Category Archives: Conferences

[2022 javaone] java first, java always

Posted on by
Reply

Java keynote

For more see the table of contents

George Saab

Java SVP

  • Themes: Performance, Stability, Security, Compatability, Maintainability
  • Balance conservatisim (compatibility/don’t alienate users and innovation (adapting to change/fixing mistakes
  • Six month releases have 5-17 JEPs
  • Amber – developer productivity – readability/writable, less code
  • Leyden – reduce start up time
  • Loom – massiely scale lightweight threaes
  • Panama – Easier I/O with non-Java
  • Valhalla – better memory densitiyt thru value types
  • ZGC – low latency garbage collector on large heaps
  • JMS Discovery Service now free (basic features)
  • Java 17 benchmark 64% faster than Java 8 benchmark
  • Java SE subscription enterprise performance pack – built in drop in replacement for Java 8
  • New shorter URL openjdk.org

Power of Clean Code -Olivier Gaudin

CEO, SonarSource

  • Better predicitiblity and repeatability
  • Empahsis on tooling doesn’t yet help us developer better software.
  • Necessary, but not sufficient. Need great code.
  • 42% dev time spent remediating bd code and tech debt
  • 59% devs believe too much time is spent debugging vs innovating
  • Software rewrites cost 3X more than estiated
  • 90% security incidents from poor coding practices
  • Quick feedback loops are more recent.
  • Developers should own code. For existing code, clean over time. Quality gates ensure new/touched code is clean. After year, should have touched 20% of code. Ater five years, 40-50% clean.
  • Happy devs, happy teams

Perforance – Naren Nayak & Michael Vidstedt

  • Ampere AI instances – built for Oracle cloud
  • 15% faster Spark
  • 20% lower latency for Cassandra
  • 29% higher throughput on enterprise class benchmarks
  • 46% better price performance
  • 16% heap size reduction
  • 47% improvement CPU utilization
  • 40% better UI workload performance
  • 22% rest workload performance
  • Non cloud saw 20-30% improvement on real apps

Graal – Eric Selar

  • Donating GraalVM code to OpenJDK
  • Aligning with Java release model and licensing

Community Sharat Chander

  • Did survey on how long people using Java. A lot were 10+ and 20+. And a good number of 27 years folks!
  • 1.8 million stak overflow qustions
  • 360 user groups
  • 355 Java champions. 50 new this year
  • 1 million Java certs (hit this year)
  • had JUG leaders and Java champions stand. Now I see why he wanted us in the front!
  • Bruno Souza – lifetime achievement award. Nice to see he had his Brazilian flag cape on

My take

I like that Oracle blocked off the back half of the room on entry so people sit further up. And also that they had reserved seating for JUG leaders and Java Champions. Finally, I like that they had closed captioning in the keynote. The content represented a good kickoff. Lots of ground covered and lots of announcements

JavaOne 2022 Table of Contents

Posted on by
Reply

First post-COVID JavaOne! They did a great job of making places for developers to connect, something we’ve been missing. The exhibit hall had a big space for games, sitting and networking. I won a stuffed dolphin in the claw game. And I got to spent *a lot* of time networking/hallway track

Tuesday

Wednesday

Thursday

[kcdc 2022] insider threat : what is social engineering

Posted on by
Reply

Speaker: Crux Conception @cruxconceptoin (pen name)

For more, see the table of contents

On walking in

  • He asked what talk was in the room and teased people about giving too much info
  • Also commented there is too much info (wifi password) on the badge

Social Engineering

  • Ability and talent to connect with emotion
  • Can be offline or online
  • We all do it. Ex: lying about what movie you want to see.
  • May earn trust
  • Goal is to do something or gain data
  • Highly evolving method
  • Teaching in college now

Examples

  • Anonymous test messages with links
  • Facebook messages asking where from

Exercises

  • Phishing – say have tickets but didn’t plan trip. Asks for employee id to confirm. Also gave up name by confirming it and said interested in going to Budapest (came from screensaver), – Called you so already know name.
  • Team building – where grow up, how many siblings and unique challenge from childhood. Think about how much you disclosed and if you held anything back.
  • Scenario where pen tester tries to get in building. Try to get someone to let you in. Most people say take to security or get security
  • Scenario – pen tester pretends changed auto pay info and asks for employee id
  • Companies have offices all over US. Try to get id number by calling Miami office and speak to receptionist then victium

Useful insider info

  • Knowing how much a company would pay to recover from an attack
  • Ids
  • Names
  • Departments

Attacks

  • Fill in the blanks
  • Spoof text message numbers
  • Israeli software to crack phone. Don’t even have to click link anymore. Get access to phone just by sending a SMS.
  • 40% of major companies reported industrial espionage incidents in 2016
  • Ex-employee stealing self driving car info from Apple. We focused too much on China. More African students in US than anywhere else.
  • Leaking is making info public. Info is power. Have goal.
  • Spilling is like leaking without intent.
  • Sharing info at conferences. Ex: where you work.
  • Russian and China trying to steal COVID vaccine research using malware and spear phishing
  • Twitter hack on Obama/Biden/Bezos.etc, Trying to get money. Got data from internal employees
  • Fake social media

Espionage

  • Steal sensitive data
  • Espionage is like a double life
  • Affects personality
  • Traits (thrill seeking, sense of entitlement, desire for power/control) are also found in politicians and CEOs
  • Helpful to be calm (see in tech a lot) and strong sense of responsibility
  • May have regrets after
  • Logical at the time
  • More life crises because more than one personality

Tips

  • When someone calls and says “is this Jeanne”, ask who it is rather than confirming
  • Be cautious when people ask you a lot of questions
  • No defense. Just try to avoid answering too many questions.
  • Be careful if they initiate call.
  • Think about info they should now. Ex: HR has employee id already

Human Traits

  • In psych, organized means have life together.
  • Psychopath – born that way. Sociopath – traumatic event started it

My take

Crux is an ex-cop. I like that they had someone from outside development for a different perspective than we usually get. He’s a good speaker and kept it interactive. The scenarios were fun to think about.