[2022 javaone] log4shell where were your bug detection tools

Speaker: Munawar Hafitz

For more see the table of contents

  • we remember log4shell
  • Path analysis
  • Deep calls
  • polymorphism
  • Didn’t blog on this but Open Refactory presented about Log4j. (felt very commercially). Presented Apache Commons vulnerability as ”next Log4jShell” (it doesn’t look anywhere near as bad. per this article, it afects a specific API)

My take

This was mostly a commercial for OpenRefactory. I didn’t blog about the commercially parts

[2022 javaone] java first, java always

Java keynote

For more see the table of contents

George Saab

Java SVP

  • Themes: Performance, Stability, Security, Compatability, Maintainability
  • Balance conservatisim (compatibility/don’t alienate users and innovation (adapting to change/fixing mistakes
  • Six month releases have 5-17 JEPs
  • Amber – developer productivity – readability/writable, less code
  • Leyden – reduce start up time
  • Loom – massiely scale lightweight threaes
  • Panama – Easier I/O with non-Java
  • Valhalla – better memory densitiyt thru value types
  • ZGC – low latency garbage collector on large heaps
  • JMS Discovery Service now free (basic features)
  • Java 17 benchmark 64% faster than Java 8 benchmark
  • Java SE subscription enterprise performance pack – built in drop in replacement for Java 8
  • New shorter URL openjdk.org

Power of Clean Code -Olivier Gaudin

CEO, SonarSource

  • Better predicitiblity and repeatability
  • Empahsis on tooling doesn’t yet help us developer better software.
  • Necessary, but not sufficient. Need great code.
  • 42% dev time spent remediating bd code and tech debt
  • 59% devs believe too much time is spent debugging vs innovating
  • Software rewrites cost 3X more than estiated
  • 90% security incidents from poor coding practices
  • Quick feedback loops are more recent.
  • Developers should own code. For existing code, clean over time. Quality gates ensure new/touched code is clean. After year, should have touched 20% of code. Ater five years, 40-50% clean.
  • Happy devs, happy teams

Perforance – Naren Nayak & Michael Vidstedt

  • Ampere AI instances – built for Oracle cloud
  • 15% faster Spark
  • 20% lower latency for Cassandra
  • 29% higher throughput on enterprise class benchmarks
  • 46% better price performance
  • 16% heap size reduction
  • 47% improvement CPU utilization
  • 40% better UI workload performance
  • 22% rest workload performance
  • Non cloud saw 20-30% improvement on real apps

Graal – Eric Selar

  • Donating GraalVM code to OpenJDK
  • Aligning with Java release model and licensing

Community Sharat Chander

  • Did survey on how long people using Java. A lot were 10+ and 20+. And a good number of 27 years folks!
  • 1.8 million stak overflow qustions
  • 360 user groups
  • 355 Java champions. 50 new this year
  • 1 million Java certs (hit this year)
  • had JUG leaders and Java champions stand. Now I see why he wanted us in the front!
  • Bruno Souza – lifetime achievement award. Nice to see he had his Brazilian flag cape on

My take

I like that Oracle blocked off the back half of the room on entry so people sit further up. And also that they had reserved seating for JUG leaders and Java Champions. Finally, I like that they had closed captioning in the keynote. The content represented a good kickoff. Lots of ground covered and lots of announcements

JavaOne 2022 Table of Contents

First post-COVID JavaOne! They did a great job of making places for developers to connect, something we’ve been missing. The exhibit hall had a big space for games, sitting and networking. I won a stuffed dolphin in the claw game. And I got to spent *a lot* of time networking/hallway track

Tuesday

Wednesday

Thursday