JavaZone 2018 – my summary

JavaZone, one of the biggest European Java conferences, is now over. I was able to take part in it using my conference allowance at Kahoot!. Although the ticket is fairly expensive (around 8 500 NOK for a late-bird ticket), in my opinion, it was a very good conference.

Let’s start with a couple of things that I really liked about this conference or which differed from my previous experiences:

Overflow zone

The conference took place in Oslo Spektrum, a big venue right next to Oslo central railway station that hosts mostly concerts. Some of the seats on the balcony were converted into a zone where one could watch streams from all 7 rooms and listen to the sound on a headset. You could choose which talk to listen to by changing the channel on an IR device. That meant that it was possible to peek at other talks and if the one that you were listening to at the beginning felt not really suited for you, you could quickly change without causing any commotion in the rooms. It was a very popular zone, and, to be honest, I watched all the talks from there. It still differed a bit from watching the conference online – you still could catch the speaker to ask some questions after all. I’d love to see it at more conferences.

The food

There were (I think) 7 restaurants from all over Oslo that set up makeshift kitchens in the main hall. Each of them was sponsored by one of the companies that had booths next to the restaurant and a huge banner behind.

The food was amazing and included in the conference ticket.

This, for instance, is a lamb wrap in a lefse – Norwegian potato bread.

To add to it, there were coffee stands all over the hall and on the hallways. You could also get some soft drinks, ice cream from two different providers (one with an optional bacon topping) and the Norwegian police booth was living up to the stereotype, serving donuts.

A different community

It felt like the JVM community that assembled at JavaZone, compared to Confitura that I visited a few months ago, was a bit more experienced and definitely more diverse. That’s not that surprising given that it’s in Norway. The speakers were also coming from all over the world, though of course, the most were from Western Europe. While there were talks in Norwegian, the majority of the talks were conducted in English.

A different approach of the companies

Of course, they were recruiting there as well. Compared to Confitura though, the stands were not filled with multiple jobs postings and the swag was less visible too. Instead, many companies organized something for the developers to play with. There was a toy railway, a pretty huge RC car track, pinball machine, several retro consoles, quite a lot of lotteries and one company was hosting kahoots, giving out money (1000 NOK for the winner on each break, 10 000 NOK for the final kahoot of the day). There was also a so-called IT-championship in table tennis.

So was it worth it?

I would have a hard time paying for the conference by myself, but if you have a conference budget that can cover for this one or enough money to fly to Oslo, pay for the conference and spend 2 days in Norway – sure!

My notes from the talks

Below you can find my quite chaotic notes from the talks I watched. If you want to watch them, some of the videos have already appeared on JavaZone’s program site and more are bound to come. Because of the Overflow space, at some slots there could be up to 3 talks that I have been following simultaneously.


Transactions and Concurrency Control Patterns – Vlad Mihalcea

  • There are more than 4 transaction levels – skew write, dirty write…
  • Description of concepts such as 2PL, MVCC

JDK 9, 10, 11 and Beyond: Delivering New Features in the JDK – Simon Ritter

  • JDK11 goes out in 2 weeks
  • LTS release every 3 years
  • Oracle JDK starting from JDK11 can be used on production only with a commercial support contract!
  • If you want it for free, use OpenJDK, but OpenJDK has a new version every 6 months and after 6 months they’ll stop updating it
  • Versions can introduce breaking changes
  • JDK12 is supposed to contain some changes in switch statements

The state of Jakarta EE – David Delabassee

  • What was known as Java EE -> Jakarta EE and goes into hands of Eclipse
  • A bit more focus on microservices is planned
  • Still sounds like it’s in the initial formation phase

Good Service: Detect and avoid errors in the world of microservices – Martin Lehmann

  • How (the Norwegian equivalent of Poland’s OLX) is monitoring their microservices
  • They don’t have an operations team, someone is on call instead
  • Extensive use of dashboards, metrics
  • Each team defines core metrics that are important for their service to work
  • On-call person monitors the metrics during their shift
  • If metrics are red, documentation contains explanation what fails and whom to contact if that’s something that cannot be fixed by the on-call person

Common API security pitfalls – Philippe de Ryck

  • Some things that are covered by OWASP Top 10 too
  • Sessions are okay for the smaller / mid-size applications, we don’t always need not to use them
  • Same with cookies – but add CORS if you use them
  • Domain whitelisting also in client – we don’t want to send our auth headers to random backends

Lost in transaction? Strategies to deal with (in-)consistency in distributed systems – Bernd Rücker

  • ACID 2.0
  • All operations should be idempotent – a transaction id might be helpful for that
  • With 2-4 microservices in the loop, they can send pass messages onwards
  • That means that if we want to change the order, we need to redeploy them all at the same time
  • Another option is to use orchestrators which is a popular approach recently
  • They send messages to each of the services separately
  • BPMN for the win

How to break into your application: A live hack – Simon Maple

  • Sample apps with vulnerabilities
  • Break out of zip file and insert a file somewhere into the system
  • Famous Struts vulnerability (remember Equifax?) shown live
  • Spring Break – vulnerability in Spring Data REST
  • Update your dependencies!
  • Snyk – a tool to analyze dependencies and fix outdated ones


Databases are Like Onions: Commit Logs in an Age of Microservices – Tim Berglund

  • Every database is basically a commit log
  • Introducing Apache Kafka as a way to create a commit log that can be read by multiple consumers and scales nicely
  • Do we really need a database at this point?

All you need to know and check before accepting a job offer from «The Next Unicorn» – Svetlana Bozhko

  • Going through what’s in the package for developers that start working for smaller startups
  • You’ll likely get some general knowledge about everything, but nothing specialist
  • If being one or very few or only dev in the team (often as CTO), you might not develop that much as an engineer, but more towards entrepreneurship
  • Choose places that do something interesting, appealing to you, not copycats

Springing into Kotlin: How to Make the Magic even more Magical – Mark Heckler

  • Spring Boot starters already can work with Kotlin classes
  • Kotlin = less boilerplate for a spring boot microservice

Tracking the Swedish Election, or how to make your hobby project successful – Hampus Nilsson

  • Author of
  • It’s your pet project, nobody’s going to read your code
  • Use dirty hacks, it doesn’t have to be perfect
  • Use technologies that you’re familiar with if you want to achieve results
  • Learn technologies at work if you can, not at home…
  • Unless your project’s purpose is to learn a new technology. Then pick one and do the rest in familiar stuff or assume it won’t get finished and it’s likely not to go far enough for you to learn anything
  • 9 out of 10 startups with fresh ideas fail. 5 out of 10 startups that copy others don’t

It’s about time – Christin Gorman

  • Hilarious introduction into all the potential problems related to the absurd, legacy system that we all deal with (which is our global date/time system)
  • Which classes should be used in Java to store date/time and how to deal with storing date/time in DBs (namely PostgreSQL and MS SQL Server)
  • Storing in UTC is almost always a good idea
  • What might be hard – comparing results (i.e. stores sale volumes) by day between various timezones

Java Modularity: the Year After – Sander Mak

  • Over 80% of developers are still using Java <= 8 on production
  • Only 20% of the developers that use JDK 9+ are using modules at all
  • Adoption of JDK9 is much smaller than JDK8 was at this point after its release
  • Mostly because it contains changes that aren’t so useful to developers’ daily work
  • From new packages pushed to Maven Central during 3 weeks in August ‘18, only 1% was using modules and 9% had at least Automatic-Module-Name to reserve their module name. That means 10% packages were module-aware at all
  • The author suggests that JDK11 is more likely to gain traction because of the LTS

GraphQL – The Next API Language – Niek Palm

  • Introduction to GraphQL and how to use it with Spring Boot
  • Mostly describing how features like filter work and how to mutate objects

Native Agile Psychology of Teams and Individuals – Valerie Andrianova

  • I mostly switched on and off this talk for some time, so I might have the full notion here
  • It sounded mostly like a description how JetBrains are doing their development and keep their devs happy

Podróż na żywo – Confitura ’18

Nie ma to jak wyjazd z zaskoczenia! W środę zwolnił się jeden bilet na Confiturze, na którą wybiera się też Kasia, więc ekspresowo zorganizowałem podróż dla mnie. Weekend spędzam więc częściowo w Warszawie, a relacja na żywo z Confitury i ogólnie wyjazdu będzie tu na blogu. Zaczynamy dziś około szesnastej. Zapraszam na wspólną podróż na żywo!

Kiepski pierwszy dzień w pracy

Ktoś miał wczoraj bardzo zły dzień. Młodszy programista pierwszego dnia pracy w nowej firmie przez pomyłkę… usunął bazę produkcyjną tej firmy. Został natychmiast wyrzucony z pracy, a CTO poinformował go, że najprawdopodobniej w sprawę zaangażowany zostanie dział prawny, bo przywrócenie backupów okazało się problemem.

Ze strony programisty błąd nie był zbyt duży. Skrypt, który dostał, aby przygotować mu bazę testową, na koniec zwrócił dane bazy danych. Programista wziął do konfiguracji jednak dane z dokumentu, który otrzymał – jak się okazało, dane produkcyjne. Uruchomienie testów jednostkowych aplikacji wyczyściło bazę, którą podał w konfiguracji – a która okazała się być produkcyjną.

Prawdziwy problem leży jednak po stronie firmy. Dane do produkcyjnej bazy danych nie powinny być dostępne dla programistów. Konto użyte do zrobienia backupu produkcyjnej bazy nie powinno mieć prawa zapisu do bazy. Po takiej akcji CTO zdecydowanie nie powinien winić o to programisty. Oh boy, długo mozna wymieniać.