ThoughtWorks Technology Radar Roadshow - Brisbane
-
Upload
thoughtworks -
Category
Technology
-
view
318 -
download
2
Transcript of ThoughtWorks Technology Radar Roadshow - Brisbane
TECHNOLOGYRADARMay 2015 — Our thoughts on the technology and trends that are shaping the future
1
2
3
TECHNOLOGY ADVISORY BOARD
4
5
6
THEMES FOR THIS ISSUE
7
TECHNIQUES8
TECHNIQUES8
9
ADOPT 1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery 3. Generated infrastructure diagrams NEW 4. Structured logging
TRIAL 5. Canary builds 6. Datensparsamkeit 7. Local storage sync 8. NoPSD 9. Offline-first web applications NEW 10. Products over projects NEW 11. Threat Modelling NEW
ASSESS 12. Append-only data store 13. Blockchain beyond Bitcoin 14. Enterprise Data Lake 15. Flux NEW 16. “git-based CMS” NEW 17. Phoenix environments NEW 18. Reactive architectures NEW
HOLD 19. Long lived branches with Gitflow 20. Microservice envy 21. Programming in your CI/CD tool 22. SAFe™ 23. Security sandwich 24. Separate DevOps team
TECHNIQUES
10
TECHNIQUES
10
TECHNIQUES
CONSUMER-DRIVEN CONTRACT TESTING 1
CONSUMER DRIVEN CONTRACTS
11
CONSUMER DRIVEN CONTRACTS
12
CONSUMER DRIVEN CONTRACTS
13
Yesterday Today
CONSUMER DRIVEN CONTRACTS
14
Backend — API
Unit Integration Contract
Frontend — Consumer
Unit Integration DeploymentE2E
Deployment
CONSUMER DRIVEN CONTRACTS
Unit Integration DeploymentE2E
Backend — API
Unit Integration Contract
Frontend — Consumer
Deployment
CONSUMER DRIVEN CONTRACTS
Unit Integration DeploymentE2EContract
Backend — API
Unit Integration Contract
Frontend — Consumer
Deployment
CONSUMER DRIVEN CONTRACTS
Stub
Backend — API
Frontend — Consumer
Unit Integration Contract
Unit Integration
Stub
Deployment
DeploymentE2EContract
CONSUMER DRIVEN CONTRACTS
Backend — API
Frontend — Consumer
Unit Integration Deployment
Unit Integration
Contract
Contract
Stub
DeploymentE2E
CONSUMER DRIVEN CONTRACTS
Backend — API
Frontend — Consumer
Unit Integration
Unit Integration
Contract
Contract
Stub
Deployment
DeploymentE2E
CONSUMER DRIVEN CONTRACTS
https://github.com/realestate-com-au/pact https://github.com/thoughtworks/pacto
CONSUMER DRIVEN CONTRACTS TOOLS
PACT
Consumer
Mock Service
Contract Tests
Pact Provider
Runner
Real Service
PACT EXAMPLE
{"provider": {
"name": "Account Service"},"consumer": {
"name": "Internet Banking"},"interactions": [
{"description": "A GET request to retrieve the balance","provider_state": "There is an account with id '12345'","request": {
"method": "get","path": "/accounts/12345/balance"
},"response": {
"status": 200,"headers": {
"Content-Type": "application/json"},"body": {
"balance": 99.99}
}}
],"metadata": {
"pactSpecificationVersion": "1.1.0"}
}
pact {
serviceProviders {
AccountService {
hasPactWith('InternetBanking') {
pactFile = file('balance-pact.json')
}
}
}
}
DeploymentE2E
CONSUMER DRIVEN CONTRACTS AN ALTERNATIVE
Unit Integration
Backend — API
Unit Integration Contract
Frontend — Consumer
Library
Deployment
25
ADOPT 1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery 3. Generated infrastructure diagrams NEW 4. Structured logging
TRIAL 5. Canary builds 6. Datensparsamkeit 7. Local storage sync 8. NoPSD 9. Offline-first web applications NEW 10. Products over projects NEW 11. Threat Modelling NEW
ASSESS 12. Append-only data store 13. Blockchain beyond Bitcoin 14. Enterprise Data Lake 15. Flux NEW 16. “git-based CMS” NEW 17. Phoenix environments NEW 18. Reactive architectures NEW
HOLD 19. Long lived branches with Gitflow 20. Microservice envy 21. Programming in your CI/CD tool 22. SAFe™ 23. Security sandwich 24. Separate DevOps team
TECHNIQUES
26
ADOPT 1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery 3. Generated infrastructure diagrams NEW 4. Structured logging
TRIAL 5. Canary builds 6. Datensparsamkeit 7. Local storage sync 8. NoPSD 9. Offline-first web applications NEW 10. Products over projects NEW 11. Threat Modelling NEW
ASSESS 12. Append-only data store 13. Blockchain beyond Bitcoin 14. Enterprise Data Lake 15. Flux NEW 16. “git-based CMS” NEW 17. Phoenix environments NEW 18. Reactive architectures NEW
HOLD 19. Long lived branches with Gitflow 20. Microservice envy 21. Programming in your CI/CD tool 22. SAFe™ 23. Security sandwich 24. Separate DevOps team
TECHNIQUES
TOOLS27
TOOLS27
28
TOOLSADOPT 48. Composer 49. Go CD 50. Mountebank 51. Postman
TRIAL 52. Boot2docker 53. Brighter NEW 54. Consul
55. Cursive 56. Gitlab 57. Hamms NEW
58. IndexedDB 59. POLLY NEW 60. Rest-assured NEW 61. Swagger 62. Xamarin 63. ZAP NEW
ASSESS 64. Apache Kafka NEW 65. Blackbox 66. Bokeh/Vega NEW 67. Gor NEW 68. NaCL NEW 69. Origami NEW 70. Packet beat 71. pdfmake NEW 72. PlantUML NEW 73. Prometheus NEW 74. Quick NEW 75. Security Monkey NEW
HOLD 76. Citrix for development
29
TOOLS
29
TOOLS
7563
65
68
BLACKBOX
ZED ATTACK PROXYSECURITY MONKEY
NACL
SECURITY AWARENESS AMONG SENIOR DEVELOPERS*
30*Source: http://jemurai.com/developer-survey-1-results-part-2.html
37% think security isa small concern
8% think it is a top concern
67%
haver never heard of OWASP, OWASP top 10, or
CWE top 25
25%
of projects reported had security training, pen test or security embedded in
development
Overwhelmingly, the only security practices in place are manual code and design reviews.
OWASP ZED ATTACK PROXY
31
The Main Features
All the essentials for web application testing
■ Intercepting Proxy
■ Active and Passive Scanners
■ Traditional and Ajax Spiders
■ WebSockets support
■ Forced Browsing (using OWASP DirBuster code)
■ Fuzzing (using fuzzdb & OWASP JBroFuzz)
■ Online Add-ons Marketplace
Browser configured to use proxy
Browser
Primary OS
Web Proxy
Your Computer
VM
Web Server
Browser Web Proxy
Web Server
http://www.slideshare.net/dgsweigert/using-the http://www.slideshare.net/tabaradetestare/owasp-2013-zapquickintro
ARE YOUR REPOS AND BUILD SERVERS SECURE?
32
http://www.wired.com/2012/09/adobe-digital-cert-hacked/
ARE YOUR REPOS AND BUILD SERVERS SECURE?
32
http://www.wired.com/2012/09/adobe-digital-cert-hacked/
PROTECTING DEV SECRETS WITH BLACKBOX
Git Repo
Keys
Shhhh
secret
ShhhhBlackbox
Repo seen by all
Secrets readable by few
34
TOOLSADOPT 48. Composer 49. Go CD 50. Mountebank 51. Postman
TRIAL 52. Boot2docker 53. Brighter NEW 54. Consul
55. Cursive 56. Gitlab 57. HAMMS NEW
58. IndexedDB 59. POLLY NEW 60. Rest-assured NEW 61. Swagger 62. Xamarin 63. ZAP NEW
ASSESS 64. Apache Kafka NEW 65. Blackbox 66. Bokeh/Vega NEW 67. Gor NEW 68. NaCL NEW 69. Origami NEW 70. Packet beat 71. pdfmake NEW 72. PlantUML NEW 73. Prometheus NEW 74. Quick NEW 75. Security Monkey NEW
HOLD 76. Citrix for development
LANGUAGES & FRAMEWORKS
35
LANGUAGES & FRAMEWORKS
35
36
LANGUAGES & FRAMEWORKS
ADOPT 77. Nancy
TRIAL 78. Dashing 79. Django Rest 80. Ionic Framework 81. Nashorn 82. Om 83. React.js 84. Retrofit 85. Spring Boot
ASSESS 86. Ember.js NEW 87. Flight.js 88. Haskell Hadoop library 89. Lotus 90. Reagent 91. Swift
HOLD 92. JSF
37
LANGUAGES & FRAMEWORKS
37
LANGUAGES & FRAMEWORKSNANCY77
An open-source .NET micro web framework
v 0.23.2
POPULARITY
BUT WHAT’S UNDER THE COVERS?
Nancy’s Nuget page
BUT WHAT’S UNDER THE COVERS?
ASP.NET MVC 5 on IIS
116 Packages*
Installing Microsoft.AspNet.Server.IIS 1.0.0-beta4Installing Microsoft.AspNet.Loader.IIS.Interop 1.0.0-beta4Installing Microsoft.AspNet.Loader.IIS 1.0.0-beta4Installing Microsoft.AspNet.DataProtection.Interfaces 1.0.0-beta4Installing Microsoft.AspNet.Hosting 1.0.0-beta4Installing Microsoft.AspNet.Hosting.Interfaces 1.0.0-beta4Installing Microsoft.AspNet.Http 1.0.0-beta4Installing Microsoft.AspNet.FeatureModel 1.0.0-beta4Installing Microsoft.Framework.ConfigurationModel 1.0.0-beta4Installing Microsoft.Framework.ConfigurationModel.Interfaces 1.0.0-beta4Installing Microsoft.AspNet.FileProviders.Interfaces 1.0.0-beta4Installing Microsoft.Framework.Caching.Interfaces 1.0.0-beta4Installing Microsoft.AspNet.FileProviders 1.0.0-beta4Installing Microsoft.AspNet.Http.Core 1.0.0-beta4Installing Microsoft.AspNet.Http.Interfaces 1.0.0-beta4Installing Microsoft.AspNet.WebUtilities 1.0.0-beta4Installing Microsoft.Net.Http.Headers 1.0.0-beta4Installing Microsoft.AspNet.Http.Extensions 1.0.0-beta4Installing Microsoft.Framework.DependencyInjection.Interfaces 1.0.0-beta4Installing Microsoft.Framework.Logging 1.0.0-beta4Installing Microsoft.Framework.Logging.Interfaces 1.0.0-beta4Installing Microsoft.Framework.DependencyInjection 1.0.0-beta4Installing Newtonsoft.Json 6.0.6Installing Microsoft.Framework.Runtime.Interfaces 1.0.0-beta4Installing Microsoft.Framework.WebEncoders.Core 1.0.0-beta4Installing Microsoft.AspNet.Server.WebListener 1.0.0-beta4Installing Microsoft.Net.WebSocketAbstractions 1.0.0-beta4Installing Microsoft.Net.Http.Server 1.0.0-beta4Installing Microsoft.Net.WebSockets 1.0.0-beta4Installing Microsoft.AspNet.Diagnostics 1.0.0-beta4Installing Microsoft.AspNet.Diagnostics.Interfaces 1.0.0-beta4Installing Microsoft.Framework.OptionsModel 1.0.0-beta4Installing Microsoft.AspNet.Mvc 6.0.0-beta4Installing Microsoft.Framework.Caching.Memory 1.0.0-beta4Installing Microsoft.AspNet.Authorization 1.0.0-beta4Installing Microsoft.AspNet.Cors 1.0.0-beta4Installing Microsoft.AspNet.Cors.Core 1.0.0-beta4Installing Microsoft.AspNet.Mvc.Razor 6.0.0-beta4
Installing Nancy 1.1Installing Nancy.Hosting.Self 1.1Writing lock file /Users/jdamore/dev/projects/aspnethome/samples/1.0.0-beta4/HelloNancySelf/project.lock.jsonRestore complete, 679ms elapsed
Nancy Self Hosted
2 Packages*
*on OsX 10.10.3 with DNX 1.0.0-beta4
HOW LIGHTWEIGHT ?
*on OsX 10.10.3 with DNX 1.0.0-beta4
public class HomeModule : NancyModule { public HomeModule() { Get["/check"] = _ => {
return “I am the Home service and I am healthy”; }; Get["/"] = _ => {
return Response.AsJson(models); }; Get[“/{id}”] = _ => {
model = models.Where(model => model.id != id); return Negotiate.WithJson(model).WithXml(model); };
Post["/"] = _ => { model = this.Request.Body; models.add(model); return HttpStatusCode.Created; };
Delete["/(?<id>[\d]{1,7})"] = _ => { models = models.Where(model => model.id != id); return HttpStatusCode.OK; }; } }
SPEED DATING WITH NANCY
*on OsX 10.10.3 with DNX 1.0.0-beta4
Nancy Bootstrapper
NANCY COMPOSITION
IoC
Nancy Module
ViewEngine
Model Binder
Model Validator
Nancy Engine
*on OsX 10.10.3 with DNX 1.0.0-beta4
Real Services
WebApiStub Services
NancyContract Tests
IIS IIS
NANCY FOR STUBBING SERVICES
Proprietary OSS
WebAPI
IIS
.NET 4
WS 2012 R2
Nancy
IIS
.NET 4
WS 2012 R2
Nancy
IIS
.NET 5
WS 2012 R2
Nancy
Kestrel
DNX
Linux
Nancy
Kestrel
.NET 5
WS 2012 R2
Heavyweight Lightweight
ASP.NET 5.0 IS OPEN SOURCE
46
LANGUAGES & FRAMEWORKS
ADOPT 77. Nancy
TRIAL 78. Dashing 79. Django Rest 80. Ionic Framework 81. Nashorn 82. Om 83. React.js 84. Retrofit 85. Spring Boot
ASSESS 86. Ember.js NEW 87. Flight.js 88. Haskell Hadoop library 89. Lotus 90. Reagent 91. Swift
HOLD 92. JSF
PLATFORMS47
PLATFORMS47
48
PLATFORMSDeployment architectures keep evolving.
48
PLATFORMS
33 DEIS
30 APACHE MESOS
32 COREOS45APPLICATION SERVERS
Deployment architectures keep evolving.
THE RISE OF DOCKER
49
http://blog.docker.com/2014/11/docker-governance-advisory-board-output-of-first-meeting/
GitHub Stars by Date and Project Config Management GitHub Totals
EXPLOSION OF TOOLS AND PLATFORMS
50
CoreOS Fleet
Docker Swarm
DEIS: DOCKER-BASED PAAS — ANYWHERE
51http://docs.deis.io/en/v0.9.0/gettingstarted/architecture/
Developer Application Consumers
Load Balancer
Controller Load Balancer
Cluster (Test)
ContainersScheduler Router
Cluster (Dev)
ContainersScheduler Router
Cluster (Prod)
ContainersScheduler Router
Monitoring Logging Backing Services
Containers
Containers
Containers
Containers
Containers
Containers
Router
Router
Router
APACHE MESOS
52http://abhishek-tiwari.com/post/building-distributed-systems-with-mesos
batch services Workloads
Apps
Frameworks
Kernel
DFS
Cluster
C++ BASH Python
Scalding Impala Shark MySQL Kafka JBoss Django Rails
MPI Hadoop Spark Storm
Marathon
Chronos
RubyPythonJVMC++
distributed file system
distributed resources: CPU, RAM, I/O, FS, rack locality, etc.
WHERE DOES THIS LEAVE APPLICATION SERVERS?
53
54
PLATFORMSADOPT TRIAL 25. Apache Spark NEW 26. Cloudera Impala NEW 27. DigitalOcean 28. TOTP Two-Factor Authentication
HOLD 45. Application Servers NEW 46. OSGi 47. SPDY NEW
ASSESS 29. Apache Kylin NEW 30. Apache Mesos 31. CoreCLR and CoreFX NEW 32. CoreOS 33. Deis NEW 34. H2O NEW 35. Jackrabbit Oak 36. Linux security modules 37. MariaDB 38. Netflix OSS Full stack 39. OpenAM 40. SDN 41. Spark.io 42. Text it as a service / Rapidpro.io 43. Time-series Databases NEW 44. U2F
55
Scott Shaw
@scottwshaw
Jean D’Amore
@jeandamore
thoughtworks.com/radar