Which tools and technologies are new and exciting, proven, growing stale–report from Devoxx 2022

A conference such as Devoxx is a great opportunity to get inspired into trying out tools and technologies that may not or only be vaguely be known as they are mentioned or even demonstrated by presenters or discussed in the hallways of the movie theater where the conference is taking place. It is also a chance to get a feel for which technologies have  been widely accepted and adopted and are no longer in the explore and try out phase but are used for real. And of course there is a category of (versions of) technology, tools or concepts that shows signs of wear and tear and appear ready for retirement.

In this article, I will list some of the technology that was new to me and seems exciting enough to take a closer look at. I will also mention some technologies that seem firmly arrived – some recently, other much longer ago – as well as some that are well beyond their heyday and should perhaps be reconsidered.

New and Exciting (or at least worth a look)

Some of these were truly new to me and others I had seen before but are not yet part of my every day toolkit. I can imagine that some of the things listed here are not really new to the reader (but hopefully still exciting).

JBang – install, manage and run Java with great ease, as a scripting language ? with an app store? – https://jbang.dev/ 

JReleaser – https://jreleaser.org/ – The quick and effortless way to release your Java project!JReleaser can package your application to be distributed with popular software packagers such as Homebrew, Scoop, Chocolatey, Snapcraft, and others.

Fossil, Plastic, Pijal  – Git alternatives

Jit Si – free tool for online meetings (Teams style)  https://meet.jit.si/

JHipster Lite – The next generation JHipster (JHipster LIte) adopts the hexagonal (microservices) architecture style that is centered around (business) domain definitions, It still uses Spring Boot as the foundation for the backend of the application (although Quarkus was also mentioned as an option). Unlike traditional JHipster, Lite ca be used for non-web-applications as well.

the container security platform: gVisor

Espresso – Java on Java (Java supported by GraalVM Truffle). The Truffle framework allows programs written in various languages to all be executed on the same engine – often better than in their original runtimes – and also interact (interoperate) with each other. Recently Java was added to the collection of languages supported by Truffle. Code named Espresso – Java can now run on Truffle, similar to JavaScript, Python, WebAssembly, Ruby and others. And it is not just Java but other JVM languages as well, such as Scala and Kotlin. Medium Article on Java on Truffle.

Dockerode – npm module for programmatic control of Docker containers (interact from Node applications with API on Docker daemon). https://github.com/apocas/dockerode 

Htmx (no) JavaScript webapps – htmx gives you access to AJAX, CSS Transitions, WebSockets and Server Sent Events directly in HTML, using attributes, so you can build modern user interfaces with the simplicity and power of hypertext – https://htmx.org/ 

CRaC (Coordinated Restore at Checkpoint) snapshot java applications while they execute – for fast startup from the initialized state. Restoring from the image could be a solution to some of the problems with the start-up and warm-up times – https://openjdk.org/projects/crac/ (Similar to criu for containers check https://criu.org/Docker for some details –  also see for example https://blog.openj9.org/2022/09/26/fast-jvm-startup-with-openj9-criu-support/ on OpenJ9 CRIU)

Sigstore –automated , standardized process for digitally signing open source project releases to allow easier checking/verification by anyone using open source  products – https://www.sigstore.dev/

Cosign – https://github.com/SigStore/cosign – Container Signing, Verification and Storage in an OCI registry.

Rekor – https://github.com/sigstore/rekor – enables software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-

Flowable – workflow engine (similar to Camunda’s products?) support bpmn, cmmn and dmn – https://github.com/flowable/flowable-engine 
Error Prone (and refaster) (https://errorprone.info/) – (from Google) Using Error Prone to augment the compiler’s type analysis, you can catch more mistakes before they cost you time, or end up as bugs in production.

Kcctl – kafka connect CLI – https://github.com/kcctl/kcctl

Melrōse, a language to program and play music
– https://ernestmicklei.com/melrose/introduction_melrose/

Mustache Template Language for creating dynamic content like HTML, configuration files – https://mustache.github.io/; also see tutorial on Baeldung: https://www.baeldung.com/mustache 

OpenTelemetry – standard for publishing telemetry; SDKs for auto-instrumenting applications (client web, Java, .NET and others are coming) – https://opentelemetry.io/ OpenTelemetry is a collection of tools, APIs, and SDKs. Use it to instrument, generate, collect, and export telemetry data (metrics, logs, and traces) to help you analyze your software’s performance and behavior. Note: for Java, all SQL interactions are individually tracked and reported!

Front End & User Experience

Qwik and partytown – very quick starting webapps – https://www.builder.io/blog/how-we-cut-99-percent-js-with-qwik-and-partytown  Partytown is used to move all third-party scripts to web-worker. Qwik – offers the fastest possible page load times. As users interact with the site, only the necessary parts of the site load on-demand. This precision lazy-loading is what makes Qwik so quick. https://github.com/builderio/qwik

Webrtc – standard browser technology for direct communications between browsers (peer to peer)– for example for video, audio/voice, JavaScript APIs are available in major browsers  https://webrtc.org/

Webpack Module Federation – the foundation for Microfrontends – https://webpack.js.org/concepts/module-federation/

Workbox – npm module for ServiceWorkers – https://developer.chrome.com/docs/workbox/ 

Project Fugu – WebCapabilities https://www.chromium.org/teams/web-capabilities-fugu/  and demo apps: https://developer.chrome.com/blog/fugu-showcase/ 

Flaticon – collection of icons – including a large free library – https://www.flaticon.com/icons

WebAlmanac – The Web Almanac 2022 (published in September) is a comprehensive report on the state of the web. Also read this overview article: https://www.stefanjudis.com/blog/web-almanac-highlights-2022/

StackBlitz – IDE & Node environment running inside the browser (powered by WebContainers on WebAssembly) – web app development fully browser based

RunKit – Node playground – https://npm.runkit.com/playground – It runs a full Node.js environment and already has all of npm’s 1,000,000+ packages pre-installed

XKCD – https://xkcd.com/ – xkcd, sometimes styled XKCD, is a webcomic created in 2005 by American author Randall Munroe. you’re free to copy and share these comics (but not to sell them). And several conference presenters used cartoons from this site.

Pexels – https://www.pexels.com/ – free stock photos, royalty free images & videos shared by creators: another source of images used by presenters

Excalidraw – https://github.com/excalidraw  Excalidraw is a whiteboard tool that lets you easily sketch diagrams that have a hand-drawn feel to them. VS Code extension available.

Developer Experience

Backstage (not present at Devoxx) – framework for creating a Developer Portal. Create at Spotify. https://backstage.spotify.com/

SDKMan – CLI for easy installing of and switching between different versions of JDK and other SDKs and libraries https://sdkman.io/

Gitpod – a SaaS that provides a cloud based development environment – Linux VM with VS Code, 12 language runtimes and 25 additional tool pre-installed. It has a max of 12 GB RAM, plenty of diskspace. It is by far the quickest way to get started exploring any technology or running a tutorial or workshop. Gitpod accounts are created using a GitLab or GitHub account. The free plan has 50 hours of Gitpod workspace usage per month

Testing and Code Quality

Open Rewrite – https://github.com/openrewrite/rewrite – rewrite source code (Java and some others supported): Automated software refactoring to keep up-to-date with API changes, fix vulnerabilities, and improve code quality.

Error-Prone (define BugChecks to find undesirable coding in your code base) and Refaster (automated refactoring at scale by fixing code patterns using before and after templates. See: https://github.com/google/error-prone Picnic announced its own open source project that builds on Error Prone and Refaster with dozens of bug checks and over 500 refaster templates to improve the code: https://blog.picnic.nl/picnic-open-sources-error-prone-support-b23f9a7208b6 

A concept bound to become quickly more important: the SBOM – software bill of materials. The register of all dependencies of an application – direct and indirect. Along with version and status (open source activity, commercial support, vulnerabilities, community “opinion”) for each dependency. To actively manage dependencies.

Bots to scan the code base for outdated (newer versions are available) and vulnerable (CVEs are known for the currently used versions of libraries) dependencies and recommend and sometimes even apply upgrades to newer (stable) and safe versions. Available for use on GitHub (and perhaps GitLab in some cases): DependaBot, Renovate and Snyk.

Playwright – test automation for end to end testing of web applications through browser automation (also for RPA) – programmatically accessible from Java, Node, Python and .Net. Watch Devoxx presentation by Alex Soto. To me it feels much easier and lighter wait than using Selenium

Pact – Contract Testing: test all known interactions from specific consumers with “service providers (such as APIs)” https://docs.pact.io/ –

Testcontainers – programmatically spin up containers to provide dependencies in integration tests – https://github.com/testcontainers

Fuzzing – a testing technique where large numbers of generated inputs are used in testing software – to find weak spots. A new feature in Go 18 (presented by Valentin Deleplace in this session https://youtube.com/watch?v=Zlf3s4EjnFU…)  and available for other languages through OSS-Fuzz. Fuzzing feels a little related to chaos engineering – though at a different (functional) level.

Hey – for quickly generating load on an HTTP endpoint (demonstrated by Thomas Wuerthinger in his GraalVM talk) – see https://github.com/rakyll/hey

Also of course: JMeter, Gatling for load testing

ArchUnit  – https://www.archunit.org/ – to unit test (quality inspect feels a better word) Java applications in terms of “architecture”: forbidden class imports across packages in different layers or services (leading to lack of encapsulation and uncontrolled or undesired such as cyclic dependencies)

Mutability (or Mutation) Testing – Faults (or mutations) are automatically seeded into your code, then your tests are run. If your tests fail then the mutation is killed, if your tests pass then the mutation lived – and the coverage of your tests is not optimal. In Java for example with http://pitest.org/ 

Rest-Assured – Testing and validating REST services in Java  https://rest-assured.io/ – see Rest API Testing (Automation) from Scratch -RestAssured Java course by Rahul Shetty on Udemy

C4 model for visualizing software architecture – https://c4model.com/

Data

The very broad topic of data – a mixed bag of tools and technologies to take a loot at:

• Trino – Distributed sql query executed against various sources
  https://trino.io/
• Cube.dev – headless BI (model data, expose through APIs for reporting and analysis) – https://cube.dev/
• QuestDB – time series database with fast SQL – https://questdb.io/ 
• CrateDB –
• Yugabyte – a high-performance transactional distributed SQL database for cloud-native applications – https://www.yugabyte.com/
• ArrangoDB – free and open-source native graph database system; a multi-model database system (Graph, Key/Value, Document) https://www.arangodb.com/
• MicroStream – apparently is a smart way to serialize Java object graphs (to file) and to deserialize them again – applying ACID constraints on the data manipulations. For querying it is suggested that Java Collection Streams APIs are applied – as we are dealing with Java objects.
• JOOQ – generates Java code from your database and lets you build type safe SQL queries through its fluent API  – https://www.jooq.org/ (open source for open source databases, paid for paid for databases)
• Jakarta EE NoSQL – API (such as JPA) for interacting with NoSQL databases – http://www.jnosql.org/spec/

AI – Models, Sites, Tools

One of the big themes for me at Devoxx 2022 are the incredible things AI can do. Here are some references to tools/sites to take a look at:

DiffBlue (Cover) – Smart unit test generation from code interpretation by AI – VS Code extension available – https://www.diffblue.com/community-edition/download/

CodeGeeX – Code Generation – live demo https://huggingface.co/spaces/THUDM/CodeGeeX and self hosted:  https://github.com/THUDM/CodeGeeX 

Once Upon A Bot – story generation including graphics – https://onceuponabot.com/ And here is the story I had generated for me: https://onceuponabot.com/story/3a181967-0e7f-4e3e-a928-cb1ed5feb38b (it a bit of a tear jerker)

OpenAI Playground – try out many different models and what they can produce – sign up (for free) at: https://beta.openai.com/signup , then go to the overview page: https://beta.openai.com/overview 

Generate images from text “prompts” using KerasCV (Python) – https://keras.io/guides/keras_cv/generate_images_with_stable_diffusion/ 

Google Imagen Video – https://imagen.research.google/video/ – generated videos from text prompt. At this moment only a research paper and a demo.

Kubernetes centered tools:

so many tools have come into existence around Kubernetes, this deserves to be its own category.

• Service Mesh Istio & Kiali for monitoring Istio
• KDash – a simple and fast dashboad for K8S
• container image scanning (Clair or Trivy)
• cluster policies (OPA or Kyverno)
• the de facto Kubernetes threat detection engine: observing activities in the cluster: Falco
• dynamically applying cluster resource changes in response to events (Argo CD).
• party image scanning (Dive )
• image signing strategies Notary Project
• Kubescape, Kube Hunter, Kube-Bench.
• Knative – serverless model on Kubernetes cluster (dynamic and event driven scaling)
• KEDA – Kubernetes Event Driven Auto Scaling – https://keda.sh/ 

(Ready to be) Widely Adopted

gRPC – faster, lower overhead interactions than traditional HTTP/REST. gRPC over HTTP/2 is well established and SDKs are available for all main programming languages. gRPC on HTTP/3 is currently only supported with an SDK for .NET; others will soon follow. Note that HTTP/3 itself was published as a standard only recently: June 2022.

GraalVM Native Image – A major component under the GraalVM umbrella is the native image generator. It is the enabler of serverless Java (functions). It will drive down costs of running Java applications (and it will reduce the carbon emissions as a result of running Java applications because of the reduced resource usage). Take a Java application. Compile it into a runnable jar. Then set the native image generator to do its magic. The result is an executable. A file that can be executed. A file with no dependencies other than on the Operating System it was created for. An executable that when executed starts up blazingly fast and uses far less memory than the corresponding Java application on a JVM would. In most instances the performance of the application is (initially) better than Java on the JIT compiler (regular JVM). GraalVM 22.3 – to be released in the week of 17 October 2022 – supports Java 19, including Virtual Threads! While JDK 19 is not an LTS, you can start using Virtual Threads in your code, bake the native image and run the fantastic scalable concurrency in production if you want.

Support for runtime operations is being added to the native image: JFR (flight recorder) and JMX will be supported. In IntelliJ there is the option to debug a native image – with mapping to the original Java source code. I have not seen it, but I am already impressed!

Note: RedHat has created Mandrel (https://github.com/graalvm/mandrel) – a downstream distribution of the GraalVM community edition. Mandrel’s main goal is to provide a native-image release specifically to support Quarkus. The aim is to align the native-image capabilities from GraalVM with OpenJDK and Red Hat Enterprise Linux libraries to improve maintainability for native Quarkus applications

PostgreSQL seems the relational database of choice – for microservices and many other data persistence and processing use cases. Where at one point MySQL seemed the default open source database – briefly challenged by MariaDB – it is now clearly PostgreSQL that is on everyone’s mind. October 13th 2022 saw the release of PostgreSQL 15. Note: a new SQL operation introduced in this release is … MERGE. (“This release improves the developer experience with the addition of the popular MERGE command”). I think PostgreSQL is great. However, some of the compatibility claims from vendors trying to seduce companies into migrations may be somewhat exaggerated. 

Enterprise Integration with 300 types of conectors, running on Quarkus (native image) and Knative: Camel (https://github.com/apache/camel) & Karavan (UI for editing routes – https://github.com/apache/camel-karavan)

Apache Airflow – not really new, still exciting and probably very widely in use. Apache Airflow is a workflow orchestrating tool that comes with many operators in its box that make it easy to extract, process and load data from and into many different sources. As such it is widely used for ETL processes, data pipelines that integrate systems and feed data lakes and the like (somewhat similar to Azure Data Factory for example). Note that Airflow can orchestrate ADF pipeline (and perhaps vice versa). An Airflow process is a DAG (directed acyclic graph) described in a Python program. In the DAG, operators are connected in logical flows, handing (references to) data to operate on to each other.

Grafana – everyone seems to be using Grafana for creating (IT operational) dashboards. Often using Prometheus as the metrics collector and database.

Containers obviously are a key element of software development – for setting up development environments, integration tests, build and delivery pipelines and as delivery and runtime format. It may not always be Docker anymore – the Docker Desktop license rules have not helped – but containers are clearly something all software engineers should master.

Kubernetes is rapidly becoming the next generation application server (with containers the applications to be ran) – the omnipresent (and omnipotent) deployment platform. Applications (microservices please?!) are built and delivered as container image. Deployment is equal to running a Kubernetes Deployment that instantiates Pods based on the container images. Kubernetes locally (minikube, k3s,..) or in the cloud is quickly becoming the core focus of platform engineers – dealing with wide range of tools for all kinds of tasks. Monitoring, service mesh, tracing, logging, volume mapping, release management, GitOps are just some of the areas where tools are available. It seems that Kubernetes as a runtime platform should be a serious consideration for any organization operating at scale – especially when availability, rapid evolution, variable workloads, efficient resource usage and high degree of automation are relevant.

Service Mesh seems the logical next thing to discuss once you have embraced the K8S cluster as the runtime platform for applications and especially when these applications are created microservice style. The service mesh (pattern) is about having the mesh handle outgoing and incoming netwerk calls – through the use of a proxy or sidecar that is configured from and interacts with a central control plane. The proxy – in conjunction with other proxies through the control plane – can enforce important policies (mTLS, routing, load balancing, authentication) and help collect runtime data (logging, monitoring metrics, trace data). Istio seems the de facto standard for K8S service mesh – although Kong (Mesh) and Dapr also have a claim (both very much absent from Devoxx). For monitoring Istio, a commonly presented tool is Kiali.

JetBrain’s IntelliJ IDE(A)s are the clear favorite. No user ever seems to complain or to consider to go back to where they came from. VS Code is heavily used as well – especially for non-Java development – but for anything Java, there does not seem to be a real debate.

The adoption rate of Kotlin is somewhat unclear to me. Kotlin is mentioned frequently, but when audiences are quizzed the actual usage of Kotlin seems pretty low (< 20% of conference attendees appear to be using it)  .

Okta – to manage and secure user authentication into applications, and to build identity controls into applications, website web services and devices. I have not heard Active Directory even once. Some references to KeyCloak – and many to Okta. Then there is Autho – by Okta. Auth0 an authentication and authorization platform for your application with a free plan.

Reconsider and perhaps retire?

Some technologies are probably still fine – they did not all of a sudden keel over or anything. However, they have lost momentum, lost market share and real attention from the developer crowd and commercial sponsors and perhaps are not really evolving very much anymore. These are not technologies to start afresh on and candidates to move away from when you get that chance.

It is quite hard to objectively determine when a tool or technology has reached that state (for everyone) so I am not doing that here now. I will do this very subjectively and from the perspective of my own organization.

Java 8 and anything older is obsolete. Java 11 is the least we should be working on and upgrading to Java 17  (also LTS) should be on our roadmap in the near future. Java 21 (September 2023) is the next LTS after Java 17.

With the many changes in Java 8 and Java 11 and beyond, many of the clear advantages of Scala of Java are no longer so apparent.

Although Jakarta EE is under active and enthusiastic development, it is hard to see how with Spring(Boot) as key player and Quarkus as major contender there is a huge future for Jakarta EE generating excitement of developers around the world. I feel too harsh and I may not be well informed but that is my perception.

What was not mentioned at all?

Some topics I had expected to hear about did not appear on the Devoxx agenda and went also unmentioned in the sessions that I attended. Whether that is meaningful or not is impossible to say, but a little telling it may be

Backstage – the Spotify platform for building a Developer Portal

Flutter – cross platform front end application language from Google

Oracle and IBM – two large companies that used to dominate these conferences. I saw some people from Oracle (especially GraalVM team), no sessions or booth from IBM

Alibaba – the number four public cloud in many assessments, but at all present

Apache NetBeans (pka the Java IDE from Sun Microsystems) –NetBeans (as was expected) is fading into the background

MySql or MariaDB – previously the database darling at conferences such as Devoxx; this week hardly mentioned at all. PostgreSQL has taken over center stage.

Kong – API Gateway and Service Mesh – not in any title or abstract

Dapr.io – an open source framwork for distributed applications and making it easier for the individual components in such applications  to talk to each other and to interact with generic facilities and platform components such as data stores, cloud services, message queues, file/storage systems. I like it, I have made contributions to it but it failed to make it into this conference.

Puppet, Ansible, Salt – Infra as Code, Automation – the revolution started with these tools – but this year I have not come across them. In all fairness, the current favorite Terraform was not al that visible either

VR/AR – Virtual and Augmented Reality: at some point very popular topics but not this year

Crypto Coins – Blockchain was a topic in a single session (down from XX session in earlier years) and crypto was not in any session’s title or abstract

ChatBot or conversational UI – despite all attention for AI and the progress in NLP I have not seen anyone talk on ChatBots or even CLI-like interfaces.

Low Code (well, … perhaps a little bit?) – it is a developers’ conference. How much development goes into Low Code? Well, not writing code obviously, but the art of creating software or at least implementing functionality is very much part of Low Code development. Computer Assisted Programming – of Computer Aided Software Engineering – where have I heard that before? JHipster does some of this one could easily argue. DSLs perhaps lead to low code programs? For example the way integrations are programmed with Apache Camel in many cases to to require actual programming code.