A few weeks ago, we participated at Voxxed Days Cluj-Napoca, and we promised to come back with some afterthoughts. Two of our colleagues volunteered to talk a bit about their impressions. Alex, one of our experienced developers and Laszlo, our senior architect exchanged ideas and we thought it would be interesting to see 2 different point of views of the same conference.
Now, Laszlo, you have participated at a many conference, haven’t you?
Laszlo: I was at Spring I/O, DevOps France, DevOps Belgium, QCon… so yeah, a few over the years.
What do you think of the Voxxed Days conference?
Laszlo: Voxxed is somewhat related to Devoxx, the latter being one of the biggest international conferences focusing on Java & Cloud technologies, while Voxxed Days is its smaller, more local sibling. If you compare the speakers and topics, I think there are many overlaps between the two. It’s nice that the latter is organized here in Cluj-Napoca, already since a few years, so that you don’t have the overhead of travelling to be present (which is great when you have kids). The speakers, both local and international and their presentations were good.
Did the conference live up to your expectations?
Alex: This was actually my first time at a conference in IT field and it was great opportunity to learn new things and to deepen my knowledge on the topics I was already familiar with. I didn’t really know what to expect, but it turned out pretty awesome. The quality of the talks and the invited speakers were all great! The main thing I was hoping for was to hear new ideas, to have speakers who can explain ideas easily and for the atmosphere to be friendly.
Laszlo: Some of the presentations were very good, others not that much. When there are multiple tracks at the same time, it’s often hard to choose the best matching one. Some were related to technologies we don’t use nor plan to use mostly because they would lead to solutions which are prone to vendor lock-in or would not be sufficiently maintainable. Also, something I’ve realized over the years, speaking of all the conferences, the companies behind the presenters often advertise their products, advertise their open positions, or try to sell their consultancy services. Therefor it's sometimes difficult to grasp a clear message from such talks. After a good presentation you can continue discussions on the same topic with your colleagues or people you know from other companies, so it’s a good occasion for both internal and external networking. Also, a good occasion to pose your questions to presenters/trainers.
Which were the most interesting workshops/presentations you’ve participated at?
Alex:One of the most interesting presentations was held by Gerrit Grunwald, where he presented CRaC, an OpenJDK project, for a superfast JVM start-up. The speaker was really friendly and explained things in a beginner friendly way with examples and live coding, which made it easier for me to follow. Also, the first keynote: Wired! How your brain learns new (programming) languages by Simon de Gijt was interesting.
Laszlo: From the presentations I would point out 2: one related to Supply Chain Security. Here the takeaway was that whenever you are building an application, especially when using libraries and frameworks (as we do), your own code is around 2-3% (of the total lines of code). The rest are external dependencies, starting from the cloud provider operating system, build tools and libraries and frameworks. And until recently, everybody trusted all these by default and now, with the rise of the DevSecOps, these dependencies (and the build pipelines and also the code related to infrastructure as code) are supposed to be checked more thoroughly. I never thought before about the fact that our own code is such a small piece part of the applications, and the rest are trusted (open source) components just pulled from the public internet. We must have been naïve trusting all these earlier. 😅 We need to prepare even more to prevent breaches like the SolarWinds attack, ransomware or malicious attacks.
Another one was about Quality attributes, so in general, how you should design your architecture/components based on the attributes of the system (functional and non-functional requirements) and I was surprised that there are local companies that offer consultancy related to this. It’s a bit of a heavy process requiring lots of discussions with the business stakeholders, you must understand the short-term plans, the long-term plans from their business vision and based on that you can optimize how you design the application/platform you build for customers. I was happy to see that this kind of talks are also taking place here, normally something you would see at QCon, which is more focused on architecture.
Which were the learnings you came home with?
Alex: For example, from Simone de Gijt – to learn something and for it to stick to your memory, you need to practice. For example, if you have to write code, and you don’t know the solution, you google it and you copy paste it, right? Well, this doesn’t really help you. After a week you have to search for the same solution yet again, because you forgot it. The best way to keep in mind that piece of code is to write it down manually. This way it is stored in your long-term memory.
Which were the perspectives that made the most impact on you?
Laszlo: I’ve heard a few new things which are worth further exploring. At the Kubernetes Workshop I refreshed a bit on my earlier plays with Kubernetes and heard about many related tools. Also, I was happy to get an easy-to-digest update on the status of Spring Authorization Server, an open-source project. It was great to get the content served in 1 hour including a bit of project roadmap and release plan. I consider trying it out in a next project, just because it’s lighter than hosting (or configuring) a full-blown IAM solution (like Keycloak or Gluu). It seems to be a good match for smaller projects already in its current phase and it will allow plugging in a more complex IAM solution in a later project phase.
What eye-opener do you think COERA should pay attention to?
Laszlo: Obviously, the supply chain security is something we need to really act on, and it’s not really a surprise. During our ISMS (ISO27001) process, we discussed about that a lot, and it should be time to put more things in practice. We should invest more work in securing build pipelines and in general pay more attention to the security aspect on each step in the software development lifecycle process.
Any famous last words?
Alex: Participating in a conference should be a no-brainer. It is a great opportunity to hear about new things, to socialize and to discuss ideas. It’s a day of working a bit differently. You go to talks, you take pictures, have fun and make connections. All with one goal in mind: to learn something new.