SlideShare a Scribd company logo

The Case Against Frameworks - JFall 2023

Download as PPTX, PDF
J
Jan-Hendrik Kuperus

Another day, another silver bullet. The world of software development changes so rapidly, it is sometimes hard to keep track of all novelties and innovations available to us. To make things worse, with every new framework, there will be those that claim it to be the solution to all your problems. Surely the use of frameworks is a good thing, right? Well, this talk will explore some arguments against that proposition. We will look at how the use of frameworks might impact the security of your system; what other downsides there are of using some frameworks and even how the reliance on frameworks could be impacting the ability of developers to understand what is going when things go wrong. Apart from being cautionary, this talk will also show there is a large opportunity for learning in trying to understand frameworks. Being critical and curious will lead to greater understanding which leads to better choices.

Software
1 of 50
The Case Against Frameworks Jan-Hendrik Kuperus
Once upon a sprint...
Once upon a sprint... File uploaded Token expires Token validated
Spring Web • Client uploads file • Spring reads entire request upload into temporary file • Spring validates headers • OAuth interceptor validates token and fails Vert.x • Client uploads file • Vert.x reads request async • Vert.x offers access to headers • OAuth interceptor validates token • File upload continues in background
What is a framework? Definition of framework - a basic conceptual structure - a skeletal or structural frame
What is a framework? Definition of software framework - a reusable set of libraries - prescribes a structure to follow - provides abstraction to hide complexity
Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market
Back-End Frameworks ● Spring ● Vert.x ● Micronaut ● Quarkus ● Vaadin ● Struts ● Axon Framework ● Blade ● Play ● Grails ● Hibernate ● … Front-End Frameworks ● Angular ● React ● Vue ● Ember ● jQuery ● Backbone ● Svelte ● Preact ● PolymerJS ● Meteor ● AlpineJS ● Lit
https://xkcd.com/927/
Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle 🎉 🤨
Framework: No Framework:
Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware 🎉 🤨
Problematic features - Default ports - Admin APIs - Default credentials - Config Overrides - Deserialization
Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware - Transitive Dependency Risks - Free Security Risks 🎉 🤨
Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware - Transitive Dependency Risks - Free Security Risks - Unexpected Features 🎉 🤨
Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware - Transitive Dependency Risks - Free Security Risks - Unexpected Features - Free Malware / Miners 🎉 🤨
Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware - Transitive Dependency Risks - Free Security Risks - Unexpected Features - Free Malware / Miners - Loss of Technical Knowledge 🎉 🤨
https://xkcd.com/2347/
Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware - Transitive Dependency Risks - Free Security Risks - Unexpected Features - Free Malware / Miners - Loss of Technical Knowledge - External Dependency 🎉 🤨
Well what should we do then?
Well what should we do then? - Have the courage to switch
Well what should we do then? - Have the courage to switch - Be curious and learn about the differences
Well what should we do then? - Have the courage to switch - Be curious and learn about the differences - Stay critical of included code
The Case Against Frameworks - JFall 2023

Recommended

OWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript ApplicationsOWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript ApplicationsLewis Ardern
 
How do JavaScript frameworks impact the security of applications?
How do JavaScript frameworks impact the security of applications?How do JavaScript frameworks impact the security of applications?
How do JavaScript frameworks impact the security of applications?Ksenia Peguero
 
Stay productive while slicing up the monolith
Stay productive while slicing up the monolithStay productive while slicing up the monolith
Stay productive while slicing up the monolithMarkus Eisele
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
Unified Security Governance
Unified Security GovernanceUnified Security Governance
Unified Security GovernanceCan Demirel
 
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
 
Stay productive while slicing up the monolith
Stay productive while slicing up the monolithStay productive while slicing up the monolith
Stay productive while slicing up the monolithMarkus Eisele
 
Selenium for everyone
Selenium for everyoneSelenium for everyone
Selenium for everyoneTft Us
 

Recommended

OWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript ApplicationsOWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript ApplicationsLewis Ardern
 
How do JavaScript frameworks impact the security of applications?
How do JavaScript frameworks impact the security of applications?How do JavaScript frameworks impact the security of applications?
How do JavaScript frameworks impact the security of applications?Ksenia Peguero
 
Stay productive while slicing up the monolith
Stay productive while slicing up the monolithStay productive while slicing up the monolith
Stay productive while slicing up the monolithMarkus Eisele
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
Unified Security Governance
Unified Security GovernanceUnified Security Governance
Unified Security GovernanceCan Demirel
 
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
 
Stay productive while slicing up the monolith
Stay productive while slicing up the monolithStay productive while slicing up the monolith
Stay productive while slicing up the monolithMarkus Eisele
 
Selenium for everyone
Selenium for everyoneSelenium for everyone
Selenium for everyoneTft Us
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices ArchitectureIzzet Mustafaiev
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Michael Ducy
 
ThatConference 2016 - Highly Available Node.js
ThatConference 2016 - Highly Available Node.jsThatConference 2016 - Highly Available Node.js
ThatConference 2016 - Highly Available Node.jsBrad Williams
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native SoftwarePaul Fremantle
 
DevOps-Roadmap
DevOps-RoadmapDevOps-Roadmap
DevOps-RoadmapBnhNguynHuy1
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
What's new in web standards?
What's new in web standards?What's new in web standards?
What's new in web standards?Daniel Appelquist
 
Immutable infrastructure:觀念與實作 (建議)
Immutable infrastructure:觀念與實作 (建議)Immutable infrastructure:觀念與實作 (建議)
Immutable infrastructure:觀念與實作 (建議)William Yeh
 
Busy Architects Guide to Modern Web Architecture in 2014
Busy Architects Guide to Modern Web Architecture in 2014Busy Architects Guide to Modern Web Architecture in 2014
Busy Architects Guide to Modern Web Architecture in 2014Particular Software
 
How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...Dmytro Mykhailov
 
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers Lewis Ardern
 
Getting Started with Docker - Nick Stinemates
Getting Started with Docker - Nick StinematesGetting Started with Docker - Nick Stinemates
Getting Started with Docker - Nick StinematesAtlassian
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Arun prasath
 
Demystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDemystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDr Ganesh Iyer
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure SecurityRicky Sanders
 
Containing the world with Docker
Containing the world with DockerContaining the world with Docker
Containing the world with DockerGiuseppe Piccolo
 
Introduction to node js - From "hello world" to deploying on azure
Introduction to node js - From "hello world" to deploying on azureIntroduction to node js - From "hello world" to deploying on azure
Introduction to node js - From "hello world" to deploying on azureColin Mackay
 
Kube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAKube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAHaggai Philip Zagury
 
Dockers and kubernetes
Dockers and kubernetesDockers and kubernetes
Dockers and kubernetesDr Ganesh Iyer
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 

More Related Content

Similar to The Case Against Frameworks - JFall 2023

Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices ArchitectureIzzet Mustafaiev
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Michael Ducy
 
ThatConference 2016 - Highly Available Node.js
ThatConference 2016 - Highly Available Node.jsThatConference 2016 - Highly Available Node.js
ThatConference 2016 - Highly Available Node.jsBrad Williams
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native SoftwarePaul Fremantle
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
What's new in web standards?
What's new in web standards?What's new in web standards?
What's new in web standards?Daniel Appelquist
 
Immutable infrastructure:觀念與實作 (建議)
Immutable infrastructure:觀念與實作 (建議)Immutable infrastructure:觀念與實作 (建議)
Immutable infrastructure:觀念與實作 (建議)William Yeh
 
Busy Architects Guide to Modern Web Architecture in 2014
Busy Architects Guide to Modern Web Architecture in 2014Busy Architects Guide to Modern Web Architecture in 2014
Busy Architects Guide to Modern Web Architecture in 2014Particular Software
 
How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...Dmytro Mykhailov
 
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers Lewis Ardern
 
Getting Started with Docker - Nick Stinemates
Getting Started with Docker - Nick StinematesGetting Started with Docker - Nick Stinemates
Getting Started with Docker - Nick StinematesAtlassian
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Arun prasath
 
Demystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDemystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDr Ganesh Iyer
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure SecurityRicky Sanders
 
Containing the world with Docker
Containing the world with DockerContaining the world with Docker
Containing the world with DockerGiuseppe Piccolo
 
Introduction to node js - From "hello world" to deploying on azure
Introduction to node js - From "hello world" to deploying on azureIntroduction to node js - From "hello world" to deploying on azure
Introduction to node js - From "hello world" to deploying on azureColin Mackay
 
Kube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAKube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAHaggai Philip Zagury
 
Dockers and kubernetes
Dockers and kubernetesDockers and kubernetes
Dockers and kubernetesDr Ganesh Iyer
 

Similar to The Case Against Frameworks - JFall 2023 (20)

Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices Architecture
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
 
ThatConference 2016 - Highly Available Node.js
ThatConference 2016 - Highly Available Node.jsThatConference 2016 - Highly Available Node.js
ThatConference 2016 - Highly Available Node.js
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native Software
 
DevOps-Roadmap
DevOps-RoadmapDevOps-Roadmap
DevOps-Roadmap
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
What's new in web standards?
What's new in web standards?What's new in web standards?
What's new in web standards?
 
Immutable infrastructure:觀念與實作 (建議)
Immutable infrastructure:觀念與實作 (建議)Immutable infrastructure:觀念與實作 (建議)
Immutable infrastructure:觀念與實作 (建議)
 
Busy Architects Guide to Modern Web Architecture in 2014
Busy Architects Guide to Modern Web Architecture in 2014Busy Architects Guide to Modern Web Architecture in 2014
Busy Architects Guide to Modern Web Architecture in 2014
 
How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...
 
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers
 
Getting Started with Docker - Nick Stinemates
Getting Started with Docker - Nick StinematesGetting Started with Docker - Nick Stinemates
Getting Started with Docker - Nick Stinemates
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
Demystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDemystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data Scientists
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure Security
 
Containing the world with Docker
Containing the world with DockerContaining the world with Docker
Containing the world with Docker
 
Introduction to node js - From "hello world" to deploying on azure
Introduction to node js - From "hello world" to deploying on azureIntroduction to node js - From "hello world" to deploying on azure
Introduction to node js - From "hello world" to deploying on azure
 
Kube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAKube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPA
 
Dockers and kubernetes
Dockers and kubernetesDockers and kubernetes
Dockers and kubernetes
 

Recently uploaded

Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 

Recently uploaded (20)

Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 

The Case Against Frameworks - JFall 2023

  • 1. The Case Against Frameworks Jan-Hendrik Kuperus
  • 2. Once upon a sprint...
  • 3. Once upon a sprint... File uploaded Token expires Token validated
  • 4. Spring Web • Client uploads file • Spring reads entire request upload into temporary file • Spring validates headers • OAuth interceptor validates token and fails Vert.x • Client uploads file • Vert.x reads request async • Vert.x offers access to headers • OAuth interceptor validates token • File upload continues in background
  • 5.
  • 6.
  • 7. What is a framework? Definition of framework - a basic conceptual structure - a skeletal or structural frame
  • 8. What is a framework? Definition of software framework - a reusable set of libraries - prescribes a structure to follow - provides abstraction to hide complexity
  • 9.
  • 10. Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market
  • 11.
  • 12. Back-End Frameworks ● Spring ● Vert.x ● Micronaut ● Quarkus ● Vaadin ● Struts ● Axon Framework ● Blade ● Play ● Grails ● Hibernate ● … Front-End Frameworks ● Angular ● React ● Vue ● Ember ● jQuery ● Backbone ● Svelte ● Preact ● PolymerJS ● Meteor ● AlpineJS ● Lit
  • 13.
  • 14.
  • 16. Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle 🎉 🤨
  • 17.
  • 18.
  • 19.
  • 20.
  • 22. Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware 🎉 🤨
  • 23.
  • 24. Problematic features - Default ports - Admin APIs - Default credentials - Config Overrides - Deserialization
  • 25.
  • 26. Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware - Transitive Dependency Risks - Free Security Risks 🎉 🤨
  • 27.
  • 28. Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware - Transitive Dependency Risks - Free Security Risks - Unexpected Features 🎉 🤨
  • 29.
  • 30.
  • 31. Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware - Transitive Dependency Risks - Free Security Risks - Unexpected Features - Free Malware / Miners 🎉 🤨
  • 32.
  • 33.
  • 34.
  • 35. Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware - Transitive Dependency Risks - Free Security Risks - Unexpected Features - Free Malware / Miners - Loss of Technical Knowledge 🎉 🤨
  • 37.
  • 38. Why do we use frameworks? - Unified structure of components - Free Features - Easy to switch projects - Collective Bugfixing - Time To Market - Framework Jungle - Free Bloatware - Transitive Dependency Risks - Free Security Risks - Unexpected Features - Free Malware / Miners - Loss of Technical Knowledge - External Dependency 🎉 🤨
  • 39.
  • 40. Well what should we do then?
  • 41.
  • 42.
  • 43. Well what should we do then? - Have the courage to switch
  • 44.
  • 45. Well what should we do then? - Have the courage to switch - Be curious and learn about the differences
  • 46.
  • 47.
  • 48.
  • 49. Well what should we do then? - Have the courage to switch - Be curious and learn about the differences - Stay critical of included code

Editor's Notes

  1. Why and how? Idea started a few years back. Who was at Tom Cools’ talk? Two years ago this was a lightning talk (plug it) Example: upload svc anecdote Realise: dependent on framework
  2. Next: ranting about Spring?
  3. No, not just rantin. I see a set of behaviours that I want to address.
  4. Industry is in framework-lockin Next: What is a framework
  5. Before begin: define framework
  6. Literally it is the frame of a piece of work, or the frame on which a work can be built Next: what is a software framework
  7. Next: We love frameworks and Frameworks are everywhere!
  8. No projects without frameworks No surprise, they are helpful -> remove repetitive work, add abstractions Next: why do we use frameworks
  9. sounds great right? Next: rainbow
  10. Let’s build a case against frameworks Next: sheer amount of frameworks
  11. Next: zero-days since
  12. Since Node/NPM JS landscape has exploded On new framework: people flock to it until the next
  13. Next: lifecycle of a framework & bloat
  14. NExt: Struggle for relevance adds weight
  15. Weight added gradually Zoom in on Spring: context 1.0 : 158KB, version 5.X : 1.2MB Next: experiment with deps
  16. Next: hoarding & sustainability
  17. Digital hoarding
  18. Remember this one? What if someone unpublishes or breaks that tiny little thing at the bottom? Can you replace that?
  19. Next: Security
  20. Next: feature venn
  21. Next LinkedIn-scouting
  22. Next: Unexpected features
  23. Next: malicious code injection (the other half)
  24. Next: unfolding story of forked repo’s
  25. -Password to databases -API Keys -OAUth keys -Certificate keys Good news - Github cleanup
  26. Next: Loss of knowledge
  27. Reasonable from BE? FE depends on HTTP semantics
  28. Left unchecked, it makes it harder and harder to understand errors from the underlying technology Progress? Delegated growing food.
  29. Next: External dependencies
  30. Remember this one? What if someone unpublishes or breaks that tiny little thing at the bottom? Can you replace that?
  31. Hard to get change done in frameworks, we depend on others.
  32. Is it all bad then?
  33. Stop using? No. B2C should not create HTTP servers etc. No more innovation if we do.
  34. End of fear-mongering. Noticed strong tendency to stick
  35. Next: Since come to see them as tools
  36. Switch! Especially with microservices. Rewrite in 2 weeks! Right? Remember the upload service? Solution.
  37. Next: curious
  38. No black box. Learn.
  39. Next: be critical (and then don’t be this guy)
  40. Better to be the one seeing a problem coming than the one that includes malware that’s part of the next big hype thing
  41. Next: so investigate, read docs, there’s usually some hints there
  42. More reasons to use framework: Tom Cools & Ellien Callens, Leaving a Legacy.
  43. One takeaway: The framework does not decide what you can build, you decide what framework to use. And your decision is allowed to change. Thank you.