Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ThoughtWorks Technology Radar Roadshow - Brisbane

2,173 views

Published on

Wrapping up a 4-city Tech Radar roadshow in Brisbane, ThoughtWorks Australia’s Head of Technology Scott Shaw and senior consultant Jean Robert D’Amore cover topics from all 4 quadrants of the latest edition of the ThoughtWorks Technology Radar. This presentation covers Consumer-Driven Contract Testing, Security, Nancy, Apache Mesos, and Docker.

Published in: Technology

ThoughtWorks Technology Radar Roadshow - Brisbane

  1. 1. TECHNOLOGY
 RADAR May 2015 — Our thoughts on the technology and trends that are shaping the future 1
  2. 2. 2
  3. 3. 3 TECHNOLOGYADVISORYBOARD
  4. 4. 4
  5. 5. 5
  6. 6. 6
  7. 7. THEMES FOR THIS ISSUE 7
  8. 8. TECHNIQUES 8
  9. 9. TECHNIQUES 8
  10. 10. 9 ADOPT 1. Consumer-driven contract testing NEW 2. Focus on mean time to recovery 3. Generated infrastructure diagrams NEW 4. Structured logging TRIAL 5. Canary builds 6. Datensparsamkeit 7. Local storage sync 8. NoPSD 9. Offline-first web applications NEW 10. Products over projects NEW 11. Threat Modelling NEW ASSESS 12. Append-only data store 13. Blockchain beyond Bitcoin 14. Enterprise Data Lake 15. Flux NEW 16. “git-based CMS” NEW 17. Phoenix environments NEW 18. Reactive architectures NEW HOLD 19. Long lived branches with Gitflow 20. Microservice envy 21. Programming in your CI/CD tool 22. SAFe™ 23. Security sandwich 24. Separate DevOps team TECHNIQUES
  11. 11. 10 TECHNIQUES
  12. 12. 10 TECHNIQUES CONSUMER-DRIVEN CONTRACT TESTING 1
  13. 13. CONSUMER DRIVEN CONTRACTS 11
  14. 14. CONSUMER DRIVEN CONTRACTS 12
  15. 15. CONSUMER DRIVEN CONTRACTS 13 Yesterday Today
  16. 16. CONSUMER DRIVEN CONTRACTS 14
  17. 17. Backend — API Unit Integration Contract Frontend — Consumer Unit Integration DeploymentE2E Deployment CONSUMER DRIVEN CONTRACTS
  18. 18. Unit Integration DeploymentE2E Backend — API Unit Integration Contract Frontend — Consumer Deployment CONSUMER DRIVEN CONTRACTS
  19. 19. Unit Integration DeploymentE2EContract Backend — API Unit Integration Contract Frontend — Consumer Deployment CONSUMER DRIVEN CONTRACTS Stub
  20. 20. Backend — API Frontend — Consumer Unit Integration Contract Unit Integration Stub Deployment DeploymentE2EContract CONSUMER DRIVEN CONTRACTS
  21. 21. Backend — API Frontend — Consumer Unit Integration Deployment Unit Integration Contract Contract Stub DeploymentE2E CONSUMER DRIVEN CONTRACTS
  22. 22. Backend — API Frontend — Consumer Unit Integration Unit Integration Contract Contract Stub Deployment DeploymentE2E CONSUMER DRIVEN CONTRACTS
  23. 23. https://github.com/realestate-com-au/pact https://github.com/thoughtworks/pacto CONSUMER DRIVEN CONTRACTS TOOLS
  24. 24. PACT Consumer Mock Service Contract Tests Pact Provider Runner Real Service
  25. 25. PACT EXAMPLE { "provider": { "name": "Account Service" }, "consumer": { "name": "Internet Banking" }, "interactions": [ { "description": "A GET request to retrieve the balance", "provider_state": "There is an account with id '12345'", "request": { "method": "get", "path": "/accounts/12345/balance" }, "response": { "status": 200, "headers": { "Content-Type": "application/json" }, "body": { "balance": 99.99 } } } ], "metadata": { "pactSpecificationVersion": "1.1.0" } } pact { serviceProviders { AccountService { hasPactWith('InternetBanking') { pactFile = file('balance-pact.json') } } } }
  26. 26. DeploymentE2E CONSUMER DRIVEN CONTRACTS AN ALTERNATIVE Unit Integration Backend — API Unit Integration Contract Frontend — Consumer Library Deployment
  27. 27. 25 ADOPT 1. Consumer-driven contract testing NEW 2. Focus on mean time to recovery 3. Generated infrastructure diagrams NEW 4. Structured logging TRIAL 5. Canary builds 6. Datensparsamkeit 7. Local storage sync 8. NoPSD 9. Offline-first web applications NEW 10. Products over projects NEW 11. Threat Modelling NEW ASSESS 12. Append-only data store 13. Blockchain beyond Bitcoin 14. Enterprise Data Lake 15. Flux NEW 16. “git-based CMS” NEW 17. Phoenix environments NEW 18. Reactive architectures NEW HOLD 19. Long lived branches with Gitflow 20. Microservice envy 21. Programming in your CI/CD tool 22. SAFe™ 23. Security sandwich 24. Separate DevOps team TECHNIQUES
  28. 28. 26 ADOPT 1. Consumer-driven contract testing NEW 2. Focus on mean time to recovery 3. Generated infrastructure diagrams NEW 4. Structured logging TRIAL 5. Canary builds 6. Datensparsamkeit 7. Local storage sync 8. NoPSD 9. Offline-first web applications NEW 10. Products over projects NEW 11. Threat Modelling NEW ASSESS 12. Append-only data store 13. Blockchain beyond Bitcoin 14. Enterprise Data Lake 15. Flux NEW 16. “git-based CMS” NEW 17. Phoenix environments NEW 18. Reactive architectures NEW HOLD 19. Long lived branches with Gitflow 20. Microservice envy 21. Programming in your CI/CD tool 22. SAFe™ 23. Security sandwich 24. Separate DevOps team TECHNIQUES
  29. 29. TOOLS 27
  30. 30. TOOLS 27
  31. 31. 28 TOOLS ADOPT 48. Composer 49. Go CD 50. Mountebank 51. Postman TRIAL 52. Boot2docker 53. Brighter NEW 54. Consul 55. Cursive 56. Gitlab 57. Hamms NEW 58. IndexedDB 59. POLLY NEW 60. Rest-assured NEW 61. Swagger 62. Xamarin 63. ZAP NEW ASSESS 64. Apache Kafka NEW 65. Blackbox 66. Bokeh/Vega NEW 67. Gor NEW 68. NaCL NEW 69. Origami NEW 70. Packet beat 71. pdfmake NEW 72. PlantUML NEW 73. Prometheus NEW 74. Quick NEW 75. Security Monkey NEW HOLD 76. Citrix for development
  32. 32. 29 TOOLS
  33. 33. 29 TOOLS 75 63 65 68 BLACKBOX ZED ATTACK PROXY SECURITY MONKEY NACL
  34. 34. SECURITY AWARENESS AMONG SENIOR DEVELOPERS* 30*Source: http://jemurai.com/developer-survey-1-results-part-2.html 37% think security is
 a small concern 8% think it is a top concern 67% haver never heard of OWASP, OWASP top 10, or CWE top 25 25% of projects reported had security training, pen test or security embedded in development Overwhelmingly, the only security practices in place are manual code and design reviews.
  35. 35. OWASP ZED ATTACK PROXY 31 The Main Features All the essentials for web application testing ■ Intercepting Proxy ■ Active and Passive Scanners ■ Traditional and Ajax Spiders ■ WebSockets support ■ Forced Browsing (using OWASP DirBuster code) ■ Fuzzing (using fuzzdb & OWASP JBroFuzz) ■ Online Add-ons Marketplace Browser configured to use proxy Browser Primary OS Web Proxy Your Computer VM Web Server Browser Web Proxy Web Server http://www.slideshare.net/dgsweigert/using-the http://www.slideshare.net/tabaradetestare/owasp-2013-zapquickintro
  36. 36. ARE YOUR REPOS AND BUILD SERVERS SECURE? 32 http://www.wired.com/2012/09/adobe-digital-cert-hacked/
  37. 37. ARE YOUR REPOS AND BUILD SERVERS SECURE? 32 http://www.wired.com/2012/09/adobe-digital-cert-hacked/
  38. 38. PROTECTING DEV SECRETS WITH BLACKBOX Git Repo Keys Shhhh secret Shhhh Blackbox Repo seen by all Secrets readable by few
  39. 39. 34 TOOLS ADOPT 48. Composer 49. Go CD 50. Mountebank 51. Postman TRIAL 52. Boot2docker 53. Brighter NEW 54. Consul 55. Cursive 56. Gitlab 57. HAMMS NEW 58. IndexedDB 59. POLLY NEW 60. Rest-assured NEW 61. Swagger 62. Xamarin 63. ZAP NEW ASSESS 64. Apache Kafka NEW 65. Blackbox 66. Bokeh/Vega NEW 67. Gor NEW 68. NaCL NEW 69. Origami NEW 70. Packet beat 71. pdfmake NEW 72. PlantUML NEW 73. Prometheus NEW 74. Quick NEW 75. Security Monkey NEW HOLD 76. Citrix for development
  40. 40. LANGUAGES & FRAMEWORKS 35
  41. 41. LANGUAGES & FRAMEWORKS 35
  42. 42. 36 LANGUAGES & FRAMEWORKS ADOPT 77. Nancy TRIAL 78. Dashing 79. Django Rest 80. Ionic Framework 81. Nashorn 82. Om 83. React.js 84. Retrofit 85. Spring Boot ASSESS 86. Ember.js NEW 87. Flight.js 88. Haskell Hadoop library 89. Lotus 90. Reagent 91. Swift HOLD 92. JSF
  43. 43. 37 LANGUAGES & FRAMEWORKS
  44. 44. 37 LANGUAGES & FRAMEWORKSNANCY77
  45. 45. An open-source .NET micro web framework
  46. 46. v 0.23.2 POPULARITY
  47. 47. BUT WHAT’S UNDER THE COVERS?
  48. 48. Nancy’s Nuget page BUT WHAT’S UNDER THE COVERS?
  49. 49. ASP.NET MVC 5 on IIS 116 Packages* Installing Microsoft.AspNet.Server.IIS 1.0.0-beta4 Installing Microsoft.AspNet.Loader.IIS.Interop 1.0.0-beta4 Installing Microsoft.AspNet.Loader.IIS 1.0.0-beta4 Installing Microsoft.AspNet.DataProtection.Interfaces 1.0.0-beta4 Installing Microsoft.AspNet.Hosting 1.0.0-beta4 Installing Microsoft.AspNet.Hosting.Interfaces 1.0.0-beta4 Installing Microsoft.AspNet.Http 1.0.0-beta4 Installing Microsoft.AspNet.FeatureModel 1.0.0-beta4 Installing Microsoft.Framework.ConfigurationModel 1.0.0-beta4 Installing Microsoft.Framework.ConfigurationModel.Interfaces 1.0.0-beta4 Installing Microsoft.AspNet.FileProviders.Interfaces 1.0.0-beta4 Installing Microsoft.Framework.Caching.Interfaces 1.0.0-beta4 Installing Microsoft.AspNet.FileProviders 1.0.0-beta4 Installing Microsoft.AspNet.Http.Core 1.0.0-beta4 Installing Microsoft.AspNet.Http.Interfaces 1.0.0-beta4 Installing Microsoft.AspNet.WebUtilities 1.0.0-beta4 Installing Microsoft.Net.Http.Headers 1.0.0-beta4 Installing Microsoft.AspNet.Http.Extensions 1.0.0-beta4 Installing Microsoft.Framework.DependencyInjection.Interfaces 1.0.0-beta4 Installing Microsoft.Framework.Logging 1.0.0-beta4 Installing Microsoft.Framework.Logging.Interfaces 1.0.0-beta4 Installing Microsoft.Framework.DependencyInjection 1.0.0-beta4 Installing Newtonsoft.Json 6.0.6 Installing Microsoft.Framework.Runtime.Interfaces 1.0.0-beta4 Installing Microsoft.Framework.WebEncoders.Core 1.0.0-beta4 Installing Microsoft.AspNet.Server.WebListener 1.0.0-beta4 Installing Microsoft.Net.WebSocketAbstractions 1.0.0-beta4 Installing Microsoft.Net.Http.Server 1.0.0-beta4 Installing Microsoft.Net.WebSockets 1.0.0-beta4 Installing Microsoft.AspNet.Diagnostics 1.0.0-beta4 Installing Microsoft.AspNet.Diagnostics.Interfaces 1.0.0-beta4 Installing Microsoft.Framework.OptionsModel 1.0.0-beta4 Installing Microsoft.AspNet.Mvc 6.0.0-beta4 Installing Microsoft.Framework.Caching.Memory 1.0.0-beta4 Installing Microsoft.AspNet.Authorization 1.0.0-beta4 Installing Microsoft.AspNet.Cors 1.0.0-beta4 Installing Microsoft.AspNet.Cors.Core 1.0.0-beta4 Installing Nancy 1.1 Installing Nancy.Hosting.Self 1.1 Writing lock file /Users/jdamore/dev/projects/aspnethome/samples/1.0.0-beta4/ HelloNancySelf/project.lock.json Restore complete, 679ms elapsed Nancy Self Hosted 2 Packages* *on OsX 10.10.3 with DNX 1.0.0-beta4 HOW LIGHTWEIGHT ?
  50. 50. *on OsX 10.10.3 with DNX 1.0.0-beta4 public class HomeModule : NancyModule { public HomeModule() { Get["/check"] = _ => { return “I am the Home service and I am healthy”; }; Get["/"] = _ => { return Response.AsJson(models); }; Get[“/{id}”] = _ => { model = models.Where(model => model.id != id); return Negotiate.WithJson(model).WithXml(model); }; Post["/"] = _ => { model = this.Request.Body; models.add(model); return HttpStatusCode.Created; }; Delete["/(?<id>[d]{1,7})"] = _ => { models = models.Where(model => model.id != id); return HttpStatusCode.OK; }; } } SPEED DATING WITH NANCY
  51. 51. *on OsX 10.10.3 with DNX 1.0.0-beta4 Nancy Bootstrapper NANCY COMPOSITION IoC Nancy Module ViewEngine Model Binder Model Validator Nancy Engine
  52. 52. *on OsX 10.10.3 with DNX 1.0.0-beta4 Real Services WebApi Stub Services Nancy Contract Tests IIS IIS NANCY FOR STUBBING SERVICES
  53. 53. Proprietary OSS WebAPI IIS .NET 4 WS 2012 R2 Nancy IIS .NET 4 WS 2012 R2 Nancy IIS .NET 5 WS 2012 R2 Nancy Kestrel DNX Linux Nancy Kestrel .NET 5 WS 2012 R2 Heavyweight Lightweight ASP.NET 5.0 IS OPEN SOURCE
  54. 54. 46 LANGUAGES & FRAMEWORKS ADOPT 77. Nancy TRIAL 78. Dashing 79. Django Rest 80. Ionic Framework 81. Nashorn 82. Om 83. React.js 84. Retrofit 85. Spring Boot ASSESS 86. Ember.js NEW 87. Flight.js 88. Haskell Hadoop library 89. Lotus 90. Reagent 91. Swift HOLD 92. JSF
  55. 55. PLATFORMS 47
  56. 56. PLATFORMS 47
  57. 57. 48 PLATFORMS Deployment architectures keep evolving.
  58. 58. 48 PLATFORMS 33 DEIS 30 APACHE MESOS 32 COREOS 45APPLICATION SERVERS Deployment architectures keep evolving.
  59. 59. THE RISE OF DOCKER 49 http://blog.docker.com/2014/11/docker-governance-advisory-board-output-of-first-meeting/ GitHub Stars by Date and Project Config Management GitHub Totals
  60. 60. EXPLOSION OF TOOLS AND PLATFORMS 50 CoreOS Fleet Docker Swarm
  61. 61. DEIS: DOCKER-BASED PAAS — ANYWHERE 51 http://docs.deis.io/en/v0.9.0/gettingstarted/architecture/ Developer Application Consumers Load Balancer Controller Load Balancer Cluster (Test) Containers Scheduler Router Cluster (Dev) Containers Scheduler Router Cluster (Prod) Containers Scheduler Router Monitoring Logging Backing Services Containers Containers Containers Containers Containers Containers Router Router Router
  62. 62. APACHE MESOS 52http://abhishek-tiwari.com/post/building-distributed-systems-with-mesos batch services Workloads Apps Frameworks Kernel DFS Cluster C++ BASH Python Scalding Impala Shark MySQL Kafka JBoss Django Rails MPI Hadoop Spark Storm Marathon Chronos RubyPythonJVMC++ distributed file system distributed resources: CPU, RAM, I/O, FS, rack locality, etc.
  63. 63. WHERE DOES THIS LEAVE APPLICATION SERVERS? 53
  64. 64. 54 PLATFORMS ADOPT TRIAL 25. Apache Spark NEW 26. Cloudera Impala NEW 27. DigitalOcean 28. TOTP Two-Factor Authentication HOLD 45. Application Servers NEW 46. OSGi 47. SPDY NEW ASSESS 29. Apache Kylin NEW 30. Apache Mesos 31. CoreCLR and CoreFX NEW 32. CoreOS 33. Deis NEW 34. H2O NEW 35. Jackrabbit Oak 36. Linux security modules 37. MariaDB 38. Netflix OSS Full stack 39. OpenAM 40. SDN 41. Spark.io 42. Text it as a service / Rapidpro.io 43. Time-series Databases NEW 44. U2F
  65. 65. 55 Scott Shaw @scottwshaw Jean D’Amore @jeandamore thoughtworks.com/radar

×