Key Takeaways From JavaOne 2017 Talks

Key Takeaways From JavaOne 2017 Talks

Here are some of the key takeaways that I learned from the talks I attended at JavaOne 2017:

How to Use Java Cryptography API Securely

by Mansi Sheth (video)

The Java Cryptography API is quite powerful and up-to-date as of Java 8, however there are some pitfalls when using it. Mainly, the JavaDoc examples and API defaults tend to use insecure, old crypto standards. Also for backwards compatibility, the Crypto API provides options that are not recommended or are insecure or deprecated. However, the API does provide modern, secure crypto options, so developers should check the best practices to ensure that they are using modern options before employing the Cryptography API.

Servlet 4.0: A New Twist On An Old Favorite

by Ed Burns and Shing wai Chan (video)

Servlet 4.0 supports HTTP/2 and specifically Servlet Push. Servlet Push allows the servlet to send resources such as CSS and JS to the browser along with the html response to avoid unnecessary extra requests. Frameworks such as JSF will be able to take full advantage of this feature since they know which resources their view requires before returning the response. Servlet 4.0 has also added support for the HTTP trailer—which can be used to provide a checksum for the response among other things—and mapping discovery which can be used to determine how the current servlet was obtained.

JavaOne Monday October 2, 2017 Keynote (video)

  • Intel is optimizing hardware for Java and has released a few open source libraries for use cases such as persistent memory.
  • Java is still one of the world’s most popular programming languages.
  • Oracle is providing the open-source Fn project to support serverless computing.
  • Oracle JDK and Open JDK will be merged.
  • Java SE 9 provides a new module system and linker so that smaller custom JRE’s can be built to include only the modules that are necessary.
  • Java SE is now on a 6 month release cycle.

Understanding Java Garbage Collection

by Gil Tene (video)

There are many options for garbage collection strategies in Java including copying collection or mark -> sweep -> compact. It’s difficult (but possible) to implement a responsive garbage collector that does not pause the entire JVM while performing garbage collection (since memory is still growing if the JVM is not paused). Testing garbage collection is difficult since many JVMs will attempt to delay garbage collection as long as possible (usually until after the test is done).

The Secret Sauce of Successful Teams

by Sven Peters (video)

Good teams provide psychological safety to explore (potentially bad) ideas and make mistakes. Good teams have at least some overarching schedule and an ability to grade themselves on whether they accomplished their goals (for example using OKRs).

JSF 2.3 in Action

by Kito Mann

JSF 2.3 includes many new features features and additions (several of which were contributed by community members Bauke Scholtz and Arjan Tijms). To name a few: f:websocket, h:commandScript, f:importConstants, ui:repeat begin, end, and step attributes which allow for iteration without a data model, and CDI injection of JSF objects like FacesContext. For a more complete list, see Arjan Tijm’s blog post What’s new in JSF 2.3?.

The Art of Performance Tuning

by Jonathan Ross

Since Java and the JVM are so complex, use the scientific method rather than intuition to test and improve performance. The Open JDK JMH framework allows developers to write performance regression tests.

Java Secure Coding Guidelines

by Sean Mullan

Oracle provides Secure Coding Guidelines for Java SE. Deserializing untrusted data can allow remote or malicious code to be executed on the JVM.

The Power and Practicality of Immutability

by Venkat Subramaniam

Immutability can make code simpler to reason about, allow compiler optimizations, and be exploited for easy parallelism.

SSL/TLS for Mortals

by Maarten Mulders (video)

Encryption allows for secure interactions on the web. Certificate authorities are needed to verify that data is being sent to legitimate sites. However, certificate authorities can be compromised, so browsers need to keep up-to-date information on trusted certificate authorities as well.

Scale Up With Lock-Free Algorithms

by Roman Elizarov (video)

Lock-free algorithms can be implemented with atomic variables using the compareAndSet() method inside a while(true) loop. Lock-free algorithms tend to perform better than locking algorithms in read-heavy real-world scenarios (as opposed to write-heavy).

The Anatomy of Java Vulnerabilities

by Steve Poole (video)

Vulnerabilities include bugs, features, and developer tools that a hacker can exploit.

Portlet 3.0 Deep Dive (Teaser)

I’m planning on including the Portlet 3.0 Deep Dive video in a larger blog post about Portlet 3.0 in general. So look forward to that soon.

Conclusion

One of the biggest takeaways from JavaOne was the commitment to open sourcing even more technology including TCKs and specifications that are moving to the Eclipse Foundation (as EE4J). Learning about all these technologies and best-practices was fun, but the best part of JavaOne was talking to JavaEE experts like Kito Mann and Ed Burns and listening to the problems that JavaEE devs are solving today.