Devoxx 2018 Feedback


Purpose of this page is to put emphasis on talks that may be useful for my co-workers.
So "scores" are not here to say "this talk is bad" but how it may be interesting to them.


Those tags lets you find easily talks
  • #DeployAndRun : mainly Kubernetes
  • #Build : mainly gradle
  • #LearnOrDiscover : open your mind
  • #Security
  • #Improve : Improve code, tests, design

Summary for managers

Kubernetes, Kubernetes everywhere

FR : Tout ce que vous avez toujours voulus savoir sur la programmation fonctionnelle 5/5

FR : Ceinture noire Karate en tests d’API REST 5/5

FR : Sécurité des applications Web : les bons réflexes à avoir 5/5

Web Security Notes

  • Highly recommended : Use OWASP's dependency-check to find vulnerable libraries in your all your dependencies
  • OWASP's Dependency track : Web app to track dependency-checks results
  • Front-end :
    • dependency check (beta) (link to find)
    • Node Security Platform (bought by NPM)
    • RetireJS
  • Docker
  • Code
    • Sonar
    • eslint-plugin-security (Nothing for Typescript so analyse transcripted code)
  • Intrusion : Zed Attack Proxy (ZAP) : passive and active (docker available -> automation)

FR: Les 12 factors Kubernetes 5/5

12 Factors K8S Best slides

  1. #1 Pods : See Slide 4 : Pods multi containers design patterns
  2. Slide 26 : The most important factors
  3. Slide 27 : The take away
  4. Slide 28 :

EN : SSL/TLS for Mortals 4/5

FR : Université : Je passe à Gradle - Maturité performance et plaisir 4/5

Switch to Gradle Notes

  • Always use gradlew as starting point
  • Configuration is stored in settings.gradle

Gradle Wrapper usage

  • Use it from the root of the project -> No need to navigate to sub-modules
  • ./gradlew task1 task2
  • ./gradlew module_name:task
  • ./gradlew tasks -> will list tasks
  • ./gradlew help --task taskname
  • ./gradlew build -x test -> build without tests, does not even compile tests
  • ./gradlew test --continue -> executes all tests, if one fails do not stop )
  • ./gradlew -t test -> continous tests, Ctrl-D to stop


  • assemble = production output (but no tests)
  • Check = tests + sonar + lint, ...
  • build = check + assemble


  • See setting as gradle may otherwise use all cores
  • clean -> no need to clean
  • up-to-date -> gradle hashes inputs and ouputs so it knows when things are up-to-date
  • --console=verbose -> if standard one is not verbose enough
  • gradle init -> bootstrap project

Regarding the Build Scan tool

  • HTML result of the build. Easy to navigate
  • Local ? oui but limited. Otherwise on the web or Entreprise via docker image


  • they adds tasks
  • and conventions

Build Cache

  • Continuous Integration may have already built some artifacts and compiled some code
  • Or locally yourself
  • Use --build-cache (local cache)
  • or to define a central cache to use

FR: En finir avec les problèmes de gestion de dépendances 4/5

Gradle Dependencies Notes

  • api != implementation dependencies
  • maven is not tied maven central as gradle is not tied to jcentral
  • Capability : in an app you need only one library for one capability (ex: log). Now you can tell
  • dependency lock
  • module set = a family of dependencies that must share the same version when used
  • Good excludes (really better than maven)

EN: HandsOn Kotlin 4/5

FR : Keynote : L'ordinateur quantique 4/5

FR : DDD & Event Sourcing à la rescousse pour implémenter la RGPD ? 4/5

DDD Notes

  • Keep the domain clean
  • Frameworks go to Infra
  • See Hexagonal Architecture
  • Road to event sourcing :
    1. Domain model,
    2. Events
    3. Events that transform domain
    4. Event sourcing

FR : Architecture hexagonale pour les nuls 4/5

FR: Mes Applications en production avec Kubernetes 4/5

Kubernetes en production notes

  • Command : kubectl get event -> to see what deployed occured
  • Take a look at the security context (otherwise you are root) See Video at 9:13 and 11:10
  • Take a look at Pod Security Policy to apply security to a list of pods
  • Again : Memory and OOM killer
  • Metrics : Prometheus recommended
  • There are good sample of spring boot prometheus to expose metrics for prometheus

FR : Suivre les avions des lignes avec un Raspberry Pi 3/5

FR : Migrer à Spring Boot 2 lorsque l'on a une "vraie" application 3/5

SpringBoot 2 Notes

  • Spring platform bom stopped -> use bom spring boot
  • Spring Boot 1.5 is for Java <= 8
  • ElasticSearch not embeddable anymore
  • spring-boot-propeties-migrator to help you switch to YAML
  • spring boot actuator change (json change)
  • Spring data. API change (optional is used)

FR : Java dans Docker : Bonnes pratiques 3/5

Java Docker Notes

  • docker : use --memoryswampiness to avoid swap
  • Memory : How much memory java will use in your docker container ?
    • java8 : use showsettings to estimate
    • java9 : experimental settings to use (they are backported to java 8)
    • java10 :

EN : Google CodeLabs 3/5

EN: Troubleshooting & Debugging Production Microservices in Kubernetes 2/5 (requirements) 5/5 (demo)

EN : Apache Maven and Java 9 2/5

FR: Guide de survie NodeJS pour le développeur Java 2/5

NodeJS Notes

  • Use Prettier (See VSCode)
  • Learn Chrome debugger and profiler

EN : Spring Framework 5 Features Highlights & Hidden Gem 2/5

FR : Les exceptions, oui, mais pas n'importe comment 1/5

Other Talks

I should have been to those talks. I am going to watch them online



Other Feedbacks (all in French)