Planet Apache

Syndicate content
Updated: 1 day 5 hours ago

Justin Mason: Links for 2017-03-23

Thu, 2017-03-23 19:58
Categories: FLOSS Project Planets

Stefan Bodewig: XMLUnit.NET 2.3.1 Released

Thu, 2017-03-23 16:05
This release adds xml docs to the binary distribution and the nuget package, it doesn't contain any functional changes.
Categories: FLOSS Project Planets

Bryan Pendleton: Assessing an estimate

Thu, 2017-03-23 09:56


Can this really be true?

Addressing Detroit’s Basic Skills Crisis

Various estimates of the scale of need for basic skills services in the region convey a crisis-level order of magnitude.
  • The National Institute for Literacy estimates that 47% of adults (more than 200,000 individuals) in the City of Detroit are functionally illiterate, referring to the inability of an individual to use reading, speaking, writing, and computational skills in everyday life situations.
  • We also know that of the 200,000 adults who are functionally illiterate, approximately half have a high school diploma or GED, so this issue cannot be solely addressed by a focus on adult high-school completion.
  • The remaining 100,000 of these functionally illiterate adults (age 25 and older) lack a high school diploma or GED, another prerequisite for employment success.

I'm not sure how this institute made this estimate.

Later, the report expands somewhat on the topic:

Generally, those adults who score at Level 1 (on a scale of 1 to 5, lowest to highest) have difficulty performing such everyday tasks as locating an intersection on a street map, reading and comprehending a short newspaper article, or calculating total costs on an order form.

It isn't clear whether their estimate was that all 47% were at "Level 1", or whether those were five levels of illiteracy (versus five levels of literacy), but no matter how you slice it, those are some astonishing claims about the literacy problem in the greater Detroit region.

Categories: FLOSS Project Planets

Bryan Pendleton: It's not just a game, ...

Thu, 2017-03-23 00:54

... close reading shows that it's an homage to many great works of art before it: 14 Greatest Witcher 3 Easter Eggs That Will Make You Wanna Replay It Immediately

Categories: FLOSS Project Planets

Justin Mason: Links for 2017-03-22

Wed, 2017-03-22 19:58
  • Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware

    DRM working as expected:

    To avoid the draconian locks that John Deere puts on the tractors they buy, farmers throughout America’s heartland have started hacking their equipment with firmware that’s cracked in Eastern Europe and traded on invite-only, paid online forums. Tractor hacking is growing increasingly popular because John Deere and other manufacturers have made it impossible to perform “unauthorized” repair on farm equipment, which farmers see as an attack on their sovereignty and quite possibly an existential threat to their livelihood if their tractor breaks at an inopportune time. (via etienneshrdlu)

    (tags: hacking farming drm john-deere tractors firmware right-to-repair repair)

Categories: FLOSS Project Planets

Nick Kew: The right weapon

Wed, 2017-03-22 17:04

Today’s terrorist attack in London seems to have been in the worst tradition of slaughtering the innocent, but pretty feeble in its token attempt on the more noble target of Parliament.  This won’t become a Grand Tradition like Catesby’s papists’ attack.

But if we accept that the goal was slaughter of the innocent, then today’s perpetrator made a better job of it than most have done, at least since the days of the IRA, with their deep-pocketed US backers and organised paramilitary structure.  His weapon of choice was the obvious one for the purpose, having far more destructive power than many that are subject to heavy security theatre and sometimes utterly ridiculous restrictions.  Even some of those labelled “weapons of mass destruction”.

The car.  The weapon that is available freely to everyone, no questions asked.  The weapon no government dare restrict.  The weapon that kills more than all others, yet where it’s so rare as to be newsworthy for any perpetrator to be meaningfully punished.  Would the 5/11 plotters have gone to such lengths with explosives if they’d had such effective weapons to hand?

With this weapon, the only limit on terrorist attacks is the number of terrorists.  No need for preparation and planning – the kind of thing that might attract the attention of police or spooks – just go ahead.

And next time we get a display of security theatre – like banning laptops on flights – we can point to the massive double-standards.

Categories: FLOSS Project Planets

Bryan Pendleton: Fearless Girl

Tue, 2017-03-21 23:47

With so many things to talk about, somehow attention gets paid to: Wall Street Bull artist calls BS on ‘Fearless Girl’ statue

I love Matt Levine's observation:

There is something pleasing about the fact that the Charging Bull, a global symbol of rapacious financial capitalism, is a piece of guerrilla art installed without payment or permission -- while the Fearless Girl, an egalitarian symbol meant to challenge the bull's soulless greed, is a piece of corporate advertising commissioned by an asset-management company.
Categories: FLOSS Project Planets

Bryan Pendleton: Up, up, and away

Tue, 2017-03-21 23:43

Looks pretty windy at the top, but at least the sun is shining! Salesforce Tower: Sneak Peek

Categories: FLOSS Project Planets

Justin Mason: Links for 2017-03-21

Tue, 2017-03-21 19:58
  • Don’t Get Trampled: The Puzzle For “Unicorn” Employees

    ‘One of my sad predictions for 2017 is a bunch of big headline-worthy acquisitions and IPOs that leave a lot of hard working employees at these companies in a weird spot. They’ll be congratulated by everyone they know for their extraordinary success while scratching their heads wondering why they barely benefited. Of course, the reason is that these employees never understood their compensation in the first place (and they were not privy to the terms of all the financings before and after they were hired).’

    (tags: share-options shares unicorns funding employment jobs compensation)

  • GitHub’s new Balanced Employee IP Agreement (BEIPA) lets workers keep the IP when they use company resources for personal projects — Quartz

    Huh, interesting development:

    If it’s on company time, it’s the company’s dime. That’s the usual rule in the tech industry—that if employees use company resources to work on projects unrelated to their jobs, their employer can claim ownership of any intellectual property (IP) they create. But GitHub is throwing that out the window. Today the code-sharing platform announced a new policy, the Balanced Employee IP Agreement (BEIPA). This allows its employees to use company equipment to work on personal projects in their free time, which can occur during work hours, without fear of being sued for the IP. As long as the work isn’t related to GitHub’s own “existing or prospective” products and services, the employee owns it.

    (tags: github law tech jobs work day-job side-projects hacking ip copyright)

Categories: FLOSS Project Planets

Community Over Code: Shane’s Apache Director Position Statement, 2017

Tue, 2017-03-21 15:20

The ASF is holding it’s annual Member’s Meeting next week to elect a new board and a number of new Members to the ASF.  I’m honored to have been nominated to stand for the board election, and I’m continuing my tradition of publicly posting my vision for Apache each year.

Please read on for my take on what’s important for the ASF’s future…

Shane’s Director Position Statement 2017 v1.0

If you want a director who will keep the board focused on being clear, consistent, and polite; who will provide oversight for independent governance for our projects; who will help the board improve our shared strategic vision for growth while delegating effectively to the officers and volunteers who provide services to our projects, then I ask you to vote for me.

What We Need In A Board

We are lucky to have candidates who all have immense amounts of passion for the ASF and experience in the Apache Way of doing things. But that’s not enough to make an effective board. We need directors who can work well together, and who can work well when speaking to all the other parts of the Foundation: with our corporate operations (infra, brand, legal, press, fundraising, and even our vendors and sponsors), and with the thousands of volunteers working in Apache project communities.

The board needs to focus on providing the independent oversight for everything we do. That independence from corporate influence is the most important part of what makes the ASF different. That oversight should be trust but verify. We trust that our projects will do the right thing, and verify by reading their quarterly reports. Only if something seems wrong does the board speak up – and then, to ask the community to self-correct. Only if a project community can’t self-correct does the board take formal action.

We need a board that will give the officers, staff, and volunteers who run our non-project corporate operations the same respect and trust as we do our projects. Since we rely wholly on unpaid volunteers to govern organizational decisions, the board needs to ensure officers have a safe, consistent, and clearly defined space to do all the “paperwork” that keeps our legal corporation running. Since all corporate officers provide monthly reports, the board has plenty of visibility to what they do.

When the board has questions or advice – or when directors have questions – they need to ensure it’s brought into project communities clearly, concisely, and professionally. The organizational aspects of providing oversight are often not the day-to-day work that committers are doing on their project codebase. When the board (or any officer) jumps into a project community, we need to explain both how things should work at Apache, but also the why they work that way.

I hope that I’ve shown this kind of behavior in the past; if I haven’t, please let me know. Keeping our communities welcoming is important.

What Shane Does At Apache

For those who don’t follow Apache operations on a regular basis, here are some of the places where I’ve worked to take the tribal knowledge of our mailing lists, and better explain it to both our communities and the world at large:

I’ve served on the board for several terms, and serve as VP, Brand Management. I’m hoping to get back to coding on Apache PonyMail. My first mail to an Apache list was in November 1999.

If elected, I will
  • Attend every board meeting
  • Ensure that there is clear, consistent, and polite feedback from the board to projects
  • Work to promote constructive, polite, and efficient working environments for our staff and all our community volunteers
  • Speak at every ApacheCon (if they accept my CFPs!)
  • Be available to speak or meet with Apache projects or meetups in the New England area or other conferences I attend
About Shane

I am currently unemployed and hold no allegiance other than to the ASF (and my family!) I will not accept a job that would compromise my ability to act in the best interests of the ASF. I live with my wife, daughter, and four cats.


The post Shane’s Apache Director Position Statement, 2017 appeared first on Community Over Code.

Categories: FLOSS Project Planets

Colm O hEigeartaigh: Using OCSP with WS-Security in Apache CXF

Tue, 2017-03-21 11:32
The OCSP (Online Certificate Status Protocol) is a http-based protocol to check whether a given X.509 certificate is revoked or not. It is supported in Apache CXF when TLS is used to secure communication between a web service client and server. However, it is also possible to use with a SOAP request secured with WS-Security. When the client signs a portion of the SOAP request using XML digital signature, then the service can be configured to check whether the certificate in question is revoked or not via OCSP. We will cover some simple test-cases in this post that show how this can be done.

The test-code is available on github here:
  • cxf-ocsp: This project contains a number of tests that show how a CXF service can validate client certificates using OCSP.
The project contains two separate test-classes for WS-Security in particular. Both are for a simple "double it" SOAP web service invocation using Apache CXF. The clients are configured with CXF's WSS4JOutInterceptor, to encrypt and sign the SOAP Body using credentials contained in keystores. For signature, the signing certificate is included in the security header of the request. On the receiving side, the services are configured to validate the signature and to decrypt the request. In particular, the property "enableRevocation" is set to "true" to enable revocation checking.

The first test, WSSecurityOCSPTest, is a conventional test of the OCSP functionality. Two Java security properties are set in the test-code to enable OCSP (the server runs in the same process as the client):
  • "ocsp.responderURL": The URL of the OCSP service
  • "ocsp.enable": "true" to enable OCSP
The first property is required if the client certificate does not contain the URL of the OCSP service in a certificate extension. Before running the test, install openssl and run the following command from the "openssl" directory included in the project (use the passphrase "security"):
  • openssl ocsp -index ca.db.index -port 12345 -text -rkey wss40CAKey.pem -CA wss40CA.pem -rsigner wss40CA.pem
Now run the test (e.g.  mvn test -Dtest=WSSecurityOCSPTest). In the openssl console window you should see the OCSP request data.

The second test, WSSecurityOCSPCertTest, tests the scenario where the OCSP service signs the response with a different certificate to that of the issuer of the client certificate. Under ordinary circumstances, OCSP revocation checking will fail, and indeed this is tested in the test above. However it's also possible to support this scenario, by adding the OCSP certificate to the service truststore (this is already done in the test), and to set the following additional security properties:
  • "ocsp.responderCertIssuerName": DN of the issuer of the cert
  • "ocsp.responderCertSerialNumber": Serial number of the cert
Launch Openssl from the "openssl" directory included in the project:
  • openssl ocsp -index ca.db.index -port 12345 -text -rkey wss40key.pem -CA wss40CA.pem -rsigner wss40.pem
and run the test via "mvn test -Dtest=WSSecurityOCSPCertTest".
Categories: FLOSS Project Planets

Justin Mason: Links for 2017-03-20

Mon, 2017-03-20 19:58
  • on cost savings using DynamoDB, autoscaling and ECS

    great post. 1. DynamoDB hot shards were a big problem — and it is terrible that diagnosing this requires a ticket to AWS support! This heat map should be a built-in feature. 2. ECS auto-scaling gets a solid thumbs-up. 3. Switching from ELB to ALB lets them set ports dynamically for individual ECS Docker containers, and then pack as many containers as will fit on a giant EC2 instance. 4. Terraform modules to automate setup and maintainance of ECS, autoscaling groups, and ALBs

    (tags: terraform segment architecture aws dynamodb alb elb asg ecs docker)

  • atlassian/localstack: A fully functional local AWS cloud stack. Develop and test your cloud apps offline!

    LocalStack provides an easy-to-use test/mocking framework for developing Cloud applications. Currently, the focus is primarily on supporting the AWS cloud stack. LocalStack spins up the following core Cloud APIs on your local machine: API Gateway at http://localhost:4567; Kinesis at http://localhost:4568; DynamoDB at http://localhost:4569; DynamoDB Streams at http://localhost:4570; Elasticsearch at http://localhost:4571; S3 at http://localhost:4572; Firehose at http://localhost:4573; Lambda at http://localhost:4574; SNS at http://localhost:4575; SQS at http://localhost:4576 Additionally, LocalStack provides a powerful set of tools to interact with the cloud services, including a fully featured KCL Kinesis client with Python binding, simple setup/teardown integration for nosetests, as well as an Environment abstraction that allows to easily switch between local and remote Cloud execution.

    (tags: aws emulation mocking services testing dynamodb s3)

Categories: FLOSS Project Planets

Justin Mason: Links for 2017-03-19

Sun, 2017-03-19 19:58
Categories: FLOSS Project Planets

Bryan Pendleton: Sapiens: a very short review

Sun, 2017-03-19 12:50

Yuval Noah Harari is the writer of the moment, having taken the world by storm with his Sapiens: A Brief History of Humankind, and having now finished his follow-up, Homo Deus: A Brief History of Tomorrow.

I've now read Sapiens, which is both readable and thought-provoking, no easy accomplishment.

Harari is certainly ambitious. As I read Sapiens, I amused myself by pretending to be a library cataloger, faced with the task of trying to assign appropriate subject categories under which Sapiens should be listed.

The list would surely have to include: history; biology; archaeology; anthropology; economics; cosmology; evolutionary biology; linguistics; political science; ecology; globalism; religious studies; cognitive science; philosophy.

And surely more.

But that's not adequate either, for you'd want to be more precise that just saying "history", rather: world history; cultural history; ancient history; history of language; military history; world exploration; religious history; history of science; literary history; etc.

Oh, you could go on for hours and hours.

So, Sapiens is very much a book written by an intellectual omnivore, which will most likely appeal to omnivorous readers, by which I mean those who don't want to spend their time reading history books that get trapped for many pages on the individual details of precisely what happened on such-and-such a day, but instead feel like it's reasonable to try to cover the 100,000 year history of mankind on earth in, say, 400 pages or so.

It actually works out better than the previous sentence makes it sound, for Harari is a fine writer and he moves things along briskly.

I think that the strongest and most interesting argument that Sapiens makes is a linguistic one, rooted in the power of the concept of abstraction.

Discussing the evolution of language itself, Harari observes that many species of animal have languages and can communicate, typically using their language abilities to communicate information about food, danger, reproduction, and other universal topics. However:

the truly unique feature of our language is not its ability to transmit information about men and lions. Rather, it's the ability to transmit information about things that do not exist at all. As far as we know, only Sapiens can talk about entire kinds of entities that they have never seen, touched or smelled.

Legends, myths, gods and religions appeared for the first time with the Cognitive Revolution. Many animals and human species could previously say, 'Careful! A lion!' Thanks to the Cognitive Revolution, Homo Sapiens acquired the ability to say, 'The lion is the guardian spirit of our tribe.' This ability to speak about fictions is the most unique feature of Sapiens language.

Although, superficially, this seems to be a discussion about telling entertaining stories around the campfire, or fabricating super-natural explanations as the basis for the founding of religions, Harari quickly re-orients this discussion in a much more practical direction:

fiction has enabled us not merely to imagine things, but to do so collectively.


Such myths give Sapiens the unprecedented ability to cooperate flexibly in large numbers [...] with countless numbers of strangers.

It's that "with ... strangers" part that is so important, as Harari proceeds to demonstrate how this ability to discuss hypothetical scenarios with people who aren't part of your immediate circle of family and friends is what gives rise to things like corporate finance, systems of justice, the scientific method, etc. All of these things are built on the ability to have abstractions:

In what sense can we say that Peugeot SA (the company's official name) exists? There are many Peugeot vehicles, but these are obviously not the company. Even if every Peugeot in the world were simultaneously junked and sold for scrap metal, Peugeot SA would not disappear.


Peugeot is a figment of our collective imagination. Lawyers call this a 'legal fiction.' It can't be pointed at; it is not a physical object. But it exists as a legal entity. Just like you or me, it is bound by the laws of the countries in which it operates. It can open a bank account and own property. It pays taxes, and it can be sued and even prosecuted separately from any of the people who own or work for it.

Ostensibly, Sapiens is a history; that is, it is a book about the past, helping us understand what came before, and how it led us to what is now.

But, as is perhaps universally true, Harari is not actually that terribly interested in what happened in the past, often breezily sweeping whole questions aside with a sort of "it's gone; it's forgotten; we have no accurate evidence; we cannot know for sure" superficiality that is startling.

Rather, as Harari reveals near the end of his book, he is principally interested in the future, and it's here where Sapiens takes a rather unexpected turn.

I must admit, I was wholly unprepared when, just pages before the end of Sapiens, Harari suddenly introduces the topic of "Intelligent Design".

However, it turns out that Harari doesn't mean the term in the sense in which it is typically used; he is firmly in the Darwin/Russell camp.

Rather, Harari is fascinated by the idea that scientific methods may have arrived at the point where humans will soon be capable of intelligent design in the future:

After 4 billion years of natural selection, Alba stands at the dawn of a new cosmic era, in which life will be ruled by intelligent design.


Biologists the world over are locked in battle with the intelligent-design movement, which opposes the teaching of Darwinian evolution in schools and claims that biological complexity proves there must be a creator who thought out all biological details in advance. The biologists are right about the past, but the proponents of intelligent design might, ironically, be right about the future.

At the time of writing, the replacement of natural selection by intelligent design could happen in any of three ways: through biological engineering, cyborg engineering (cyborgs are beings who combine organic with non-organic parts) or the engineering of in-organic life.

If Harari painted with a broad brush when discussing the past, his descriptions of our near-term future are equally vague and loosely-grounded, and those final 25 pages of Sapiens are a rather bewildering peek into "what might be."

But, as Yogi Berra pointed out, "predictions are hard, especially about the future," so I can't fault Harari too much for wanting to have a go at what might come next.

I imagine that, eventually, I will read more of Harari's work, as it's clear he has a lot of interesting things to say.

And if you haven't read Sapiens yet, you probably won't regret it, it's quite good.

Categories: FLOSS Project Planets

Claus Ibsen: Apache Camel first commit was 10 years ago on March 19th

Sun, 2017-03-19 07:55
Today marks a very special day as it was exactly 10 years ago the first commit of Apache Camel was done by its creator James Strachan.

Added Mon Mar 19 10:54:57 2007 UTC (10 years ago) by jstrachanInitial checkin of Camel routing library
The project was created as a sub-project to Apache ActiveMQ and back then github did not exists, so its using good old subversion.

In summer 2007 the first release of Apache Camel was published, which happened on July 2nd so lets wait until the summer to celebrate it's 10 years birthday.

Categories: FLOSS Project Planets

Bryan Pendleton: Bands I've been listening to recently ...

Sat, 2017-03-18 14:11

... ranked by the number of their albums I've got.

  • Band of Horses: 5
  • Blind Pilot: 3
  • Mumford & Sons: 3
  • Fleet Foxes: 3
  • Lumineers: 2
  • Lord Huron: 2
  • Of Monsters and Men: 2
  • Johnny Flynn: 2
  • Judah and the Lion: 1
  • The Revivalists: 1
  • Susto: 1

Who else should I be listening to? Gregory Alan Isakov? First Aid Kit? Nathanial Rateliff? Somebody else entirely?

And when will there be new work from The Lumineers, Lord Huron, Mumford & Sons, or Fleet Foxes?

Categories: FLOSS Project Planets

Community Over Code: What Apache needs in a Board

Sat, 2017-03-18 12:06

The ASF is holding it’s annual member’s meeting soon, where we will elect a new 9-member Board of Directors for a one-year term.  I’ve been honored with a nomination to run for the board again, as have a number of other excellent Member candidates.  While I’m writing my nomination statement – my 2016 director statement and earlier ones are posted – I’ve been thinking about what Apache really needs in a board to manage the growth of our projects and to improve our operations.

I’ve been thinking about this a lot in the past year, and I like to think I have an easy to explain answer to “what Apache needs in a board”.

We need a board to provide two things: Independent Oversight, of both projects and officers; and  Strategic Vision and Drive.

Independent Oversight

Independent oversight is the core value the ASF offers as a community hosting organization. We are a 501C3 public charity, and we rely solely on unpaid volunteers to perform all governance activities. That means that we can ensure our projects are run for the benefit of the public and the world, and not just for individual for-profit companies.

In particular, I am confident that we can maintain this corporate independence, even in the face of project and organizational growth and any potential future needs to hire more staff for operations. Our cultural history and Member ability provide oversight to both project and corporate operations mean the Membership will be able to keep us independent for the next 50 years.

Oversight of Projects: The board provides oversight to our projects. The board does this by reviewing quarterly project reports, and then only providing 1) mentoring when requested, or 2) board requests or directives only if the project is not capable of correcting problems themselves. As has been noted before: the board acts slowly by design: it gives projects a chance to self-correct before taking organizational action (ultimately by changing a PMC, in very rare cases).

Oversight of Operations: The board appoints officers to perform the daily corporate operations needed (infra, publicity, etc.), and then provides oversight to the President or those officers via monthly reports. This is a key point here: we need a board that can delegate operations to the officers, and treat them more like PMCs. That is, we need a board that respects delegation rather than micromanaging. Like PMCs, if the board sees something odd, they should request an update in the next report from the officer. If the officer can’t self-correct (like we give PMCs a chance to do), only then should the board step in, with specific directives to make changes.

Strategic Vision And Drive

Strategic vision and drive: the board needs to think ahead, and plan in broad strokes where we’d like to see the ASF be in 5 years, and how that can best serve the needs of both our project contributors, our users in general, and the volunteers and staff who perform our corporate operations.

We’re incredibly lucky to have director candidates with broad experience, strong viewpoints, and a willingness to volunteer their time for the position. We need a board that can take this experience to think about the big picture, and how the ASF can remain relevant, exciting, and a well-functioning organization for years to come. This includes supporting both our paid staff and our many, many volunteers with an efficient and helpful environment across our operations.

Individual Directors

Along with a good board, we need directors who can communicate clearly, professionally, and consistently. The larger world and many community members view Directors as a very specific role, and it’s clear from the feedback over the years that many outsiders (i.e. not regularly active in internal operations and governance at the ASF) see each director as being A Director in their emails.

As we rely on volunteers both for project work and governance, we need directors who can keep their messages clear, consistent, and always remember what audience they are speaking to. That includes both mentoring/overseeing project communities; reviewing officers or operational areas; or in public in general when speaking about the ASF.

We also need at least some Directors willing to serve as public spokespersons for the ASF. In many cases, Sponsors and the press/analysts expect to speak to someone with  A Senior Title, like Director or President. While the Apache Way minimizes the importance of titles inside of our communities, the reality in the real world is that titles matter to many other people.

For those folks interested in the nitty-gritty details of how the ASF elects its board, you can read about the STV tools we use from the Apache STeVe project.

The post What Apache needs in a Board appeared first on Community Over Code.

Categories: FLOSS Project Planets

Nick Kew: Equinox

Sat, 2017-03-18 09:44

Just noticed:  Sunrise 06:25 Sunset 18:26.  Starting today, we are into the season of daylight!

We’ve had some spring weather too, though nothing dramatic.  What is looking impressive is the wide range of spring flowers and blossom all around.  Not just the Usual Suspects like daffodils and primroses, but even later flowers like the tulips in the front garden are peeping through.  And we have the appearance of other spring wildlife, like the bumblebees servicing the flowers in the garden.

Also mildly bemused by the white heather at the bottom of the garden.  I’ve seen heather ranging from red/pink through to blueish, but pure white is new to me.

Categories: FLOSS Project Planets

FeatherCast: ApacheCon Seville 2016 – How to Generate a Deployable REST CXF3 Application from a Swagger-Contract – Johannes Fiala

Sat, 2017-03-18 05:58

How to Generate a Deployable REST CXF3 Application from a Swagger-Contract – Johannes Fiala

This talk will show how you can use Swagger-Codegen to generate a complete REST application using Apache CXF3 based on a Swagger contract and deploy it to application servers.

Features in the generated server stub include:

* Bean-Validation

* Logging

* Automatic operation validation using @Valid

* Using transparent gzipping of requests

First I’ll demo how to generate the applications & how they work in the container (Tomcat + Jboss EAP), showing how the features work there.

The talk will continue how this is done using Mustache-templates in Swagger-Codegen and how additional features can be added to the generator (e.g. adding forced Gzip-support, enhancing test cases, add additional configuration files, etc.).

Additionally the Swagger toolchain will be shown during the talk (Swagger UI, Swagger Editor, Swagger2Markup to generate PDFs).

More about this session

Categories: FLOSS Project Planets

Bryan Pendleton: Vee too, mom!

Fri, 2017-03-17 23:22

At my day job, we're nearing the end of an annual event which goes by the rather awkward jargon: "V2MOM".

V2MOM is a management planning tool that was invented by Marc Benioff himself, twenty years ago, and has been at use at Salesforce since it was first founded. A few years ago, Benioff described the genesis of his approach, and its motivation: How to Create Alignment Within Your Company in Order to Succeed

What I yearned for at Oracle was clarity on our vision and the goals we wanted to achieve. As I started to manage my own divisions, I found that I personally lacked the tools to spell out what we needed to do and a simple a process to communicate it. The problem only increased as the teams that I was managing increased.


At, everything we do in terms of organiza­tional management is based on our V2MOM. It is the core way we run our business; it allows us to define our goals and organize a principled way to execute them; and it takes into consideration our constant drive to evolve. The collaborative construct works especially well for a fast-paced environment.

I can greatly sympathize. It is not a great exaggeration to say that the reason I changed jobs this winter was because I realized I was no longer in alignment with my (former) company. In fact, we hadn't been aligned for nearly a year. I wanted to take the technology, and the products, and the customer base, in a certain direction, but the company had entirely different plans, and goals, and intentions.

That's fine. But what's NOT fine, is that I didn't know that at the time. Horribly, I didn't know it for nearly a year. Which is a shame, both for me, and for the company, as neither of us were well-served by that disconnect.

Famously, Parker Harris saved that original V2MOM that he and Benioff wrote, literally, on the back of an envelope

before the dinner was over, Harris walked up to Benioff and gave him a gift: a framed American Express envelope.

It was the envelope Benioff had used to scribble down Salesforce’s first-ever V2MOM — a list of management guidelines that stands for vision, values, methods, obstacles, and measures — when launching the company in 1999.

The use of V2MOM at Salesforce is fairly well-known, even though it was something I hadn't paid attention to until I joined. For example:’s Greatest Secret: Art of the V2MOM

The goal of the V2MOM is create complete alignment. Immediately after writing it, share it with your top officers for input (for a startup, this is probably everyone). The brevity ensures a simplicity that is easy to digest. Clarified direction focuses collective attention on the desired outcome and eliminates anxiety in times of change. It is easy for people to connect with and scan quickly for alignment. The V2MOM is flexible enough for startups as well as public companies. and, Growing the team and creating our very first V2MOM documentsA few months ago I had a great meeting with a good friend and one of my mentors, Mariusz, who is already running a very successful Internet company (and a lot bigger than mine). We talked about team-building and how to maintain focus and make sure the team feels like "one vehicle driving in one direction" and everyone knows they have a big role to play and depend on each other. He suggested I read the "Behind the Cloud" book by Marc Benioff and implemented the V2MOM system Marc invented. I was like "V2what?" and he explained

So, anyway, we're now nearly done with the big annual V2MOm process for this year. The process proceeds top-down:

  1. Marc writes his V2MOM, which is the V2MOM for the entire company, and publishes it
  2. Then each level down the org chart writes, and publishes, their own V2MOM, extracting, selecting, refining, and elaborating on the V2MOMs already published
  3. Eventually, we get down to people like me, and once we've published our V2MOMs, the annual publication event completes.

This is, obviously, the first time I've been through this process, so it's not clear what standing I have to comment.

But it's been interesting enough that I'd like to share a few thoughts.

EVERYONE participates. This is not an optional activity. Some people put more time into it, others less, but nobody sits out entirely. That fact, by itself, creates a curious sense of "belonging," all by itself.

This is not just an exercise for show. The company takes this process VERY seriously. People devote substantial amounts of time to drafting, discussing, revising, and editing their V2MOMs.

The plans are interesting, but much more interesting and much more important is the fact that we are PLANNING. Recall Eisenhower:

Plans are nothing; planning is everything.

At the middle levels of the organization, the V2MOMs describe, collectively, the work of teams of dozens or even hundreds of people, and they can be impressively detailed and robust. I participated in a 3 hour "readout" (a bit of business jargon which I'm told has Microsoft-heritage), in which my 50+ person team collectively reviewed a 35-page detailed description of our goals, aspirations, and worries for the year.

These are not private documents. Everyone's V2MOM is made available to the entire company (though obviously I'm not going to sit down and read 28,000 V2MOM documents).

In fact, you could say that this is perhaps the entire point, as the openness of the V2MOM process is a great example of what people mean when they talk about "transparency."

A crucial part of the V2MOM process involves ORDERING. When you choose your methods, you have to place them in a certain order, and this order conveys your priorities. Your top methods are crucial; these are the things you will fight to accomplish this year. Farther down the list, are things that you believe in, and want to do, but may not be able to achieve.

A famous cliche goes: "if everything's important, nothing's important." Placing your methods in a definite order forces you to stop and think about what REALLY matters.

And people pay attention to this order. They think about it; they arrange their own work around it; it structures the entire conversation. There is an often-retold story inside Salesforce about a very public meeting that occurred not too long after Keith Block had joined. It happened to be V2MOM time, and so Block was producing his V2MOM, and, as part of that process, it was being presented to the team, which meant that it was being presented to, more-or-less, the entire company (Block is maybe the 2nd or 3rd-most important person at the company). During this (open to all, broadcast, widely-watched) event, Block is stepping through his methods, one at a time, when a voice from the audience interrupts: Benioff himself:

Keith, here, I'm a bit puzzled: why did you prioritize this as Method 4? What makes it less important than numbers 2 and 3?

The message: this is important; this is open; nobody gets a free pass; we are all agreeing on this together.

But after all of this, I'd say that the single thing that startled me the most about the entire V2MOM process is: everybody does it!

Even in a small company, it's rare to find anything that everyone does. Corporate activities like this tend to be the sorts of thing that see 20% participation, at least in the corporate settings that I've been part of.

So the simple fact of saying that we ALL have a V2MOM is marvelously compelling.

Hey, I'm just one person out of 28,000, but I'm here! See? I'm doing something, and it's something that's actually relevant! Wanna know? Check out my V2MOM!

Categories: FLOSS Project Planets