Interview with David Blevins

We are very lucky that this May there will be a JCP Committee meeting here in Sofia and right after it jPrime will take place! And for both of these events our great friend David Blevins will be here! Just few days before them we have this amazing chance to make an interview with him! Enjoy!

Hey David! Thank you for deciding to give a talk at jPrime! Would you please introduce yourself?
Let me try a non title-driven answer to that question. I'm someone who has been passionate about Open Source and Java EE since 1999 and for some reason has never given up, quit, took a break or slowed. I believe fundamentally in the value of collaboration not just in open source, but in standards as well and know that any successes we're currently achieving in those two areas are small compared to our true potential. Both open source and standards have a way of uniting diversity for incredible industry gain, but suffer in sustainability when taken for granted. We all have a role to play. My own journey in that quest has lead me to co-found a few open source projects, OpenEJB, Geronimo, TomEE, become involved in the Java Community Process (JCP), found a company, Tomitribe, help launch the Eclipse MicroProfile and play a role in open sourcing Java EE as Jakarta EE. Aside from being CEO of Tomitribe, I serve on the Java Community Process Executive Committee (JCP EC), Eclipse Board of Directors and Jakarta EE Steering Committee.

You describe yourself as open source veteran and at the same time you run a business around open source products. Would you share with us your view on evolving open source and at the same time paying your bills?
The long and short of it is our discussions around open source need to go beyond the technical and its creators. There are several blindly obvious business opportunities there we are all persistently failing to see.

Let's use Apache Struts as an example. Looking at job posts on indeed, there are 1721 open positions for a developer with Struts experience. At say $80k/year that's $137 million dollars that will be spent in some way this year by companies using Struts. The Struts project itself has 10 people active in the last year, roughly 2 appear to be full-time, and 8 people who would love a Struts related job.

The first observation is all 1721 recruiters missed the 8 people on Struts who clearly would love a Struts job. They are not looking at the open source projects listed in their own job postings. The second observation is business plan to spend $137 million implementing struts, but less than $500k developing Struts itself (2 FTEs and 8 misc contributions). Do we honestly think only 0.3% invested in reuse is the cheapest way to develop software? Last year Equifax had a major Struts related security vulnerability and as a result lost $4 billion dollars on their stock price in one week. They could have avoided it in many ways, but not the least would be by employing someone on the project who could have told them in advance about the issue. They'd have reduced their hiring costs, reduced their development costs and avoided a major breach. Lastly there were 12,893 computer science degrees issued last year. That's 12,893 people who missed the obvious fact that contributing to Struts itself is the best way to both get experience and compete for those 1721 open Struts jobs.

The question is not how do we pay our bills, but how can we avoid losing millions or billions of dollars. Open source developers paying their bills should be the least of our concern. It only shows how still very primitive we are in an open sourced economy. We have open source developers, we need open source executives.

Your talk is about REST security. Why do you think security is so underestimated in most of projects and what can we do about fixing that?
The way we've done security in the last decade or two largely reflects the stateful and monolithic world we've come from. There was one team that only did security, just like there was one operations team. The trick is they are not the same people who go to conference and get excited about microservices and stateless architectures. Just like we've had to invent "DevOps" to unite to split worlds, we have the same challenge with security. That means educating developers in security like we've had to educate them in ops. It also means educating the security team on the kind of architecture we're aiming for and why.

In the talk we stay architecturally focused so both groups can benefit. It's not down into lines of code. We walk our architecture from a one-hop monolith to a four-hop microservice and see how shifting from something like basic auth to OAuth and JWTs we can go from the security layer being hit with 55% of traffic to more like 0.55% of traffic and actually achieve more security. Just like Bitcoin shows us you can have distributed money with no "central" bank, you can have distributed security. It's not that hard, you just need to understand a couple concepts and then its obvious.

Old concepts applied in a clever way and painfully simple when you get right down to it. It really boils down to education.

What do you like to do in your spare time (whenever you manage to find some)?
I love to play guitar. But since I don't really have time to practice or learn full songs, my favourite thing is to challenge my ear and play to the radio, Pandora or whatever people in the room like. I love when someone plays "DJ" and puts on songs or music styles they love, but I've never heard. Songs that change key are quite hard, but if they stay put and aren't too fast I can usually get there. A life goal for me would be Jazz. If I could get good enough to be a retired 70-year old Jazz musician with mean chops, that'd be bliss.

You come for the second time in Sofia. What are your expectations from both events that you are attending: JCP EC meeting and jPrime?
On the side of the JCP there are of course major changes happening with both Java EE/Jakarta EE and the shift to six month releases of Java itself. Java EE moving out of the JCP reduces the scope quite a bit. The six month releases challenges the typical JSR format as it often isn't know what will make the release till the end. JSRs were designed for a feature that's "done when it's done" and that isn't what we're doing anymore. So naturally we have a lot of talks about refocusing and adapting. These don't happen the same way over conference calls. I'm sure Sofia will be a very notable JCP EC event.

With jPrime, I'm of course looking forward to seeing the many amazing Bulgarian friends from our visit three years ago. I'd run out of fingers trying to count them. Bulgaria impresses me with the number of women that attend technical conferences -- usually triple of other countries I visit -- and the incredible passion of the tech community in general. There is no sense of entitlement, people work hard, they want to learn. They are also incredibly warm, generous and full of fun. If you've never attended incredible tech talks during the day and then danced in a big circle of 30 people at night, you're missing out.

Thank you very much, David! We are looking forward to meeting you in Sofia so soon!

Read More

Interview with Venkat Subramaniam

There are just few weeks before this Year's jPrime! Final preparations are made! To make this Sunday even more interesting we have prepared an interview with the world's most humble Java Superhero and definitely one of the best speakers of all the time – Venkat Subramaniam! Enjoy!

Hello Venkat! You will be for the second time in Bulgaria. For the first time you were here for a very special event jProfessionals: a Java day with Venkat, so how did you like the audience and the event itself?
The best part of that day was interaction with the developers. The day was split between lectures and workshop. Seeing the developers implement solutions was a lot of fun. I really liked the hands-on part of the day.

Through this year you are making your 50 50 tour throughout the world. Tell us a few words about this tour, how many countries have you been to and how more are you going to visit?
The idea to present at 50 user groups to celebrate my 50 years on this planet came when I was traveling to speak at Torun, Poland the week after my 49th birthday. I was overwhelmed by the support from various user groups, specifically from different parts of Europe. So far the tour has taken me to 16 different countries for the 44 user groups I've spoken at so far. That's six more user groups to go to reach the goal of 50.

The world is still obsessed with reactive, microservices and clouds. In your opinion, for how long? What you think is going to me the next big obsession?
I don't quite see these as obsessions honestly. Sure there are hypes just about everything we do. However, I think these technologies are very important parts of architectural decisions for developers and organizations to make. I've been observing reactive programming, for example, for about a decade now. I've seen it evolve from "that seems like a good idea" to "hey, look at these reactive libraries and how we are using them." If my assessment is correct, these will stay with us, in one form or another, for a very long time, much like OO, for example.

There are several things that have the possibility to become the next big thing. The one that I am most excited about, from the impact point of view, is augmented reality (AR).

Java 9 has just started its way, but without being widely adopted it is already outdated. How do you treat these huge changes, is this the correct time have them?

I don't think it is outdated by any means, at least not in the sense of what outdated means. Sure, we have a newer version of Java; I think having the frequent releases with smaller number of features makes more sense than the slow, delayed, colossal releases.

The adoption of Java (and many other languages as well) has been quite slow in different parts of the world, in different organizations. There are many reasons for this. I personally know of organizations that are still on Java 7 and yet some on Java 6. There are a number of reasons for them to cling on to older releases. At the same time, I also know organizations that are already beginning to use Java 10.

A lot of organizations talk about agility. For me sustainable agility is very important. The inability to adopt to a newer version of the languages may be an opportunity to look at some ways to improve on some technical practices, lack of which may be an impediment to achieve agility.

Your travel schedule is definitely incredibly tough. How do you survive with this amazing rhythm of life? What is your way to relax?

The travel is more tough on the body than on the mind. I'm thankful for the opportunity to meet, interact, learn from, and in a small way help so many developers around the world. I truly enjoy learning and sharing the knowledge. That desire and enthusiasm greatly offsets the troubles that come along with this profession.

I recharge very quickly. There is a high level of stress in our profession, we have to deal with machine and humans, and both have different challenges. It is very important not to let that stress overpower us. I do not take long vacations, but I take what I call as micro-vacations—a short hike up the hill early in the morning, a walk around the lake for an hour, a couple of hours of drive through the mountains, a dinner with a good friend, all of these help to recharge, relax, and relieve stress.

Lastly I reject any work that I do not care to do. There are so many things that are waiting to consume our time and suck the energy out of our lives. Once I identify something is not going to be productive, I quickly drop that so I can focus on what I really like to do, where I can provide real value. This also help to stay positive and energetic.

Thank you very much, Venkat! We can't wait to see you here in Sofia!

Read More

Interview with Simon Maple

We are continuing our interviews series! This time with our great friend Simon Maple! Enjoy!

Hi Simon! We are happy to have you at jPrime! Would you please introduce yourself?
It's my pleasure to be at jPrime! I'm Simon Maple, developer advocate at Snyk. I'm also a Virtual JUG founder and co-organiser as well as the London Java Community (LJC) co-organiser.

Your job is developer advocate. Can you describe what you usually do in that role?
It's a role that often means different things to different people. For me it focuses on three things, awareness, feedback and enablement. Awareness is fairly self explanatory really, as it's important to made sure that whether you're an advocate of a product, technology or API/service, developers around the world are aware it exists and what they can do with it. This can be achieved through content, videos, podcasts, webinars, community work, conference presentations and much more. The feedback part is very important and undervalued. As an advocate you do a lot of travelling and speak with a lot of users and customers, so it's important you understand how they're using what you're advocating for and what pain they're experiencing. This needs to be fed back to the product and engineering teams. Finally there's enablement. It's key that when developers use your product or service that they understand what they're doing and if they need help, they can get it. Enablement is providing the information they require to achieve exactly this. Content like how-to's, tutorials and other such things can be created to achieve this. So my role is very broad, but I try to achieve as much of this as I can fit into my week!

You are also known as the Virtual JUG founder. Would you tell us more about that community?
Around 4-5 years ago I realised it was hard to me to get into London to catch an LJC session and get back home in any reasonable time, as I live outside of London. This becomes particularly hard when you have a family and travel a fair bit anyway. I thought I'd create a virtual community that provides similar content for the world's top speakers and try to build a community around that. Today, we have over 15,000 members, run regular sessions, book club events, hack days, and even a 24 hour virtual conference. Of course it takes a team to achieve this and we have Oleg Shelajev, Roberto Cortez, jPrime's very own Ivan St. Ivanov, Anton Arhipov and Alaina Tucker who all help keep the community running.

Recently you joined a company that analyzes open source projects for security issues. Could you tell us more about the problems that you are tackling?
Yes! I'm really excited about working for a company that I feel really makes a difference on the software world. Snyk finds and fixes known vulnerabilities in open source dependencies. This is a big deal these days as *everyone* uses open source projects and very rarely do you hear anyone even know which dependencies (including transitive dependencies) they have pulled into their project, let alone whether they know about the security implications. Our challenge is to keep the value of developers using open source dependencies, but making sure they do it securely by finding and fixing vulnerabilities throughout the CI/CD pipeline from development through to deployment.

You do something in your free time, right? What is that?
As a developer advocate I travel a fair amount, so I try to spend every second of my free time with my family. When I don't travel I work from home, so I get to see my wife, Liz and two boys Joshua and Oliver a lot of the time. My weekends are very precious to me and we always try to go out as a family, very often to Legoland!

Thank you very much, Simon! Looking forward to meeting you here in Sofia soon!

Read More

Interview with Sebastien Blanc

Traditionally , one month before the jPrime Conference we are starting our featured speakers interviews series! The first one our great friend Sebastien Blanc! Enjoy!

Hello Sebastien, can you please introduce yourself?
Hi ! I'm Sébastien Blanc, I'm half dutch half french and I'm a Principal Software Engineer. I'm located in the south east of France , on the Riviera and I work for Red Hat on the Keycloak project.

In Red Hat you are now working on KeyCloack project. Please, tell us few words about it. Why should people start using it?
Security is hard and painful, and worse, you will probably implement it the wrong way, believe me. Keycloak will remove these constraints and handle for you the user management layer, including authentication and authorization. As I will show it during my talk, it's really easy to setup : unzip the Keycloak server, run it, add the adapters to your apps (front or back), define your security constraints and you are good to go !

You are highly involved in programming for kids initiatives. You also do co-present with your daughter quite often. What do you think is a good age to start coding?
Teaching code to kids is becoming more and more a real passion for me. My advice is to start with your kids when they are around 8 with Scratch. But it's really - and I insist on "really" - to not force them. For instance, my son is almost 10 and until 2 months ago he was absolutely not interested in coding. For some reasons, he got the trigger a few weeks ago and now he is unstoppable. Before 8, you can try Scratch Junior but it's only available on tablets.

My other advice is to let the kids as much as possible discover by them self how things work. Give them a quick demo on how Scratch works and then let them alone for 1 hour. When you will come back, you will be impressed by their creativity, believe me.

How do you spend your free time? Do you have any other hobbies except programming?
In my free time, when not spending time with my kids and wife I practice Kobudo, an old martial art from Okinawa. I also love retro gaming and built this arcade table last year : ... And , oh I'm an absolute fan of Half-Life ;)

Thank you very much, Sebi! See you soon in Sofia!

Read More

jPrime 2018 videos

The videos as always are in the Bulgarian Java User Group's youtube channel.
Read More


Contact us

+359 887 749 325