Intro to FOSDEM
FOSDEM (Free and Open Source Software Developers’ European Meeting) is the European Open Source Conference oriented to Engineers, grouping the Open Source Communities in a University Campus and managed by volunteers. It is an intensive two days conference that, simply, enlightens…
Main Sponsors: RedHat, Google, Oracle, Cisco, Mozilla, Trivago, Bloomberg, GitHib, O’Really
Day 1 Tracks: Java, Security, Data Replication and Web Protocols
Talks Format: 20 minutes
- “The State of OpenJDK” – Mark Reinhold, Oracle. A 10K feet view of the actual JDK, in particular what it looks like now, what it will be in a few months (we are all waiting the version 9) and what it will be in the near future: Java 10 will be a revolution, part of such revolution started with Java 9 in which many of the legacy JARs (like ‘tools.jar’) have been removed. The motto seems to be: getting rid of the legacies.
- “This is not a drill – Preparing for JDK 9” – Dalibor Topic, Rory O’Donnel, Oracle. A detailed survey of JEPs (Java Enhancement Proposals) included into the JDK 9. A cool sum up on the evolution and in particular on the new versioning: no longer 1.9.x, but 9.y where the ‘y’ is a combination of build and updates.
- “Huge code bases – Application monitoring with Hystrix” – Roman Mohr, RedHat. This is a lightning talk on how to monitor a distributed system, in particular on how to profile the modules to spot bottlenecks. The RedHat Engineer gave a survey fo the Tools out there and motivated why they chose to have Netflix Hystrix in production. The reasons that he gave us are: easy-to-integrate, bundled with a nice UI, and customizable. Originally, Hystrix is a circuit-breaker suited for Micro Services Architectures, but with its advanced monitoring capabilities can even be used to profile a huge code base (millions of lines of codes, spread over many modules). The monitoring capabilities from Hystrix can be imported just by adding a new Servlet and a few lines of gluing code.
- “Security in IoT: more a cultural shock than a technical challenge” – Dominig Ar Foll, Intel. Intel as hardware vendor is very sensible to the security issues, in particular when IoT is mentioned: something that can decently works, of course, cannot if 20 to 50 billions of connected entities are taken into consideration. The approach that Intel is following is pretty smart, and starts by designing for security: they do not want to have the security as a transversal attributed added at the end of any development, they want the security as a design principle to be applied since the early stage of any project and/or product. The speaker gave us a bunch of examples without disclosing much: for instance, the TPM technology should be considered as integral part on any platform, in a tiered stack of software layers assuring security of any software interaction. What he told us: do you know on what code base your systems is running? Are you sure about that? This is a provocation to let us understand that security is multi-faceted, and very often is not managed properly in the early design stages of a system.
- “Lessons learned from running SSL at scale” – Chris Down, Facebook. Facebook as well as many many other Internet Services got impacted hardy by the 2014 OpenSSL bug: a simple missing check on array bounds was able to disclose sensitive information. From that moment, Facebook started working against its own proprietary infrastructure to automate the certificate resistance and the security patches distribution; since that time, as almost everyone else, the process were governed locally by the teams owning the services – a very bad idea, as explained in detail with many motivations. The solution that Facebook is working on, seems to be a more powerful infrastructure resembling Netflix Lemur, adopting Let’s Encrypt ideas. Of course, the guy did not tell us much more because the developments are not open sourced yet, but generally speaking he gave us the context, the motivations and the design decisions that are moving them towards this automated world to react in case of any security breach.
- “Testing Cryptography in wolfSSL” – Chris Conlon, wolfSSL. A detailed overview of the test cycle that wolfSSL implements internally to make sure that their code is dependable. In particular, a workflow involving Unit Testing, Static Code Analysis, Algorithms Testing, Fuzzy Testing, Interoperability Testing, and many others is run systematically to make sure that every release has the minimum number of bug possible. Code review and Fuzzy Testing are pillars: the Engineer explained that those are the phases in which the majority of bugs are spotted, then solved, making sure that buggy code does not get the master branch, never.
Data Replication Track
- “MySQL Grop Replication – on how good theory gets into better practice” – Tiago Jorge, Oracle. MySQL is offering Active/Active replication by implementing a very well known protocol in literature: Paxos. Adopting the Theory from distributed systems, the Team built Atomic Broadcast communication primitives over TCP that allow to propagate the transactions over the replicas: the replicas act like state machines that evolve according to the event passing the balloting and reaching the quorum upon voting. Even if in the field Paxos is a very well know protocol, this Group Replication still sounds like innovative: MySQL is bling to a release 1.0 a brand new feature that allows to adopt a solution of a superior scalability in scenarios where huge amounts of data have to be managed (both reads and writes).
- “ANALYZE for statements: MariaDB’s new tool for diagnosing the Optimizer” – Sergei Petrunia, MariaDD. As DBA, how do you spot bottlenecks? Well, there are plenty of approaches out there, but ANALYZE can be a key in reducing the troubleshooting times. Basically, it is an extension of MariaDB’s SQL language (and derivatives) that allows to retrieve exact runtime metrics to profile suspicious queries. ANALYZE, as extended SQL statement, presents its results as a canonical query, with a bunch of significant fields; moreover, there is the possibility to have JSON format reports.
- “Reliable Cluster Detection and Failover” – Slomi Noach, GitHub. Orchestrator was presented. Orchestrator is a Cluster Management Tool that allows to reduce the ‘hot switch-over time’ from minutes to a couple of tens of seconds, in configuration Master/Slave. It is able to rebuild the cluster topology and apply heuristic algorithms to detect any Master and/or Intermediate Master failure: a quorum vote from Slaves is required, and it is calculated by navigating the topology and rebuilding the needed information. It is an intelligent tool, originally developed at Booking.com and now at GitHub (the author moved over) that targets: 1. cluster self-healing, and 2. reduced hot switch-over times.
- “The Query rewrite plugin interface” – Martin Hansson, Oracle. A quick introduction on how to write a MySQL plugin, with a few concrete example: Pre- and Post-Parsing Plugins. Very technical, with a bunch of C++ code to digest to get to the point. It showed up the design of MySQL: tiered APIs, well architected that allow an almost seamless pluggability.
- “Galera Replication demystified” – Frederic Descamps, Percona. A fast synchronous replication support, based on Group Communication and Certification-based transaction acknowledgment. MySQL, as well as all derivatives, can take benefit from this adjacent replication technology – the Master/Slave configuration does not scale and it is impactful for service availability in high transactional scenarios.
- “MariaDB CONNECT Storage Engine” – Serge Frezefond, MariaDB. CONNECT is a new Storage Engine proposed by MariaDB and already available for testing. It allows to import data from any data source (e.g. JSON, XML, CSV, etc.) automatically creating the corresponding tables (the scheme is inferred dynamically) and running queries on the created tables. It sounds like an integrated ETL (Extraction Transformation and Loading) tool built natively into MariaDB: there no need, at least not anymore, to hack manually the data from several different data sources, with a few lines of SQL code the data can be imported in a proper table, no matter from where it comes from.
Web Protocols Track
- “An HTTP/2 update” – Daniel Stenberg, Mozilla. Comparison among HTTP/1 and HTTP/2, highlighting the performance gain with the multiplexing techniques adopted in HTTP/2; a few words on the failure of HTTP Pipelined. A status about the deploy: browsers and HTTP servers supporting HTTP/2, a quick sum up.
- “C Code Refactoring” – Dimitros Spinellis, University of Athens. CScout is an open source project that aims at providing a support tool targeting any C/C++ massive code refactoring. The problem solved by this tool consists in browsing huge code bases having in mind scoping and semantic awareness, to allow an Engineer to easily modify and/or refactor in safety – no longer build errors after having broken up, cause a slight refactoring. The tool parses the code base, then it applies pre-processing logic to infer the program structure. A Web UI allows to browse the so built structures and modify the code by means of queries: once modified the code (like a sort of ’sed’), the files can be regenerated and successively compiled.