A lot has happened since our last Tech Radar: the .org domain registry being up for sale, a strong conference season including contributions from many Adobe engineers and the myriad technologies and tools around The Cloud competing for our attention.
We’ll do our best to summarize the most important things in this Tech Radar, read on!
At servicemesh.io, William Morgan, who’s one of the creators of Linkerd, gives a very clear explanation of what a service mesh is and why you need it. Or not — it’s not for everyone and as usual it’s good to understand the basic tenets before jumping in. In the end service mesh is just a collection of proxies managed by a control plane. Very useful if you need it, cumbersome if you don’t!
The evolution of HTTP will help us make The Cloud better, and Benoit Jacquemont has a great slide deck on HTTP/3, which is “just” HTTP/2 over the QUIC transport layer. As visionary as TCP was back in 1981, it looks like the time has come for a more specialized transport layer under HTTP. One thing that didn’t exist in 1981 is the very dynamic networking that allows mobile devices to stay online while switching access points and radio contexts all the time. QUIC will help improve the situation for such dynamic and often flaky connections. Daniel Stenberg, the author of curl, also has a free and open booklet on HTTP/3, translated in many languages and formats.
At at 15:35 (UTC+1) on 25 November 2019 it finally happened: the RIPE NCC has run out of IPv4 Addresses. The steps RIPE is taking to mitigate the problem include recovering addresses which are not used anymore, establishing a waiting lists for new allocations, and calling on stakeholders to play they role in supporting more IPv6 roll-outs. The 32-bit space of IPv4 addresses seemed almost infinite when it was designed many years ago, but after so many years The Internet Of All Things That Compute has caught up with those limitations.
As GraalVM releases version 19.3 based on JDK 11, Max Rydahl Andersen thinks Quarkus is the black swan of Java. It is a surprise, it has a major impact and in hindsight people reckon they expected the event to happen. I’m not sure I expected the sub-second startup times and very small binaries sizes that Quarkus enables (given the right Java code) but, in the same way as black swans are beautiful, those enhancements to the Java platform are very welcome.
Speaking of small binaries with fast startup times, Quentin Adam (CEO of CleverCloud, a French hosting provider) presented at BlendWebMix Lyon on using virtual machines (VMs) and fast-booting unikernels (like 120msec boot time) to implement Functions as a Service. Quentin doesn’t believe in anything except virtual machines for providing isolation in such contexts, and the move to platforms like Firecracker and Kata Containers in the serverless space goes in the same direction. As he mentioned in his talk (in French) we software folks tend to ignore the recent progress of hardware, although we should consider how modern CPUs can help implement more secure and isolated serverless systems. Isolation might not need to be as fine-grained as using a separate VM for each URL, but it’s good to have options.
Stryker is a mutation testing tool supporting JS (good support), C# (so-so) and Scala. During a mutation test run, Stryker dynamically changes the source files to try to introduce bugs, creating what it calls a
mutant. The unit tests are then executed using these changed files. The unit test should kill the mutant, meaning that the introduced bug was detected. A change that doesn't cause the tests to fail is marked as survived to mean that it was not detected. The fewer mutants survive, the better our tests are.
Also from the testing department, lit-node is a literate programming tool that allows for writing test code as part of Markdown documentation files. That tool is written in NodeJS but lit from which that tool is inspired is just a bash script using awk which should be usable for any programming language.
Gatekeeper is an admission controller which enforces policies for Kubernetes objects against rules, before making changes to the cluster. Rules are defined as Kubernetes CRD objects. and the tool uses the Open Policy Agent under the hood. Conftest does something similar but at build time, it is similar to kubeval but more generic.
EasyDB is an intriguing service which offers one-click ephemeral databases. Shall we call it Databaseless?
Also for AEM, new releases of the AEM testing clients provide additional tools for testing AEM applications over their HTTP APIs.
Machine Learning Ethics
The Author’s Guild v. Google court case debates the legal right for Google to use copyrighted books in its training database in order to train its Google Book Search algorithm. In the latter months of 2005, the Author’s Guild of America and the Association of American Publishers both sued Google, claiming the company had committed “massive copyright infringement” due to their use of copyrighted books for training a book search algorithm. The legal ramifications of this case could have far-reaching consequences. If a deep learning algorithm is trained on millions of copyrighted images, would the resulting image be copyrighted? Hard questions, for a legal system that has to learn and adapt continuously.
In the Industry
Adrian Colyer comments on an interesting paper about how the Ceph distributed storage project stopped building on a file system, going directly to raw disks instead. Their new BlueStore component achieves 50–100% steady-state throughput improvements compared to the older FileStore which used a local filesystem. Software is really the opposite of boat painting, where more layers is usually better.
Now that Google has claimed to have reached Quantum Supremacy it’s reassuring to see Amazon announce Post-Quantum TLS. For non-security specialists this sounds a bit like science fiction, but once quantum-based attacks materialize it’s going to be a scary world.
The announcement about the .org domain registry being sold to a private company has attracted a lot of attention in the last few weeks. Various actions like a Coalition Letter to the Internet Society signed by a good number non-profits and organizations, including the Apache Software Foundation, have been launched to stop it.
Events and Conferences
The conference season was in full swing this fall, and a number of Adobe employees have presented on topics ranging from hardcore tech to community best practices. Here’s a list of recent talks by Adobe engineers. If we missed yours, make sure to let us know for the next Tech Radar!
Antonio Sanso presented at the Black Alps security conference on Verifiable Delay Functions (VDFs) with a talk entitled How to Slow Burning the Planet Down (Verifiably). VDFs are a new (and fascinating) cryptographic primitive that is revolutionizing the blockchain space.
In the OSGi tracks of EclipseCon Europe 2019, Radu Cotescu and Karl Pauls presented on using OSGi for script deployment, Christian Schneider on testing OSGi applications, Robert Muntenu on Java Agents in OSGi (will it blend?), Karl Pauls and David Bosschaert on the the Sling Feature Model, which aims to become and OSGi standard, and Carsten Ziegeler on connecting OSGi and Spring (recording not available as we go to press).
From the community side of things, yours truly presented at ApacheCon 2019 in Berlin on Shared Neurons — the secret sauce of Open Source projects and at BlendWebMix 2019 on how Open Source changes the World (in French).
OpenTitan is an Open Source Hardware project, which aims to create silicon Root of Trust (RoT) chips based on Open Source designs. In the age of containers and virtual machines it’s easy to forget about hardware progress, but hardware is still evolving quickly. Having more trustable hardware will be useful, and it’s great to see such a “Security through transparency” initiative in this area.
Thanks to Tania Mathern and Carlos Sanchez for their contributions to this Tech Radar edition.