Types for the Web

As planned with Michael and Philipp, we spent last night hacking on a brand new small project.
Michael brought initially a nice idea: a recorder/player for HTTP requests that we can replay against the server, but also mocking the server for client tests. We started a repo but Philipp found that something similar already exists: http://freeside.co/betamax/

So, we found a new idea: type the web! Actually, we take Typescript typing syntax and generate other representations like json-schema. Thank to Xtext and Michael's expertise, we have after a few hours an Eclipse plugin with syntax highlighting and auto-completion. We map to json-schema. The idea, besides writing the Typescript support for Eclipse is to propose solid typing contracts and tools to bridge with other  typing proposals (json-schema, swagger, ...).

With a few more hours work, we can surely have something already *useful* for our projects!

https://github.com/lbovet/eclipse-typescript-xtext/tree/extends
https://github.com/lbovet/wtype

Devoxx 2013 is over

Feelings:

• Google rules the web
• Dev goes reactive

Nice night @Noxx

Thursday night: Hang out at the Noxx party. Listen to clojure-mixed music. Meet french Eclipse community guys. Aron Gupta, _the_ EE evangelist. I did not know about this. Thanks Michael to have stopped me talk about Spring.

Batch process in Java

Oh dear, the JSR-352 batch API is almost exactly the Spring batch API! It will be in EE 7. That's cool, we choose the right technology at the time.

XSS security

This talk from Mike West shows that Google has the taken the power over the web. Google guys talks as if the web were a Google product. About new HTTP headers or ES6 features, they say "we do this, we add that". I am impressed by this self-confident attitude. No other player can talk like this nowadays.

Among interesting headers understood by Chrome, Mozilla and Safari in their most recent versions are:

• Public-Key-Pins, a header to specify the SSL certificate signature. This prevents https man-in-the-middle attacks.
• Clickjacking. Use X-Frame-Options to prevent the site to being framed. Without them, any page can embedd your webapp in a transparent frame and forces you to click somewhere without you knowing.
• Beware of commented out placeholders. Attackers can often easily inject code by closing the comment.
• Use X-XSS-Protection with mode=block. You can even specify a url to POST a report in case of attack.
• Content-Security-Policy to choose where specific resource types can be downloaded from.

WebJars on their way

Met James Ward, father of WebJars. It looks like these get quite silent growing acceptance. As there is no valid alternatives and integration in many frameworks are popping along with CDN switching, we can happily rely on them.
I also learnt that we are not alone using WebJars in mobile hybrid apps. James is aware of this use cases and there is potential there.

Angular.js future

Break the framework in smaller pieces, modularity.
Separate data binding, routing, dependency injection, ...
Asynchronous DI, merge code loading and dependency injection.
Zones: to attach context to callbacks. This is AOP for promise/callback programming.
Will take advantage from ES6 (modules, annotations and contracts). They will start soon using traceur-compiler, which transforms code from ES6 to ES5. Instead of static typing, ES6 introduces contracts which allow to associated a function to validate the type at declaration time. This is actually a glorified assert() that are ignored in production.

Dart 1.0

Dart just lost its beta state these days. Ready for production and very fast with the Dart VM which will be built in Chrome next year.

The internal sale force management application of Google has recently been rewritten from GWT to Dart and uses Dartangular, the implementation of Angular for Dart.

Now, the convergence around Web Components shows that Dart could become strategical very quickly. Let'see.

Java goes reactive

Lambdas, Vert.x, Futures, Promises, Reactive programming. Here and there, we hear about them. Looks like Java woke up one morning suddenly aware of asynchronous models (although it has been already there in many other platforms). I feel quite a sound trend in this direction these days. Something probably stronger than a hype.

Thursday sessions

Here is my rough plan for today:

Movie and practical info
Conference

Thu 09:30 - 09:40
Room 8

Stephan Janssen

Shaping the future of web development
Conference

Thu 09:40 - 10:20
Room 8

Lars Bak

Cloud Patterns
Conference

Thu 10:50 - 11:50
Room 4

Nicolas De loof

Filthy Rich [Android] Clients
Conference

Thu 10:50 - 11:50
Room 5

Romain Guy, Chet Haase

A real-time architecture using Hadoop & Storm.
Conference

Thu 12:00 - 13:00
Room 4

Nathan Bijnens

What is in store for the future of Angular
Conference

Thu 12:00 - 13:00
Room 9

Igor Minar, Misko Hevery

Make sense of your (BIG) data!
Quickie

Thu 13:10 - 13:25
Room 9

David Pilato

How to make your Android apps suck. A rant.
Quickie

Thu 13:35 - 13:50
Room 5

Litrik De Roy

Polyglot - Beyond the JVM - Building a Web Application with AngularJS and Java
Quickie

Thu 13:35 - 13:50
Room 4

Nils Preusker

A whirlwind tour through lingual: ANSI SQL for apache hadoop
Conference

Thu 14:00 - 15:00
Room 4

André Kelpe

Browser-side security: Mitigate the risk of XSS
Conference

Thu 15:10 - 16:10
Room 9

Mike West

Going Reactive: Event-Driven, Scalable & Resilient Systems
Conference

Thu 16:40 - 17:40
Room 3

Jonas Bonér

Practical RESTful Persistence
Conference

Thu 17:50 - 18:50
Room 8

Shaun Smith

Vert.x in an asynchronous world

Had an interesting discussion with Tim, Vert.x author. About promises in the core API and more generally about intergration in existing Java applications. As expected, promises will stay outside the core, in modules. I would have preferred a promise-oriented API in the core, but current debates opposing RxJava and pure promise approaches are not going towards getting rid of handlers passed as parameters.

I urged him to care about the Java community which is in my sense (and also according to website doc logs) the main target audience. Mostly about integrability with other Java technologies and frameworks. Competition from Akka is there and asynchronous Spring is coming and will probably be strong.

Wednesday sessions

Here are the sessions I attended so far and the ones I plan to attend today. I'll try to provide the same for tomorrow.. Wi-fi access is not that reliable, so I can not post as much as I want....

Java 8 and beyond keynote
Conference

Wed 10:15 - 10:55
Room 8

Mark Reinhold, Brian Goetz

Java, Chess, and the Internet of Things
Conference

Wed 10:55 - 11:30
Room 8

Stephen Chin, Richard Bair

Fault tolerance made easy
Conference

Wed 12:00 - 13:00
Room 4

Uwe Friedrichsen

UI Engineer - the missing profession
Conference

Wed 12:00 - 13:00
Room 3

Dierk König

WebJars - The Web in JARs
Quickie

Wed 13:10 - 13:25
Room 8

James Ward

Don't use Git
Quickie

Wed 13:35 - 13:50
Room 5

Sven Peters

The Habits of Highly Effective Technical Teams
Conference

Wed 14:00 - 15:00
Room 6

Martijn Verburg

Introducing Vert.x 2.0 - Taking polyglot application development to the next level
Conference

Wed 15:10 - 16:10
Room 9

Tim Fox

Reactive Programming Patterns with Java 8 Futures
Conference

Wed 16:40 - 17:40
Room 8

Joshua Suereth

Hack Your Own Band With Clojure and Overtone
Conference

Wed 17:50 - 18:50
Room 6

Jonathan Graham, Sam Aaron

Push, Mobile & Cloud Oh My!
Conference

Wed 17:50 - 18:50
Room 3

Burr Sutter

The ideal module system and the harsh reality
Conference

Wed 17:50 - 18:50
Room 9

Adam Warski

AngularJS Meetup @ Devoxx
BOF

Wed 19:00 - 20:00
BOF 1

Igor Minar, Brian Ford, Misko Hevery