Lanny Gilbert

Ranch Hand
+ Follow
since Jun 11, 2002
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Lanny Gilbert

Actually, a couple of questions  

1.) Does your book cover how to take an app that is running successfully in a K8S environment and move it to AWS (or other) platform for serverless execution?
2.) If not, what advice would you give to move a K8S app to serverless? Actually, your advice is welcome whether it's in the book or not.

6 months ago
"If they have ports for various languages, they may make one for JavaScript as well.".. I asked, they won't.

Also, these JARs are all hand-rolled from many moons ago and I haven't run a Java Decompiler on them, so not sure exactly what's in there.

I'll look into building a service my React App can call. That's probably my easiest way out of this.

I think writing my own JS version of the JAR file code is probably a security violation (I work for a big company - pretty much any tweaking of standard tools provided is considering a violation). Also, these JAR files are compatible with Java1.4, so they don't have OAuth, WS-Fed or SAML protocols built in. I'd kinda hoped for a "there's a library on GitHub that I use all the time and works perfect" response )
I'll look at building a service that my app can call. Thanks!
In my company, we have a standard SingleSignOn site that all apps must call (and provide a callback to your app) to validate users. In order to decrypt the cookie returned from the SSO, the implementors provided 2 JAR files, assuming that everyone would be using Java or JSP or the like. There is no JavaScript based sample code (and no method that they know of to do it - I asked) provided by the implementors. They provide Java, Perl, PHP, others, but no JavaScript-based method. How can I include these JAR files in my React-based application and subsequently call the Java functions for cookie decryption included in those JARs?? Thanks!
Suppose that you have (as we do in our group) a well-architected, well-designed Java codebase that was written using Java8's functional constructs. Is there a compelling reason for me to go to management and say "We should move to Scala because <insert compelling reason(s) here>"?  I'm curious because we had a couple of our "rock stars" do a bake-off between Scala and Java and the Java guy ended up with a smaller, more readable codebase that ran just as fast.
1 year ago
In your opinion, why should one choose Kafka Streams over other streaming alternatives? If, for example, I already have Kafka installed in my ecosystem to use for messaging, it's pretty straightforward to go ahead and use Kafka streams because I already have Kafka infrastructure, knowledge, etc.
But if I start from a greenfield, why would I choose Kafka Streams over alternatives?
I work for a large company that has been around for well over a hundred years. I think we still have code running that was written back then )

My question is: for teams that are still doing manual code push, should I (and others) push them to a total DevSecOps environment to begin with?
Get them to at least use Chef/Puppet/something to do code pushes and take baby steps??

Our company execs (who shouldn't be allowed to read tech journals - ha!) are really pushing DevSecOps and putting on a series of events to socialize the concept, but
I'd think you have to bring teams out of the dark ages (i.e. the 1980s) before you can really do DevSecOps. Thoughts???
1 year ago
When you said "By itself, it is not useful to developers." (referring to the Flow API in Java 9), I think you hit the nail on the head.
Seems like it's a "try it out and let us know how to make it useful" API, as opposed to something a developer could use to build a
reactive service.
1 year ago
Hi Cay. Thanks for chatting with us. A couple of questions.
1.) Does your book discuss the new Flow API?
2.) Given that the Flow API (at least from what I can find) doesn't really have any APIs to deal with back pressure, is it something that I should consider? Or should I use something like RxJava?

1 year ago
Regarding #2 and Security... In the "old way" of doing things, we had a monolith where you could authenticate/authorize once and you'd be able to do whatever your level of authentication/authorization allowed you to do.
With microservices, I'm curious as to best practices concerning security. Do you have a token (OAuth or otherwise) that follows the flow from microserviceA to mSB to mSC, etc.? Do you set up logins (or some other auth mechanism) for each service
and ask users to provide auth info for every microservice? This is a real issue we're having in our company.
1 year ago
Ah, I see it now. However, my question still stands.. What parts of your book do you recommend for those who are taking Docker, Kubernetes, some hand-rolled connectors, etc. and bypassing
the industry standard container managers like OpenShift, AWS, etc.?

2 years ago
In my organization, we have a group that has used many of the standard open source tools to build an environment that, they say anyway ;o) , is a lot like OpenShift.

In glancing through the table of contents for this book, I saw AWS and GoogleCloud, but no OpenShift.

Given that, which parts of the book would you say I should read. More importantly, that those who have "hand rolled" this environment should read and insure that
they have given a lot of thought to those areas.

Just as a "state of the union", I think we're in somewhat of a "post-alpha, pre-beta" phase right now with this platform, based on the issues I'm seeing with trying
to use it.

2 years ago
I'm a server side guy trying to drink from the firehose concerning both Node.js and Angular.js frameworks.

From what I can tell, Express/Koa are fairly similar. hapi.js seems to be more "Spring-like" in that it has a "config is better than code" mindset.

Is that a valid assessment?

Based on that, does the hapi.js in Action book provide (or does anyone know of) a checklist that says something like:

"If you're doing X, then framework Y is probably best and here's why"?