A Passwordless Future! Passkeys for Java Developers

Weak passwords remain one of the major causes of breaches and security incidents. The Web Authentication standard provides a robust framework for passwordless authentication using passkeys. Passkeys are the latest revolution in authentication. You may have used it with Google or GitHub. But what exactly is it and how does it work?
Join me on an illustrated journey to learn everything about passkeys.

We will dive into the core concepts of passkeys, their architecture, and their pros and cons. We will see how Passkey leverages public key cryptography and biometrics/hardware authenticators to offer enhanced security and usability while eliminating the vulnerabilities associated with traditional password-based systems.

We will explore how Java developers can leverage WebAuthn Java libraries to implement passkeys in their apps. We will also learn to use passkeys with Spring Security and external Identity providers. There will be demos, showing step-by-step integration of passkeys into Java web applications.

An illustrated crash course for OAuth and OIDC

In this talk, we will embark on an illustrated journey to demystify OAuth 2.1 and OpenID Connect (OIDC). We will start by exploring the fundamental concepts of these two protocols, their roles in modern authentication and authorization, and the problems they solve in the realm of identity and access management.

We will then delve into the flow of OAuth and OIDC, using easy-to-understand animations and examples. This will include a detailed walkthrough of the various OAuth flows, grant types, tokens, and how they interact in different scenarios.

The talk aims to provide a clear understanding of OAuth 2.1 and OIDC, enabling developers to confidently implement secure authentication and authorization in their applications. Whether you're a beginner or experienced developer, this talk will provide valuable insights into the world of OAuth and OIDC.

Thriving With ADHD: My Journey to Become a Polyglot Programmer and a Successful Developer Advocate

Navigating tech as a neurodivergent presents unique challenges, but it can also be a powerful catalyst for creativity and innovation. Join me for an inspiring session where I share my personal journey of thriving with ADHD and social anxiety, mastering multiple programming languages, and carving out a successful career as a developer advocate.

I got diagnosed late as an adult but I realized that I already turned my perceived obstacle into a source of strength and creativity. I used my perceived disadvantages to learn multiple programming languages, to author a book, and to become an international speaker and developer advocate.

Whether you have ADHD or simply want to hear an inspiring story, this session will provide you with valuable insights and actionable advice. Discover how to harness your unique strengths, embrace the diversity of the programming world, and thrive in your tech career.

Be an Effective Polyglot Developer: Learn Languages Like It's Nobody's Business!

In the fast-paced world of software development, mastering multiple programming languages is no longer just a luxury—it's a game-changer. With AI tools transforming our industry, the ability to switch between languages effortlessly is more crucial than ever. Having conquered languages like Java, Go, TypeScript, and Rust, and comfortably coding in a dozen more, I've learned valuable lessons on this journey that I'm excited to share.

Join me for an exhilarating session where I'll reveal the secrets to becoming an effective polyglot developer. Discover practical strategies to rapidly and effectively learn new languages, and understand how adopting a polyglot mindset can turbocharge your problem-solving skills and skyrocket your career.

Highlights of the session include:

- The Polyglot Mindset: Uncover the perks of being a polyglot developer and how it can open doors to innovative solutions and new opportunities.
- Learning Hacks: Dive into techniques for mastering and keeping up with new programming languages with speed and confidence.

Whether you're a seasoned developer looking to expand your skill set or a newcomer eager to dive into multiple languages, this session will equip you with the tools and confidence to learn languages like it's nobody's business. Embrace the future of software development and become a versatile, adaptive, and highly effective polyglot developer.

In the fast-paced world of software development, mastering multiple programming languages is no longer just a luxury—it's a game-changer. With AI tools transforming our industry, the ability to switch between languages effortlessly is more crucial than ever. Having conquered languages like Java, Go, TypeScript, and Rust, and comfortably coding in a dozen more, I've learned valuable lessons on this journey that I'm excited to share.

Join me for an exhilarating session where I'll reveal the secrets to becoming an effective polyglot developer. Discover practical strategies to rapidly and effectively learn new languages, and understand how adopting a polyglot mindset can turbocharge your problem-solving skills and skyrocket your career.

Is containerless the future of Kubernetes? Let's see how WebAssembly can make containers obsolete

WebAssembly is not just innovating the Web—it's transforming Kubernetes and the cloud-native world with unmatched efficiency and security. Imagine a world beyond containers; that's what WebAssembly offers. If it sounds daunting, don’t worry—I'm here to make it crystal clear. Discover why WebAssembly matters, how it works, and the incredible benefits it brings.

We'll dive into getting started with WebAssembly on Kubernetes using tools like Krustlet and WasmEdge. Explore real implementations, exciting use cases, and hands-on examples. Ready for an exhilarating journey into the future of cloud-native? Let's go!

Discover how WebAssembly is revolutionizing Kubernetes and the cloud-native world! Its efficiency and security make it a fantastic alternative to containers. Join me as I demystify WebAssembly, explain its importance, and show you how to get started with tools like Krustlet and WasmEdge. Learn through real-world examples and use cases. Ready for an exciting ride?

Is Rust a great language for building Kubernetes ecosystem?

When it comes to building tools for the Kubernetes ecosystem, your first thought would be Golang, I'm here to explore if Rust is a better alternative, especially for in-cluster tooling that needs to have minimal overhead and for WebAssembly workloads. Rust is also great for building Kubernetes tooling like CLI apps and so on.

I'll be also sharing and showcasing KDash - a Kubernetes CLI dashboard that I built using Rust and we will look at the Kubernetes-Rust ecosystem that is rapidly evolving and why you should consider it

- Rust vs Golang for k8s use cases
- Advantages of Rust over Golang
- Ideal Kubernetes use cases for Rust (WASI, tools, proxies)
- Real-life use case and example (KDash)
- State of the Rust ecosystem for DevOps and K8s

Kubernetes security 101 | Mastering Kubernetes Security: From Containers to Cluster Fortresses

Kubernetes is ubiquitous these days—like glitter at a craft party, it’s everywhere! If your team is deploying apps to Kubernetes, you know it offers unmatched convenience and scalability, but it can also be a major headache, especially when it comes to security. Simply setting up your cluster and deploying apps isn’t enough; you need to secure it too.

In this session, we'll turn those headaches into headway with essential security best practices for Kubernetes. We will first understand aspects of Kubernetes security and then we'll dive into:
- Securing clusters to protect your infrastructure.
- Safeguarding Docker containers to ensure robust application security.
- Fortifying Java applications within your Kubernetes environment.
- Leveraging OIDC and RBAC for secure cluster access management.
- Mastering secret management like a pro.

Get ready to transform your Kubernetes security game and turn potential vulnerabilities into strengths!

Kubernetes is everywhere these days, like glitter at a craft party—it’s inescapable! If you’re on a team deploying apps to Kubernetes, you know it’s great for convenience and scale, but it can also be a major headache, especially when it comes to security. Just setting up your cluster and deploying isn’t enough; you’ve got to secure it too.

In this session, we’ll turn those headaches into headway with security best practices for Kubernetes. We’ll cover securing clusters, Docker containers, applications, and more. Plus, we’ll dive into using OIDC to secure cluster access and managing secrets like a pro. Get ready to transform your Kubernetes security game!

Modern Java for the masses! Is Java still relevant?

Is Java still relevant? Can it keep up with languages like Go and Rust? Is Java a good language for beginners? Should we consider Java for a modern project? These are some of the common questions that I have got from beginners and students, especially from the current generation who consider Java old and uncool. Everybody wants to work on a modern language with fancy features. In this talk, we are going to explore what modern Java offers in terms of language features and where it is headed. We will also explore if Java can actually keep up with other modern languages in terms of features and explore the strengths and weaknesses of Java so that you can decide for yourself if Java is still a strong contender for use in this day and age. I'll be honest with my opinions without bias and call a spade a spade when I see one, especially from the perspective of a polyglot developer.

Supercharge the web with Web Assembly using Rust

Web Assembly could be the future of web. lets see why it matters and see what are the use-cases for it.

We will look at a small example to showcase what is possible with Web Assembly using Rust and how you can augment your web app with super powers that is not possible with JavaScript alone.

We will also look at why Rust is ideal for Web Assembly compared to other languages.

Web Assembly 101

Lets learn what Web Assembly is and how to get started with WASM using Rust.

We will build a small application to understand how Web Assembly works and demystify various terms and concepts used., like, WASM, WASI, WAT and so on.

Securing Spring Boot Microservices with OAuth and OpenID Connect

Ready to level up your microservices security game? Join us and discover how to secure your Spring Boot microservices using the powerful combination of OAuth, OpenID Connect, and popular Identity Providers (IdP) like Keycloak and Auth0.

We will start with a crash course on OAuth2 and OpenID Connect. We will then embark on a thrilling journey to master the art of securing Spring Boot microservices. We will dive deep into the world of microservices architecture and uncover the security challenges that lie beneath the surface. In this hands-on lab, you'll unlock the secrets of OAuth and OpenID Connect protocols and create an impenetrable shield for your microservices.

But that's not all - we'll take it up a notch by seamlessly integrating IdPs like Keycloak and Auth0 into your microservices security ecosystem, unleashing a whole new level of features and convenience. You'll learn how to configure Spring Security for your microservices and these IdPs. You will learn how to set up authentication and authorization for your microservices. We will also show you how to configure advanced authentication mechanisms, such as multi-factor authentication, social login, and passkeys.

Prepare to get your hands dirty as we dive into practical implementation using real-world examples. You'll gain the confidence and skills needed to conquer client registration, master token management, and skillfully handle authorization requests. You'll witness the magic unfold as your microservices become a fortress of security, guarded by the formidable combination of OAuth, OpenID Connect, and your IdP.

By the end of this hands-on lab, you'll be equipped with knowledge and hands-on experience to implement robust security measures in your own microservices applications.

What the heck is Project Loom and what can a normal Java developer expect from it?

You may have heard the words Project Loom, Fibers, Structured concurrency, and Virtual threads from Java enthusiasts. But what exactly are these, and what is the current state of concurrency in Java? can Java keep up with languages like Go and Rust when it comes to fearless concurrency? Let's be honest, concurrency in java is not among the easiest to master, and thread safety is even more difficult to get right. Can Project loom help to make it easier and less idiot-proof? In this session, I'll do a deep dive into Project loom and explain the different features in the work, look at the current state, and compare it with what we have today with some samples. We will also look into it from the aspect of what a normally Java developer can expect/benefit from it. So come join me for an exciting ride.

Building a Kubernetes monitoring dashboard in Rust. Why not?

Why did I build a Kubernetes Dashboard in Rust? I'll explain the reason behind it and show what KDash does and how it differs from existing tools. I'll also be deep-diving into the challenges I faced and the reason I choose to do it in Rust

Build and deploy cloud native Java microservices on Kubernetes with Istio service mesh

Istio is one of the most popular services mesh solutions available these days. In this deep dive session, let us see how to build and deploy Java microservices to the cloud using Istio, Kubernetes, JHipster, and Spring Cloud.

Istio moves the responsibility of service discovery, load balancing, circuit breaking, monitoring, etc from the application to the platform(Kubernetes) thus letting the developers focus on the business code. But setting it up could be a daunting task for beginners and pros alike. In this session, we will see how Istio works and will learn about different features of Istio, like load balancing, canary deployments, A/B testing, and so on.

What you will learn:

- What is a service mesh, how does Istio work, and what features does it offer
- How to build Java microservices quickly using JHipster
- How to add Istio support to your JHipster microservices
- Setup Istio on a Kubernetes installation (for example on Google Cloud)
- Setup observability and monitoring for the Kubernetes + Istio cluster
- Deploy microservices to Kubernetes

Forget NodeJS! Build native TypeScript applications with Deno

You probably already know that TypeScript is great. But have you tried Deno? Deno is what NodeJS should have been. Its a secure JavaScript/TypeScript runtime built with V8 & Rust. It is aimed to be the better alternative for NodeJS.

In this talk, we will see what Deno is and why it is better than NodeJS for TypeScript native applications. While at it we will build a simple proxy with TS and Deno

Flexible Relationship-Based Authorization in Kubernetes with OpenFGA

RBAC and ABAC are the past! ReBAC (Relationship-Based Access Control) is the future!

In this talk, we'll see how to implement ReBAC on Kubernetes. We'll use OpenFGA, a CNCF Sandbox project, for this. OpenFGA is an open-source solution for fine-grained authorization. it promises security, reliability, and low latency at scale. Learn everything you need to get started with OpenFGA. We will see the step-by-step setup and configuration of OpenFGA on a Kubernetes cluster with a demo application and see it in action. We will also see how to use OpenFGA with Oauth2.

OpenFGA is the latest in Authorization, It is the open source version of Okta FGA backed by Okta. It is inspired by Google Zanzibar and is now a CNCF sandbox project.