ThoughtWorks Technology Radar Roadshow - Brisbane

TECHNOLOGYRADARMay 2015 — Our thoughts on the technology and trends that are shaping the future

1

3

TECHNOLOGY ADVISORY BOARD

THEMES FOR THIS ISSUE

7

TECHNIQUES8

9

ADOPT 1. Consumer-driven contract testing NEW

2. Focus on mean time to recovery 3. Generated infrastructure diagrams NEW 4. Structured logging

TRIAL 5. Canary builds 6. Datensparsamkeit 7. Local storage sync 8. NoPSD 9. Offline-first web applications NEW 10. Products over projects NEW 11. Threat Modelling NEW

ASSESS 12. Append-only data store 13. Blockchain beyond Bitcoin 14. Enterprise Data Lake 15. Flux NEW 16. “git-based CMS” NEW 17. Phoenix environments NEW 18. Reactive architectures NEW

HOLD 19. Long lived branches with Gitflow 20. Microservice envy 21. Programming in your CI/CD tool 22. SAFe™ 23. Security sandwich 24. Separate DevOps team

TECHNIQUES

10

TECHNIQUES

10

TECHNIQUES

CONSUMER-DRIVEN CONTRACT TESTING 1

CONSUMER DRIVEN CONTRACTS

11


12


13

Yesterday Today


14

Backend — API

Unit Integration Contract

Frontend — Consumer

Unit Integration DeploymentE2E

Deployment


Unit Integration DeploymentE2E

Backend — API



Deployment


Unit Integration DeploymentE2EContract

Backend — API



Deployment


Stub

Backend — API



Unit Integration

Stub

Deployment

DeploymentE2EContract


Backend — API


Unit Integration Deployment

Unit Integration

Contract

Contract

Stub

DeploymentE2E


Backend — API


Unit Integration

Unit Integration

Contract

Contract

Stub

Deployment

DeploymentE2E


https://github.com/realestate-com-au/pact https://github.com/thoughtworks/pacto

CONSUMER DRIVEN CONTRACTS TOOLS

PACT

Consumer

Mock Service

Contract Tests

Pact Provider

Runner

Real Service

PACT EXAMPLE

{"provider": {

"name": "Account Service"},"consumer": {

"name": "Internet Banking"},"interactions": [

{"description": "A GET request to retrieve the balance","provider_state": "There is an account with id '12345'","request": {

"method": "get","path": "/accounts/12345/balance"

},"response": {

"status": 200,"headers": {

"Content-Type": "application/json"},"body": {

"balance": 99.99}

}}

],"metadata": {

"pactSpecificationVersion": "1.1.0"}

}

pact {

serviceProviders {

AccountService {

hasPactWith('InternetBanking') {

pactFile = file('balance-pact.json')

}

}

}

}

DeploymentE2E

CONSUMER DRIVEN CONTRACTS AN ALTERNATIVE

Unit Integration

Backend — API



Library

Deployment

25






TECHNIQUES

26






TECHNIQUES

TOOLS27

28

TOOLSADOPT 48. Composer 49. Go CD 50. Mountebank 51. Postman

TRIAL 52. Boot2docker 53. Brighter NEW 54. Consul

55. Cursive 56. Gitlab 57. Hamms NEW

58. IndexedDB 59. POLLY NEW 60. Rest-assured NEW 61. Swagger 62. Xamarin 63. ZAP NEW

ASSESS 64. Apache Kafka NEW 65. Blackbox 66. Bokeh/Vega NEW 67. Gor NEW 68. NaCL NEW 69. Origami NEW 70. Packet beat 71. pdfmake NEW 72. PlantUML NEW 73. Prometheus NEW 74. Quick NEW 75. Security Monkey NEW

HOLD 76. Citrix for development

29

TOOLS

29

TOOLS

7563

65

68

BLACKBOX

ZED ATTACK PROXYSECURITY MONKEY

NACL

SECURITY AWARENESS AMONG SENIOR DEVELOPERS*

30*Source: http://jemurai.com/developer-survey-1-results-part-2.html

37% think security isa small concern

8% think it is a top concern

67%

haver never heard of OWASP, OWASP top 10, or

CWE top 25

25%

of projects reported had security training, pen test or security embedded in

development

Overwhelmingly, the only security practices in place are manual code and design reviews.

http://jemurai.com/developer-survey-1-results-part-2.html

OWASP ZED ATTACK PROXY

31

The Main Features

All the essentials for web application testing

■ Intercepting Proxy

■ Active and Passive Scanners

■ Traditional and Ajax Spiders

■ WebSockets support

■ Forced Browsing (using OWASP DirBuster code)

■ Fuzzing (using fuzzdb & OWASP JBroFuzz)

■ Online Add-ons Marketplace

Browser configured to use proxy

Browser

Primary OS

Web Proxy

Your Computer

VM

Web Server

Browser Web Proxy

Web Server

http://www.slideshare.net/dgsweigert/using-the http://www.slideshare.net/tabaradetestare/owasp-2013-zapquickintro

ARE YOUR REPOS AND BUILD SERVERS SECURE?

32

http://www.wired.com/2012/09/adobe-digital-cert-hacked/

PROTECTING DEV SECRETS WITH BLACKBOX

Git Repo

Keys

Shhhh

secret

ShhhhBlackbox

Repo seen by all

Secrets readable by few

34

TOOLSADOPT 48. Composer 49. Go CD 50. Mountebank 51. Postman

TRIAL 52. Boot2docker 53. Brighter NEW 54. Consul

55. Cursive 56. Gitlab 57. HAMMS NEW

58. IndexedDB 59. POLLY NEW 60. Rest-assured NEW 61. Swagger 62. Xamarin 63. ZAP NEW

ASSESS 64. Apache Kafka NEW 65. Blackbox 66. Bokeh/Vega NEW 67. Gor NEW 68. NaCL NEW 69. Origami NEW 70. Packet beat 71. pdfmake NEW 72. PlantUML NEW 73. Prometheus NEW 74. Quick NEW 75. Security Monkey NEW

HOLD 76. Citrix for development

LANGUAGES & FRAMEWORKS

35

36


ADOPT 77. Nancy

TRIAL 78. Dashing 79. Django Rest 80. Ionic Framework 81. Nashorn 82. Om 83. React.js 84. Retrofit 85. Spring Boot

ASSESS 86. Ember.js NEW 87. Flight.js 88. Haskell Hadoop library 89. Lotus 90. Reagent 91. Swift

HOLD 92. JSF

37


37

LANGUAGES & FRAMEWORKSNANCY77

An open-source .NET micro web framework

v 0.23.2

POPULARITY

BUT WHAT’S UNDER THE COVERS?

Nancy’s Nuget page

BUT WHAT’S UNDER THE COVERS?

ASP.NET MVC 5 on IIS

116 Packages*

Installing Microsoft.AspNet.Server.IIS 1.0.0-beta4Installing Microsoft.AspNet.Loader.IIS.Interop 1.0.0-beta4Installing Microsoft.AspNet.Loader.IIS 1.0.0-beta4Installing Microsoft.AspNet.DataProtection.Interfaces 1.0.0-beta4Installing Microsoft.AspNet.Hosting 1.0.0-beta4Installing Microsoft.AspNet.Hosting.Interfaces 1.0.0-beta4Installing Microsoft.AspNet.Http 1.0.0-beta4Installing Microsoft.AspNet.FeatureModel 1.0.0-beta4Installing Microsoft.Framework.ConfigurationModel 1.0.0-beta4Installing Microsoft.Framework.ConfigurationModel.Interfaces 1.0.0-beta4Installing Microsoft.AspNet.FileProviders.Interfaces 1.0.0-beta4Installing Microsoft.Framework.Caching.Interfaces 1.0.0-beta4Installing Microsoft.AspNet.FileProviders 1.0.0-beta4Installing Microsoft.AspNet.Http.Core 1.0.0-beta4Installing Microsoft.AspNet.Http.Interfaces 1.0.0-beta4Installing Microsoft.AspNet.WebUtilities 1.0.0-beta4Installing Microsoft.Net.Http.Headers 1.0.0-beta4Installing Microsoft.AspNet.Http.Extensions 1.0.0-beta4Installing Microsoft.Framework.DependencyInjection.Interfaces 1.0.0-beta4Installing Microsoft.Framework.Logging 1.0.0-beta4Installing Microsoft.Framework.Logging.Interfaces 1.0.0-beta4Installing Microsoft.Framework.DependencyInjection 1.0.0-beta4Installing Newtonsoft.Json 6.0.6Installing Microsoft.Framework.Runtime.Interfaces 1.0.0-beta4Installing Microsoft.Framework.WebEncoders.Core 1.0.0-beta4Installing Microsoft.AspNet.Server.WebListener 1.0.0-beta4Installing Microsoft.Net.WebSocketAbstractions 1.0.0-beta4Installing Microsoft.Net.Http.Server 1.0.0-beta4Installing Microsoft.Net.WebSockets 1.0.0-beta4Installing Microsoft.AspNet.Diagnostics 1.0.0-beta4Installing Microsoft.AspNet.Diagnostics.Interfaces 1.0.0-beta4Installing Microsoft.Framework.OptionsModel 1.0.0-beta4Installing Microsoft.AspNet.Mvc 6.0.0-beta4Installing Microsoft.Framework.Caching.Memory 1.0.0-beta4Installing Microsoft.AspNet.Authorization 1.0.0-beta4Installing Microsoft.AspNet.Cors 1.0.0-beta4Installing Microsoft.AspNet.Cors.Core 1.0.0-beta4Installing Microsoft.AspNet.Mvc.Razor 6.0.0-beta4

Installing Nancy 1.1Installing Nancy.Hosting.Self 1.1Writing lock file /Users/jdamore/dev/projects/aspnethome/samples/1.0.0-beta4/HelloNancySelf/project.lock.jsonRestore complete, 679ms elapsed

Nancy Self Hosted

2 Packages*

*on OsX 10.10.3 with DNX 1.0.0-beta4

HOW LIGHTWEIGHT ?


public class HomeModule : NancyModule { public HomeModule() { Get["/check"] = _ => {

return “I am the Home service and I am healthy”; }; Get["/"] = _ => {

return Response.AsJson(models); }; Get[“/{id}”] = _ => {

model = models.Where(model => model.id != id); return Negotiate.WithJson(model).WithXml(model); };

Post["/"] = _ => { model = this.Request.Body; models.add(model); return HttpStatusCode.Created; };

Delete["/(?<id>[\d]{1,7})"] = _ => { models = models.Where(model => model.id != id); return HttpStatusCode.OK; }; } }

SPEED DATING WITH NANCY


Nancy Bootstrapper

NANCY COMPOSITION

IoC

Nancy Module

ViewEngine

Model Binder

Model Validator

Nancy Engine


Real Services

WebApiStub Services

NancyContract Tests

IIS IIS

NANCY FOR STUBBING SERVICES

Proprietary OSS

WebAPI

IIS

.NET 4

WS 2012 R2

Nancy

IIS

.NET 4

WS 2012 R2

Nancy

IIS

.NET 5

WS 2012 R2

Nancy

Kestrel

DNX

Linux

Nancy

Kestrel

.NET 5

WS 2012 R2

Heavyweight Lightweight

ASP.NET 5.0 IS OPEN SOURCE

46


ADOPT 77. Nancy

TRIAL 78. Dashing 79. Django Rest 80. Ionic Framework 81. Nashorn 82. Om 83. React.js 84. Retrofit 85. Spring Boot

ASSESS 86. Ember.js NEW 87. Flight.js 88. Haskell Hadoop library 89. Lotus 90. Reagent 91. Swift

HOLD 92. JSF

PLATFORMS47

48

PLATFORMSDeployment architectures keep evolving.

48

PLATFORMS

33 DEIS

30 APACHE MESOS

32 COREOS45APPLICATION SERVERS

Deployment architectures keep evolving.

THE RISE OF DOCKER

49

http://blog.docker.com/2014/11/docker-governance-advisory-board-output-of-first-meeting/

GitHub Stars by Date and Project Config Management GitHub Totals

EXPLOSION OF TOOLS AND PLATFORMS

50

CoreOS Fleet

Docker Swarm

DEIS: DOCKER-BASED PAAS — ANYWHERE

51http://docs.deis.io/en/v0.9.0/gettingstarted/architecture/

Developer Application Consumers

Load Balancer

Controller Load Balancer

Cluster (Test)

ContainersScheduler Router

Cluster (Dev)


Cluster (Prod)


Monitoring Logging Backing Services

Containers

Containers

Containers

Containers

Containers

Containers

Router

Router

Router

APACHE MESOS

52http://abhishek-tiwari.com/post/building-distributed-systems-with-mesos

batch services Workloads

Apps

Frameworks

Kernel

DFS

Cluster

C++ BASH Python

Scalding Impala Shark MySQL Kafka JBoss Django Rails

MPI Hadoop Spark Storm

Marathon

Chronos

RubyPythonJVMC++

distributed file system

distributed resources: CPU, RAM, I/O, FS, rack locality, etc.

WHERE DOES THIS LEAVE APPLICATION SERVERS?

53

54

PLATFORMSADOPT TRIAL 25. Apache Spark NEW 26. Cloudera Impala NEW 27. DigitalOcean 28. TOTP Two-Factor Authentication

HOLD 45. Application Servers NEW 46. OSGi 47. SPDY NEW

ASSESS 29. Apache Kylin NEW 30. Apache Mesos 31. CoreCLR and CoreFX NEW 32. CoreOS 33. Deis NEW 34. H2O NEW 35. Jackrabbit Oak 36. Linux security modules 37. MariaDB 38. Netflix OSS Full stack 39. OpenAM 40. SDN 41. Spark.io 42. Text it as a service / Rapidpro.io 43. Time-series Databases NEW 44. U2F

55

Scott Shaw

@scottwshaw

Jean D’Amore

@jeandamore

thoughtworks.com/radar

http://thoughtworks.com/radar

ThoughtWorks Technology Radar Roadshow - Brisbane

Technology

Transcript of ThoughtWorks Technology Radar Roadshow - Brisbane