Google Hardware I visited the one in in Chicago earlier and talked a little bit about it on the show The New York one is sort of a, bigger better laid out version of the exact same store again a great place to experience a lot of the Google hardware and get you know live demos and some real-world vignettes but the whole you know downstairs of the store again is dedicated to, taking cool photos of you in a unique environment and sharing those on all your social platforms with all your friends and so for Google it's a double win there they're getting you to take advantage of this social photo booth experience or catching an email all the same things as all the other retailers but they're also getting to demonstrate some of the unique features of the Google pixel camera and as a speaker called best shot so essentially they put you on this way cool interactive swing set and take a bunch of pictures of you and the AI in the Google Phone app, looks at all the photos they took of you and pics of the two or three best photos and shows you though so kind of a double win there. Scot: [39:01] Did you agree with the ones I picked. Jason: [39:03] Yeah it seems optimized for obvious thing so you know I picked the ones where you're smiling and looking directly at the camera and that are in good Focus I don't know that I took enough pictures to. To pick up beyond that what it's it's criteria were but definitely the the photos it recommended were keepers. And yet it just a cool well design kind of theatrical set like it's in there cases funny cuz you walk up and it looks like a really Bland background with a bunch of wood paneling and a swing and you sit on the swing in there I have this doesn't seem like all that interesting of a, have a background but then the guy triggers the display and as the swing starts moving, all of the wood panels drop down in there all these colorful animated things moving around and it becomes a Thun Thun set for a photo so it's just fun. Watch the surprise and Delight moment when. When that happened to other people as well. [39:58] And then the 11th of my my favorite retail stores is a new store. In kind of the upper end of Tribeca called show fields, and to me this is a similar concept 2 Beta so this is a a Marketplace store it's a permanent store that. Emerging Brands can rent a Pod in all of the pods have facilities for live demonstrations they all have digital signage, until you got a bunch of like digitally native products you know that each had their own kind of, shop and shop inside of this Schofield space then I guess the one thing that was different about Schofield from beta is, the beta store is staffed by Beta employees and all the displays are largely self-service except for the beta employees most of the Schofield vignettes were actually staffed with branded employ so when you went to each of India, you are likely to get a representative from the brand that was in that vignette talking to you. Yeah so it seems like the the. Marketplace at vacation of physical retail is continuing the happened so Scott. You may have been right that marketplaces are a thing. Scot: [41:23] Yeah the other they're catching on. Jason: [41:26] Yep. So we're super deep into the show project more time than we intended on the store visits super quick, for they were a little bit of a letdown for me Restoration Hardware has this great reputation they move their store to the Meatpacking District, is there a flagship store New York went to the store it's a beautiful piece of visual merchandising and has tons of their product in it, but I just really think that it's a hard store to shop there's no way finding others no way to know what inventory is in the store I could keep that a lot of folks have a Restoration Hardware is. You know you want to try this furniture before you buy it, they have a website with all these different formations of all their products but no one on the website can you find out which store has the products you want to try, and you just kind of have to pop into the store and you're going to see one sofa that represents a family of 10 and not get a very good story about the other nine so, I just feel like it was a lost opportunity for a Restoration Hardware to take their retailing a little further than they had in the past and it seems like they stuck with. [42:31] Beautiful visual merchandising and architecture but not really anything new or interesting and customer experience so that was a disappointment to me, on 5th Avenue there's a the original Saks Fifth Avenue they made a bunch of hay earlier this year about doing a huge remodel to their Beauty Department which of the second floor of the store are you walking the store on the ground floor and they're all these signed same check out Beauty 2.0 on the second floor and they really hype up this beauty 2.0 concept. Until you know it frankly raises your expectation that they are inventing a better way to shop for cosmetics and beauty and you know when I got up there and Shop did it felt like a very traditional department store Beauty experience to me like the. The again the fixtures in the visual merchandising might have been a little nicer but you know you work at like all the exponential stuff going on at Sephora or an Ulta or the ability to shop based on a use case or need instead of exclusively by brand you know they're all these opportunities to kind of reinvent Beauty and to me, like sacks raised expectation by calling Beauty 2.0 in it it to me it was Beauty 1.1 Maybe. [43:46] I hit up about for Apple stores in New York City and you know I continue to have this, this impression when I walk in Apple stores that they had become to me super boring and the problem I think is did they have curated down they dramatically diminished the amount of third-party product they offer in an Apple store and so, you know it's almost all first-party product you know most of us know all of Apple's product before we walk in the store so we're not going to see some new Apple branded product at school or that we want to see you except maybe once a year and you know that the stores always super busy but it's also always super busy because there's a bunch of people in line at the Genius Bar to get help getting their iTunes password so they can download the Nike app for the Amazon Go app it that stores really become a customer service door and they're just really isn't a lot of. Serendipitous Discovery or surprise and Delight like you know I just don't feel like I have a reason to go there and find anything that's going to be exciting for me I don't know, Scot do you still go to an Apple Store when you're in a a new shopping district. Scot: [44:54] But Jason it's a town hall don't you just go there to meet people diet ice cream I used to I used to get the most joy out of kind of a few know looking at they had a kind of robust drone section and all these wacky accessories like Golf Club thing you can play with and I save if they've taken that stuff away I do think it's Dimension a part of it is once they get into the headphones Beats that's a big section out. Jason: [45:23] Yeah they kicked over all the third party headphones out and yeah. Scot: [45:26] Yeah so so it is a bit of a bummer because like you I think I pretty much have every product covered so there's no new Apple product I really need to discover. Jason: [45:37] Same same deal so if I forget to pack a power supply I might pop pop in the Apple to get a replacement but yeah I miss the surprise and Delight moments I hope I hope they find a new way to bring those back and then last store in this is sadly for me cuz I really wanted to be excited. [45:57] My raspberry award is going to a digital native brand that folks on the show are probably familiar with all the way which is. Kind of a great digital suitcase that's doing really well. And the reason I'm disappointed is I had visited their pop-up store and thought it was fabulous right so, you listen to the founders talk about the away brand and they say like hey we recognized early on we do you want to be about selling suitcases we wanted to be around selling aspirational experiences and destinations and so you went to the pop-up store and it was, merchandise to be all these exotic locations that you wanted to go to and it just so happens that there was a luggage in each one of those locations that you could check out and it made you want to buy the luggage so that you could go to, to Milan and you know have the experience, and I thought that was really smart and it it you know the you know their presentations at Shopkin and shop at Oregon places like that you know they told the story that really kind of match the retail environment so, now they've opened a permanent store and I and you go me and I like the pup I'm expecting you know some big stuff out of the permanent store and I feel like the permanent away store took a giant step back and it's a bunch of shelves with suitcases and no storytelling and, and none of that destination merchandising or aspiration like it did have kind of a a like. [47:23] Unremarkable Cafe inside the store but mostly it was you know it it felt just like your typical Mall luggage store that just happen to have a bunch of away suitcases on. Scot: [47:33] I am a proud owner of a real of masochist. Jason: [47:37] Do you get yelled at every time you get on the plane that you have to take the battery out. Scot: [47:40] I know it pops I got the later generation that works pops right up. Jason: [47:44] Yet so I think that's most of the products but there is a slight slightly unfortunate thing that one of them are key features if they have a smart suitcase that has a big battery in it that you can use to charge a lot of your gadgets and there must have been some bad experience on the airline somewhere because like it's now built into the FAA announcements on a lot of planes but if you have an away branded suitcase you must take the battery out before you come on the plane and again away his design the suitcase to allow that so it's not a big deal but I'm online from a brand or erosion standpoint it's. Anime be favorable maybe negative that every single time you get on a plane they make an announcement saying like you have to do something with an away suitcase or you're not safe. Maybe it helps that they're reminding everyone that there's this new pool suitcase call the way. Scot: [48:31] Yeah it's not nearly as bad as when they said if you had a Samsung Note they would just like grab it. Off the plane. Jason: [48:38] Exactly incident I guess the last take what's a bunch of great retail I do feel like a bunch of the new emerging brands or are the ones that are really moving the ball forward a lot of the the start of. A long time retail Brands I feel like I'm seeing glass Innovation out of them even Nike you know I mean arguably they been in retail since 1990 but as a major retailer like they're moving the ball forward and and you know the Saks Fifth Avenue's of the world not as much. That one other kind of antidotal take away I have talked a bunch of times on the show about electronic shelf labels and you know I would point out of the 33rd three stores I visited four of them now I have 100% electronic shelf label so you know potentially we're starting to see the the slow Evolution to this more real-time updatable Dynamic pricing retail environment so I hope we see more of that. Scot: [49:37] Well we just give me the last show of the year so we want to give you guys kind of the double bang for your buck so in addition to Jason's detailed report we're going to do, quick 10-minute news run and it wouldn't be a Jason Scott show without. Jason: [50:01] The news your margin is there opportunity. Scot: [50:10] Cool so briefly the big news for Amazon right now here we are in the heat of pizza delivery time is not surprisingly deliver you were in it so there's been a bunch out around delivery. [50:23] I can see light interesting stuff on Amazon Jason by frequent Amazon order this time of year for estimator and it's really interesting they're kind of my Prime orders are defaulting to to de-flea a message in there that says choose one day and you'll get your item tomorrow and it's really it's a really weird user experience like why why are they making me choose it there's no extra cost I did notice a day I didn't order and it did that and I chose it and then it did this interesting math over on the side where it said your shipping charge is $20 and then Midas out the shipping charge almost to make me feel like you know I was getting 20 $20 worth of value it felt like some kind of an A B test there but that's just been pretty unusual one here in Chicago you've probably already always had kind of same-day delivery in and next day but that's pretty rare North Carolina so you know I'm definitely seeing that they're using language like. [51:27] Using our express shipping partners and stuff like that so and around this area I'm seeing a lot of the Prime vehicle so I will talk about that little bit so since it's been pretty interesting as a user the Bloomberg had a friend Spencer super over there I had a great peace out today about the Amazon delivery Network and you'll notice he's there around delivery. [51:55] Very intimately familiar with these various platforms most famous and well Love's truck platform is from Europe in is the Mercedes Sprinter and so Amazon in September a news article came out that they had ordered 10,000 of these thousand and what they've done very rapidly is they have out the field but it feels like a lot of them they have set up people in their own businesses these 1099 businesses I am they will guarantee your route though rent the truck to you very inexpensively and this article had some really interesting case studies profiled someone that had a 42 and 70 drivers they're doing 250 deliveries per day per driver I am making $1,000 a month in profit so if you're interested in that kind of thing will put in the show notes and I definitely recommend you read that and then you saw one to Jason. Jason: [52:53] Yep so inside notice there's a slight irony to me the same time you're seeing all these Amazon branded Sprinter Vehicles showing up it's also the time of year when UPS and FedEx don't have enough trucks until you start seeing a lot of Enterprise rental vans with with UPS drivers getting out of them in the course there's always the problem of, people thinking they're not not legitimate UPS drivers when they roll up in the in the unmarked white van. [53:21] So you like people going in different directions there is an interesting thing that Amazon did this year you know there's always this battle for free shipping amongst retailers and who's going to lower their, their threshold for free shipping and what they're going to charge and so you know Walmart does free 2-day shipping for any order over $35, Target came out for holiday and said hey free shipping on anything and you know it's always curious, Target made this better shipping offer than Walmart would Walmart match him in Walmart didn't, and I I kind of thought that was interesting and that would be the end of it but then Amazon surprised is all about coming out with a new offer for this holiday that they were offering free shipping, for the holiday even without a Prime Membership in this this is not their 2-day shipping but that it was interesting that Amazon was getting more promotional around holiday we've all been watching to see if that might Force Walmart. To react so far we haven't seen that but now they're extending this free shipping and they're starting to really promote their, they're cut off date so you know I think tomorrow is the last day to get free slow shipping from Amazon but as you pointed out they've beefed up there. Their same-day delivery options in a bunch of markets and so you'll be able to continue to Christmas shop up to the 24th in a lot of markets and still get them. [54:47] As you mentioned Chicago was one of the first so I for a long time I've had this experience where, you order something that's available with one day delivery and then in the cart it defaults to 2-day delivery and it goes you can get it's Tuesday you can get this on Thursday for free or you can cook this to get it Wednesday for free, cuz even though it says same day it usually is after the the early morning cut off so you get it the next day and so you know you constantly have this thing where of course why wouldn't I pick, to get it a day earlier for the same free price of a new thing I just saw this week on on my own Amazon experience in Chicago is there launching some new service called Amazon weekly delivery and it seems like they're trying to incentivize me to bundle more of my purchases and have them delivered one day a week instead of on an ad-hoc basis and so it almost feels like Prime Pantry for. Non-prime Prime Pantry items so I have to dive into that and get a little more details but that was a new GUI I had never seen before. Scot: [55:54] What's the incentive. Jason: [55:56] Yeah so that was part of the problem it did not like it was a new button I could put to put it on my weekly delivery which to my knowledge I didn't have a weekly delivery but it did not seem like there was any monetary benefit to do that so it was again it was weird it was like free same-day delivery get it on Monday standard 2-day delivery to get it on Tuesday or put it in your weekly delivery on Wednesday. Scot: [56:21] They will there be there always playing around with incentives for slow shipping so I've noticed now they seem to have detected on my pretty heavy Prime now users they're offering me kind of somewhere between 5 and $10 for slow shipping at all do in a prime now single use coupon, iPad audible coupons Whole Foods variety of different free song a free app to put around look like a thousand things on that side. Jason: [56:49] Yeah no for sure and I agree with you I think they they seem pretty smart about seeing which offers you're most likely to accept and then turning up the volume on those offers. I do an audible and I keep getting more and more audible offers on or better offers on that regard stuff definitely get that you link to an article this morning about Amazon's new air hub in the Fort Worth airport so that his listeners that will probably already know they have a big air Hub in Cincinnati now they're adding a second big Hub in Dallas and again you know these guys are getting more airport capacity and more planes and and it just seems totally obvious that they're their bulking up there their internal delivery capacity and you know it it's it's hard to imagine it's not a competitive threat to our friends at UPS. Scot: [57:48] Amazon names are fulfillment centers after the airport so for a long time there are us tracking this and Phoenix had the most so they would do like PHX and when they open the second one they Rebrand the first one to one and then they start new muriatic so Phoenix had like PHX 1 2 3 and 4 in the Dallas for long time didn't have anything there then suddenly when the span of like four or five years David have all the way from DFW 1 to 6 and then and then they expanded out the rest of the day of the Houston and Sentra so no it's it's a it's a huge state for Amazon so I imagine you know that that's going to be a busy Hub and then it's interesting cuz they diagrams for the kind of have a book helps Earth Day kind of building the supply chain that looks it's kind of a hybrid of like what Walmart Walmart does to get stuff to a store and what FedEx UPS do so they have this kind of benefit of Products near you and then if it goes out then it goes to this other level and another level up there it is really fascinating how they're the kind of layer to supply chain, elements on top of each other maybe we'll do a show where we get a supply chain Guru in to explain that privately digested. Jason: [59:05] Yeah and I would add just one thing like these are not just hubs where they're like shipping Goods to then drive them to your house this is mostly about moving Goods around between the various for filming Center. And there they're just getting crazy Advanced like I literally think we have a pop-up fulfillment center in Chicago right now so it appears Amazon his rented all the parking under Millennial Park and they like literally staged a temporary fulfillment center in downtown Chicago for holiday. Scot: [59:36] Brickell lots of machine learning lots of data. Longtime listeners will enjoy this article because it's pretty much a topic we spent a lot of time on a I didn't think there is much you in there but it is paid gated tarp a waltz and it really talks about introduces the concept of crap can't realize a profit and that you know it makes it sound like news that Amazon's pushing back on manufacturers to to change their packaging and figure out how you solve this problem of you know that these items that are too bulky you too heavy to low asp2 to make money who's a good read good summary of of kind of what Amazon's doing but, I kind of made it feel new and and we know that they've been doing this for years. Jason: [1:00:26] Yeah I didn't think I'd almost argue that there's a slight trim the other way there that I feel like Amazon's been progressively getting more and more aggressive about targeting crap and more recently liked in last few months and feels like they they may have loosened things likely in some category. Scot: [1:00:44] Yeah yeah and then there was a smattering of Amazon go you touched on it and your your trip reports what are. Jason: [1:00:54] Yeah so they're there is some rumors that one of the use cases for Amazon go could be airports and that is one of the categories where it seems like you could, Amazon go would be a really good fit so I really fast grab-and-go Self Service experience in an airport and as we talked about like a lot of the go merchandise is food and so you think about, man what happens a lot of airports you have a limited time to get something to eat before you get in the plane and you know you're not going to get served anything to eat on the plane now and so seems for a lot of reasons the Amazon goes strength online really well with that airport use queso that that made a lot of sense I won't be surprised to see that deploy and deploy fast they also open their first. [1:01:45] Small for my Amazon go store so this is like a hundred square foot store and it is kind of like a self-contained shop and Shop, where you know you can have a bunch of quick grab convenience items, in a you know Anna is self-contained pop up store format and you know from the first time I saw I go one of these cases I always thought of was like the hotel. Gift shop for the hotel snack shop kind of thing where it doesn't make sense to staff the store with the a person but you know you can sell a lot of snacks to the guess that just check in and they're going up to the room and so this the small-format store seems like a perfect fit for a potential Hotel use case for exam. [1:02:30] And then I think go is now going to the UK so we've seen like three new new retail for mastering Amazon open up in in London in recent times and now they're going to get their first ghost tour. Scot: [1:02:42] Cool it's everyone laughed when they said they weren't there could be thousands of these so you put 10 in each airport and 50 in each City and boom you're there. Jason: [1:02:52] Exactly so they are not sitting still there doing a lot of interesting stuff it's been fun to follow them. Scot: [1:02:59] Awesome so I know we're up against time but there is that concludes our Amazon news there was one big news item that I wanted to pick your brain on and is there she might this kind of slid under my radar I'm sure you were really you're attracting it but there was this announcement that IBM sold a bunch of software stuff to this company called HCL I don't know who that is and the ones that made the headlines I saw where I was he Lotus Notes and just some kind of, old stuff that seemed then I saw a kind of kerfuffle on LinkedIn where several of the smaller e-commerce platforms were really kind of riling up retailers and saying you know, where you going to do now that IBM no longer supports websphere which is there their kind of you know their e-commerce platform that a lot of the largest retailers are on and. Turns out that they have sold that whole platform to this company HCL what I'm sure a lot of our listeners out there I'm sure if they're on websphere they're they're painfully aware this but I was a little shocked about that what do you what do you make of it does this mean IBM just as getting out of the retail game or why would they sell it and then what do you think it means going for. Jason: [1:04:14] Yep it's even potentially more confusing than that so it's totally cut me out of left field the, you know if you'll get the last call at 5 to 8 years in retail there have been these three Enterprise platforms that have emerged as sort of the most competitive, platforms for launching your e-commerce site so you know IBM has had Webster Commerce which is one of the products they sold the ACL Oracle has that a product called atg was originally stand alone company Oracle bottom, there's originally a German stanaland company called hybris the sap bot and so you know if you were a big retailer or you wanted to you know be selling hundreds of millions of dollars online, you likely were going to pick one of these three platforms to launch your website and and you would likely have a shootout between two or three of them, and you know that pay a company like razorfish millions of dollars to to implement it for you and and pay the vendor, you know hundreds of thousands if not millions of dollars a year in maintenance on that platform and so in some ways like totally shocking IBM which you know. [1:05:27] Arguably had the biggest retail market share of those three platforms. So the entire websphere business to HCL HCL is a very large integrator and so you know frankly from my standpoint, whatever traction IBM had in the marketplace that platform is totally going to lose now that a single integrator, because you know all the other integrators in the world are not very likely in to be promoting and implementing a platform, it's owned by one of their competitors so you know usually when an integrator buys a platform it's kind of the end of life for that platform and it just becomes, an in-house piece of Ip that that that integrator uses you don't becomes much harder to see other third parties. Integrate that's an IBM had this Rich echo system of integrators that were aggressively selling their stuff so there's a ton of customers that are on it it's but yours was super fragmented about this. [1:06:31] They sold the on-prem version of the software 2hcl at the moment IBM still owns, the cloud version of the software which is the newest version but the cloud version is based on the on Prim codebase so if you're one of the few customers that bought the, Cloud version of IBM or you were thinking about migrating now you have to ask yourself. Is HCl going to keep updating that code base so that IBM's Cloud version continues to stay. Competitive or contemporary or what's going to happen there IBM owns a bunch of other retail software that a lot of retailers still rely on most famously they own order management system called Sterling. It's still doing really well and they did not still sell sterling so in the old days. You know I didn't had a lot of success getting people to use their o&s and their web platform together because obviously most most businesses need order Management in and then you conversate. Now those things are getting split up so at the moment there's a lot more questions than answers. I probably already taking too much time but the one thing I will say is in my mind all of these Enterprise platforms are losing momentum and losing customers and so you know the likely reason I'm selling it is. They just feel like the super expensive enterprise software is kind of end-of-life because. [1:07:54] To me what's happening is the very largest e-commerce sites are are all largely on custom and house built stuff. And increasingly the biggest customers that were on these Enterprise platforms are. Writing more the software themselves and using less of the Enterprise platform and negotiating to Payless licenses for that software. Everyone wants to move to the cloud and none of these products are particularly graceful at offering a cloud version, and then every new business that's been born every new brand that's been born in the last eight years that was more likely to be digital natives, probably started doing e-commerce on something like Shopify or Bigcommerce and they're actually finding that those those platforms continue to meet all their needs even as they scale and so you know even if you outgrow Shopify once you're used to paying $10,000 a year for your eCommerce platform you know it becomes really hard to pay for a you know orders of magnitude more for that you know and then orders of magnitude more on top of that to implement it just became a tough value prop for these old Enterprise platform so a lot of us in the e-commerce software space have a lot of nostalgia for IBM at the you know they were definitely King Of The Hill in retail for a long time but you know I do probably selling them because you know it was becoming a financial loser for them and and it does not seem like that's where the growth is going to be in retail. Scot: [1:09:23] Feels like Financial. Kind of yeah she'll games though too. Maybe a negative phrase but maybe I'm just wanting to show Wall Street more SAS Revenue so that's probably why they kept that piece but you know you can't possibly do well if you're not enjoying the underline code and if I'm an integrator I don't want to make this a surgeon that are so seems like there's instant mi

christmas united states america love new york amazon new york city chicago europe google ai uk apple education los angeles house star wars french san francisco holiday home writing beauty rich management innovation evolution german market north carolina dm north america oregon risk iphone brazil network financial 3d hotels asian target wall street shop walmart world cup ugly gift cloud star trek products commerce cincinnati gurus cook anime beats kinder brands prime ipads banks trend ecommerce ibm wifi ip progressive jersey oracle material bloomberg beta dice enterprise delight dynamic marketplace longtime competitive adidas vehicles associates ups earth day svp shopify mall concepts permanent whole foods auburn reserve seasonal dimension qr sant fedex fort worth texas google maps goldberg soho casper avenue cc atm goods peril rebrand apparel bland evergreen allegedly faa shelf hub integrate yuri dyson scot cosmetics apple stores marquis sephora endeavor grand opening prim locker silo dfw nap remorse king of the hill denim shoppers midas tribeca golf clubs holiday inn schofield foot locker melrose ulta self service covergirl fifth avenue rockefeller center payless amazon go saks fifth avenue time square hcl phx bigcommerce toy soldiers jason scott peter principle auberge samsung note restoration hardware sapient genius bar meatpacking district sentra emerging brands mercedes sprinter google phone lotus notes b8ta websphere scot wingo rolls royce wraith store visits symphony commerce

TWiST #137: IBM mistet sein Portfolio aus und verkauft unter anderem Websphere

ShopTechBlog – Technologien für digitalen Handel

Play Episode Listen Later Dec 14, 2018 11:39

In dieser Ausgabe sprechen Martin und Roman vor allem über den Verkauf einiger IBM-Produkte - unter anderem der E-Commere-Plattform Websphere - an den Systemintegrator HCL

twist ausgabe verkauf verkauft unteranderem mistet websphere

Episode 153: “I have no idea, but I’ll go on,” or IBM buying Red Hat

Software Defined Talk

Play Episode Listen Later Nov 1, 2018 85:01

IBM is buying Red Hat. Topic acquired. Sponsored by DataDog This episode is sponsored by Datadog and this week Datadog wants you to know about Watchdog. Watchdog automatically detects performance problems in your applications without any manual setup or configuration. By continuously examining application performance data, it identifies anomalies, like a sudden spike in hit rate, that could otherwise have remained invisible. Once an anomaly is detected, Watchdog provides you with all the relevant information you need to get to the root cause faster, such as stack traces, error messages, and related issues from the same timeframe. Sign up for a free trial (https://www.datadog.com/softwaredefinedtalk) today at https://www.datadog.com/softwaredefinedtalk and tell them your friends at Software Defined Talk sent you. IBM and Red Hat Acquisition IBM Nears Deal to Acquire Software Maker Red Hat (https://www.bloomberg.com/news/articles/2018-10-28/ibm-is-said-to-near-deal-to-acquire-software-maker-red-hat) IBM To Acquire Red Hat, Completely Changing The Cloud Landscape And Becoming World's #1 Hybrid Cloud Provider (https://newsroom.ibm.com/2018-10-28-IBM-To-Acquire-Red-Hat-Completely-Changing-The-Cloud-Landscape-And-Becoming-Worlds-1-Hybrid-Cloud-Provider) Banks could reap as much as $115 million for orchestrating the IBM-Red Hat deal (https://www.thisisinsider.com/ibm-red-hat-largest-software-bank-fees-2018-10) Cloud Wars Forcing Irrational Open Source Takeovers (https://medium.com/futuresin/cloud-wars-forcing-irrational-open-source-takeovers-1ce096c53b19) Red Hat and IBM: Elephants Can Dance (https://www.aniszczyk.org/2018/10/29/red-hat-and-ibm-elephants-can-dance/) Armed with Red Hat, IBM launches a cloud war against Amazon, Microsoft and Google | ZDNet (https://www.zdnet.com/article/armed-with-red-hat-ibm-launches-a-cloud-war-against-amazon-microsoft-and-google/) Analysis: Red Hat’s continued independence is key to success of IBM’s $34B acquisition (https://www.geekwire.com/2018/analysis-red-hats-continued-independence-key-success-ibms-34b-acquisition/) IBM Acquires Red Hat — What This Means for Open Source (https://blog.usejournal.com/ibm-acquires-red-hat-what-this-means-for-open-source-d236d680da5b) Statement on the IBM acquisition of Red Hat from Ubuntu (https://blog.ubuntu.com/2018/10/30/statement-on-ibm-acquisition-of-red-hat) Big Blue Puts on a Red Hat: IBM Acquires Red Hat (https://redmonk.com/sogrady/2018/10/30/ibm-red-hat/) Big Blue’s takeover of Red Hat could produce an über-cloud (https://www.economist.com/business/2018/10/30/big-blues-takeover-of-red-hat-could-produce-an-uber-cloud) Blockbuster IBM-Red Hat Deal Draws Support – and Concerns for the ‘Spirit of Linux’ (https://www.enterprisetech.com/2018/10/29/blockbuster-ibm-red-hat-deal-draws-support-and-concerns-about-the-spirit-of-linux/?utm_source=rss&utm_medium=rss&utm_campaign=blockbuster-ibm-red-hat-deal-draws-support-and-concerns-about-the-spirit-of-linux) “I like the ones where you prepare.” (Coté ed.) Look, Red Hat and IBM are Pivotal competitors, good ones: we wish them success in this complex integration, it’s good they’re finally trying to fix their cloud portfolio, we’re hiring, etc., etc.. Let’s take it for mature-granted that we’d prefer enterprises be Pivotal customers than IBM/Red Hat customers. Now, let’s put that aside. This is an exquisite slide from their deck (https://www.ibm.com/investor/att/pdf/IBM-RED-HAT-Charts-10-2018.pdf): https://d2mxuefqeaa7sj.cloudfront.net/s_F8186D6801E202DEB03199A6D1F610BAB9CB91A2CFD988A2666F991EBC2E6CC0_1541067546607_image.png Easily the best corporate deck slide of 2018. First, this is a bold, good move. Acquiring Red Hat has always been a hill too high and it’s kind of mind-blowing that someone actually did it. The valuation here is sort of besides the point of anything impressive. In contrast, the GitHub valuation was impressive because GitHub is a one product company (please don’t email me about “community” as a separate product - sure thing, I agree). Red Hat is kind of everything IBM has missing…except public cloud. To be, I guess, contrarian and annoyingly not Pivotal-biased, I think it’ll be hard for IBM to fuck this up. On that last point, Ben Thompson (https://stratechery.com/2018/ibms-old-playbook/): “The company has spent the years since then claiming it is committed to catching up in the public cloud, but the truth is that Palmisano sealed the company’s cloud fate when he failed to invest a decade ago; indeed, one of the most important takeaways from the Red Hat acquisition is the admission that IBM’s public cloud efforts are effectively dead.” In other word, IBM is too late to catch-up to public cloud co.’s, it’d need to spend lots of capex to get close. Related, sick nerd burn: “Meanwhile, [IBM’s] aforementioned commitment to the cloud has mostly been an accounting fiction derived from re-classifying existing businesses” Fixing IBM’s cloud business. What was wrong in the first place? Things Red Hat has: RHEL revenue, JBoss developer presence, product/developer know-how, support know-how, OSS good-will, OpenShift as a k8s distribution: RHEL & IBM has a foot-print in most all enterprise stacks, but not public cloud(?) IBM knows how to eek out OS revenue, so does Red Hat. JBoss + WebSphere. At some point, IBM had a huge developer community. They likely do among enterprise developers (but even there, it’s been fading). Red Hat has developers - I assume. People do like kubernetes. The know-how and good will are interesting - added to IBM’s OSS equivalent (they still have that?) you have, potentially, the biggest OSS people around…? I’m not sure which standards bodies this allows them more control over, no which projects. Google and Microsoft are contenders here too. “Lock-in”: From the press release: “research shows that 80 percent of business workloads have yet to move to the cloud, held back by the proprietary nature of today’s cloud market.” (No citation provided. I will assume it’s from the Anonymous Galactic Research Board Whose IP Licensing Policy Prohibits Your From Citing Us By Name Because We Prefer to Peacefully Float In Space Like Those Rasta Dudes in William Gibson Books But The Good Early Ones Not The Weird In The Present Ones Except For the Blue Color of Bigend’s Suit Which Was Actually Pretty Cool - But Cuban Parkour Ninja Cults? Boy.) See also: Turns out Pareto was some kind of every single study ever genius. Shut it down, boys, turns out every survey result ends up in an 80/20 split. As ever, this topic vexes me. I take lock-in to mean: I don’t want to keep paying this rent-seeker, aka, “maintenance contracts - AMIRIGHT?.” I’m just interested in paying less. If you gave me a closed source offering that was free, I’d be just as happy. I don’t want to get trapped in an aging stack that isn’t evolving (e.g., I want to use node.js on UNIVACs, or something), so I need “the freedom to leave” to get the benefits of new technologies. I like having the source code for transparency, to make my own forks, and/or because rainbows and sandals. Like, seriously, what options do you have to move to? DIY stack - you’re going to take the IBM/Red Hat stack and run it all on your own, merging in new releases and patches, even forking and evolving it yourself. Will all the IBM stuff be available? What if you run on VMware or Azure or Softlayer? How do you rebuild that entire stack? So you just want to rebuild a little bit of it? If you throw OpenStack with KVM in there, plus whatever SDN and storage stuff you could get in open source, throw in some OSS network routing…you could get away with the only proprietary thing being chips and other rando hardware things. You’ll need some bare-metel BIOS/firmware update things. Begged question: how far (and up!) the stack do you want to be un-proprietary? Only use OSS Android on jail-broken phones? No iPhones, clearly, and toss out Safari, macOS, and Windows - maybe you can cruise in with some HTML5 stuff through Firefox and Chrome on the desktop and mobile, then on some Eclipse for GUIs? AWS, Azure, Google Cloud, AzureStack, Pivotal ready stack with VMware - perhaps you could take the thin k8s and PaaS layer from the Red Hat IBM stack and move it to those clouds? Will that work? Is it better, economically and innovation roadmap-ally than just sticking with IBM/Red Hat Alibaba and the other non-Western clouds. Same. MSPs like Rackspace. Maybe - the Rackspace people could just run whatever you want. See concerns of #1, plus the premium paid for “fanatical.” Maybe Rackspace has some SRE magic that allows them to do what you’d be doing at 80% of the cost, or something. I don’t understand this reasoning. How is IBM + Red Hat lack of “proprietary nature”? If I’m running an IBM/RedHat stack, can I just move off all my workloads over night, paying nothing to move and then run my workloads, like, perfectly? If I’m running on that stack, and then I want to move to Google Cloud, does that work? Where-else would I go? Can I just take my pods and throw them onto Azure? Also, if any of these are practically true - it’s a shitty business for IBM/Red Hat to be in, at least a huge risk for them to carry. Any time a customer cashes in on freedom to leave, that’s lost revenue to IBM/Red Hat. My point is: I wish we’d stop talking about lock-in and focus on more practical matters, namely, does the technology work, does it work in a good ecosystem/community (I can find and make it work with other stuff), does it evolve/innovate at a pace I like, and am I happy with the initial and ongoing costs. If the answer to all of those is yes, I don’t think people care about OSS versus closed. But what do I know, I don’t know such stuff, I just do slides. What really matters is getting the two sales forces to sell each other’s stuff, esp. accelerating OpenShift. The IBM sales force has to sell moving away from their traditional offerings (WebSphere, 3 tier, etc.) and instead sell modernizing to OpenShift. That’s fine, but a lot to ask. Also, the comp. plans might get dicey. Part of the point of modernizing is to reduce costs, implying a lower up-front deal-size and smaller ongoing deal-size. So, you’re asking the IBM rep to sell cheaper products, potentially. And if you’re not, see lock-in screed above on pricing. There’s not much upside to sales people here, aside from maybe holding onto an eroding market, but that’s years out, sales people are short-term focused by design. Red Hat sales people might fare better because they’re used to that deal size and can sell more; however, IBM sales people will resist these Red Hat people getting into their account and snatching their paper. All of this is not a killer, but likely the bulk of work that needs to be nailed to synergize maximally (my favorite type of synergizing). Brandon’s winners/looses, also O’Grady’s (https://redmonk.com/sogrady/2018/10/30/ibm-red-hat/). Cloud Earnings Amazon says AWS revenue jumped 46 percent in third quarter (https://www.cnbc.com/2018/10/25/aws-q3-results.html) Microsoft’s commercial cloud revenue jumped 47 percent in its fiscal Q1, but Azure growth slows (https://www.geekwire.com/2018/microsofts-commercial-cloud-revenue-jumped-47-percent-fiscal-q1-azure-growth-slows/) Google Cloud Revenue Boosts Alphabet’s Earnings - SDxCentral (https://www.sdxcentral.com/articles/news/google-cloud-revenue-boosts-alphabets-earnings-but-wall-streets-not-impressed/2018/10/) Relevant to your interests Oracle Open World 2018: CEO Mark Hurd says SAP ERP customers will defect (https://www.computerweekly.com/news/252451138/Oracle-Open-World-2018-CEO-Mark-Hurd-says-SAP-ERP-customers-will-defect) Atlassian reimagines Jira to herd cats, a.k.a. developer teams (https://diginomica.com/2018/10/24/atlassian-reimagines-jira-herd-cats-developer-teams/amp/) Serverless Architecture Market Size, Share & Trends Analysis (https://www.researchandmarkets.com/reports/4661572/serverless-architecture-market-size-share-and) Werner Vogels responds to CNBC story about Amazon Outage (https://twitter.com/Werner/status/1054901529478459392) Conferences, et. al. Nov 3rd to Nov 12th - SpringOne Tour (https://springonetour.io/) - all over the earth! Coté will be MC’ing Beijing Nov 3rd, Seoul Nov 8th, Tokyo Nov 6th, and Singapore Nov 12th (https://springonetour.io/2018/singapore). Nov 14th to 16th - Devoxx Belgium (https://devoxx.be/), Antwerp. Coté’s presenting on enterprise architecture (https://dvbe18.confinabox.com/talk/ASN-9274/Rethinking_enterprise_architecture_for_DevOps,_agile,_&_cloud_native_organizations). Dec 12th and 13th - SpringTour Toronto (http://springonetour.io/2018/toronto), Coté. Listener Feedback Jon from the UK said he got a new work laptop and needed some new stickers so we sent him some. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you a sticker. Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Recommendations Matt: The Dark Forest (https://www.amazon.com/Dark-Forest-Remembrance-Earths-Past-ebook/dp/B00R13OYU6/). Brandon: Frontline: The Facebook Dilemma (https://www.pbs.org/wgbh/frontline/) The Daily 10/31 — The Business of Internet Outrage (https://www.nytimes.com/2018/10/31/podcasts/the-daily/mad-world-news-facebook-internet-anger.html) Coté: Trick-or-treating in Amsterdam. Notablity still good.

Episode 59 - Dave Follis - WebSphere - 10.28.2018

Terminal Talk

Play Episode Listen Later Oct 29, 2018 33:14

Internet. Kinda useful. And if you're doing anything on the mainframe that talks to the internet, you're probably dealing with WebSphere. Want to know more? We've got Dave Follis here to help explain it all.

internet network enterprise terminal linux vm devops ipl mainframe tpf zos websphere zowe

Episode 59 - Dave Follis - WebSphere - 10.28.2018

Terminal Talk

Play Episode Listen Later Oct 28, 2018 33:15

internet websphere

Blockchain for Good : Jerry Cuomo, IBM Fellow, VP Blockchain Technologies

The Silicon Valley Insider Show with Keith Koo

Play Episode Listen Later Sep 14, 2018 38:44

The Silicon Valley Insider Show: Emerging Technology for Humanity. Thanks to all of our listeners on 1220AM KDOW, 860AM KTRB and podcast listeners in 87 countries. On this week's show, Keith Koo's special guest is Jerry Cuomo, VP of Blockchain Technologies and IBM Fellow. Hear Jerry's story of how he was one of the originators of IBM Websphere and then became the CTO for Websphere before discovering the promises of blockchain technologies which led to his leading all of IBM's research in blockchain, distributed ledger and IBM's membership in the HyperLedger consortium. Jerry talks about his passion for "Blockchain for Good" and gave Keith the very first interview regarding IBM"s new project addressing self soverign identity for healthcare called Hu-manity. Jerry also gives reference to the need for a directory or "yellow pages" for permissioned (like HyperLedger) and permissionless (decentralized) blockchains. First airing is 1-2pm on 1220AM KDOW Download the podcast at 2pm Friday's For questions or comments, email: info@svin.biz Be sure to subscribe and listen to the podcast. You can also listen to past podcasts here: Non-iTunes: https://omny.fm/shows/the-silicon-valley-insider-show iTunes: https://itunes.apple.com/us/podcast/the-silicon-valley-insider-show/id1282637717?mt=2 Email us at info@svin.biz or find us here: https://stitchengine.drishinfo.com/index.jsp?sId=15540&source=sh VC, Venture Capital, Angel Investments, Fundraising, Capital Raising, Investor, Human Rights, Wildfires

humanity investors blockchain ibm cto human rights fundraising wildfires venture capital hu blockchain technology capital raising hyperledger ibm fellow websphere jerry cuomo

Java EE Ebullience

Play Episode Listen Later Nov 26, 2017 57:34

A conversation with Erin Schnabel about: Beginnings of Java, Robots, Corba, RMI, WebSphere, OpenLiberty, OSGi, Java EE, Cloud Native, Microservices, Productivity and the 10 years cycle

robots productivity beginnings java microservices cloud native rmi corba java ee websphere osgi

053: Klipfolio on Building Engagement, Content Metrics, and Outsourcing Work

SaaS Insider

Play Episode Listen Later Apr 4, 2017 48:47

Building an audience isn't simple, especially when most of your sales are done via the website and clicks are critical. Mychell Mollot is a data-driven CMO who focuses on what brings the most bang for her budget. In this episode we talk about KPIs, audience building, and going from an enterprise to a startup. About Mychelle Mollot Mychelle loves technology and marketing, and marketing and technology… the order depends on the day. Currently she is the CMO of Klipfolio, a Cloud real-time business dashboard company, where she is responsible for Marketing and Product Management. Before Klipfolio, Mychelle was CMO for the Websphere and Business Analytics divisions of IBM where she launched the Smarter Analytics component of IBM’s Smarter Planet. Mychelle started her career as Geophysicist doing gold exploration in the Yukon. Mychelle has a degree in Engineering Geophysics from Queen’s University. Outside of work, Mychelle loves doing anything outside with her family, particularly kayaking, hiking and cycling. About Shira Abel Shira Abel is the CEO and Lead Strategist at Hunter & Bard (http://www.hunterandbard.com), an inbound marketing and branding agency. Clients include: Folloze, Totango, Cyara, Sarine Technologies, Pushbullet, AXA Tech, CloudEndure, AppsGeyser, Pitango VC, Allianz, and more. Creator and host of the SaaS Insider podcast. Creator of the Behavior Engineering Canvas. Mentor at 500 Startups. Former professor of Marketing for Startups at Tel Aviv-Jaffa Academic College. MBA from Kellogg School of Management. Loves family time, cooking, and traveling. Hates writing about herself in the third person. She lives in Silicon Valley with her husband, teen and tween sons and a very large Great Pyrenees. If you would like to be interviewed on SaaS Insider - please contact Shira at the URL above. The SaaS Insider podcast is brought to you by Hunter & Bard, a marketing agency specializing in design, branding, content and marketing automation – helping SaaS companies reduce their marketing debt. It’s also a member of the C-Suite Radio Network. Check out Hunter & Bard today at http://hunterandbard.com

Episode 30 - Dec 2015

Play Episode Listen Later Dec 21, 2015 82:33

Kito, Daniel, Ian and special guest Venkat Subramaniam discuss a wide variety of topics including JavaOne, Java lambdas, microservices, ES2015’s class syntax, and his new book, Pragmatic Scala (the second edition of Programming Scala). In fact, the discussion was so great that we skipped the new releases! They are, however, included here for your reference. UI Tier Neo4j_visual JSR 378: Portlet 3.0 Bridge for JavaServerTM Faces 2.2 Specification X-tags Released with Microsoft Backing PrimeFaces Elite 5.3.2 Released PrimeFaces Elite 5.2.15 Released PrimeTek Partners with T2 Software Extensions Project Joins PrimeFaces ICEfaces 4.0 AngularJS 2.x - Developer Preview Blog RichFaces 4.5.11.Final Released Persistence Tier Hibernate Search 5.5.1.Final Services (Middleware & Microservices) Tier Apache Karaf - Version 4.0.3 Beta: WAS Liberty beta with tools (December 2015) Plants by WebSphere example application Arquillian Liferay 1.0.0.Alpha2 Released HTTP/2 With JBoss EAP 7 - Tech Preview Arquillian OSGi 2.1.0.Final Released Immutant 2.1.1 Release Liferay 7 Alpha 3 Introducing the Launchpad Project (Developer Preview) eXo Platform 4.2.1 Enterprise released WebLogic Now Java EE 7 Compatible! Mobile Arquillian Droidium 1.0.1.Final Released Misc Arquillian Recorder 1.1.0.Final Released Discussion Microsoft open-sources Visual Studio Code, launches free Visual Studio Dev Essentials program JavaOne Recap Venkat’s talks Kito’s talks Microservices everywhere IoT Atlassian and Web Components Graal Multilanguage Shell Project page Java Oracle - https://jaxenter.com/oracle-and-javas-planned-obsolescence-121144.html Java serialization vulnerability - http://www.contrastsecurity.com/security-influencers/java-serialization-vulnerability-threatens-millions-of-applications Events No Fluff Just Stuff The Rich Web Experience December 1 - 4, 2015 ArchConf December 7 - 10, 2015 Minneapolis March 4 - 6, 2016 Madison March 11 - 12, 2016 Devnexus Feb 15th-17th - Atlanta, GA A few links added by Venkat: https://pragprog.com/book/vsscala2/pragmatic-scala https://pragprog.com/book/vsjava8/functional-programming-in-java https://www.agilelearner.com/

bridge alpha released plants enterprise java compatible microservices venkat visual studio code kito angularjs jsr javaone websphere es2015 minneapolis march

Episode 29 – Aug 2015

Play Episode Listen Later Aug 15, 2015

The challenges of programming with different languages plus new releases from JBoss, Spring, PrimeFaces, RichFaces, TypeScript, git, WebSphere, and more.

spring typescript jboss websphere primefaces

Episode 29 - Aug 2015

Play Episode Listen Later Aug 15, 2015 67:33

Kito, Daniel, and Ian discuss the challenges of programming with different languages plus new releases from JBoss, Spring, PrimeFaces, RichFaces, TypeScript, git, WebSphere, and more. They also discuss the rise of TypeScript as a popular alternative to other JavaScript transpiler languages, and the possibility that web assemblies will marginalize JavaScript altogether. UI Tier BootsFaces Mojarra 2.03 Milestone 2 Apache Wicket v7.0 Released Microsoft joins the Web Components world Part 1 Part 2 Geb 0.12.0 released PrimeFaces Signature Component PrimeFaces 5.2.9 Elite Released PrimeFaces Rio 2.0 and Modena 1.0.1 Released PrimeFaces 5.3 Roadmap Update RichFaces 4.5.7 Released TypeScript 1.5 Released Persistence Tier Hibernate Validator 5.2.1.Final* Apache Jackrabbit Oak 1.2.3 released Services (Middleware & Microservices) Tier Spring Framework 4.2 goes GA Spring Cloud Connectors 1.2.0 released Spring XD 1.2.1 Released Spring Security 4.0.2 Released Spring Boot 1.2.5 released Liferay Collaborates with Red Hat to Deliver Integrated Open Source Technologies Keycloak 1.4.0.Final released Amazon Aurora Announced WildFly 9.0.1.Final and 8.2.1.Final are released. Apache Jena 3.0.0 released WAS Liberty beta with tools (August 2015) Misc Apache Groovy 2.4.4-incubating Git 2.5.0 Released JDK 1.8.0u51 Release Notes Discussion Rise of TypeScript WebAssembly: a binary format for the web WebAssembly on GitHub Events JavaZone - Oslo, Norway - September 9-10, 2015 No Fluff Just Stuff Des Moines August 7 - 9, 2015 Raleigh August 21 - 22, 2015 SpringOne 2GX September 14 - 17, 2015 Atlanta September 18 - 20, 2015 Boston September 25 - 27, 2015 JavaOne - San Francisco, CA October 25th-29, 2015

spring milestone geb javascript red hat git modena typescript webassembly kito web components jboss websphere primefaces

Episode 25 – Feb 2015

spring apache kito websphere

Play Episode Listen Later Feb 22, 2015

Kito and Daniel cover new releases from HighFaces, GISFaces, Spring, Java SE/ME, WebSphere, Arquillian, Apache, and more.

Episode 25 - Feb 2015