“Learning #SpringBoot” is now signed, sealed, and delivered /cc @PacktPub @JavaMUG

3021OS_mockupcover_normalI finally wrapped up edits and proofing the pre-finals. This book is officially completed. The only lingering thing on my plate is migrating the code base into my newly minted github repo. I hope you have already pre-ordered your copy.

According to my editor, they are uploading it to the printers tomorrow. I can’t wait to get my shipment!

I can say this: I’m exhausted. As I write this blog entry, my watch reads 49 minutes past midnight. Nonetheless, I’m glad to have finished such an exciting book. Can’t wait to hold a copy in my hands.

Good night!

I owe so much to the @javaposse. Congrats on 10 fine years!

javaposseYears ago, I discovered the Java Posse. It was a phenomenal podcast. Every episode was chockful of deep technical discussions, modern issues and revelations in the Java community, and just good old fashioned fun. I thirsted for every episode.

These gentlemen were technical experts who also had loads of real world experience. They pointed me to new technologies, emerging technologies, and fostered my desire to start read blog sites. Back then, I had discovered Google Reader and slowly accrued over 100 blog sites to monitor. All of this constant reading and digesting, along with links from the Posse themselves has made me a better developer.

If I had relied on the dusty books on my shelf, my skills would never be where they are today. By constantly growing and polishing my skill sets beyond what my job demands, I also grew a hunger that I realized couldn’t be satisfied at my old company.

When my wife discussed changing jobs so we could relocate, I had been encouraged to be bold. Asking myself, “where do I REALLY want to work?” The answer I immediately felt: “SpringSource”. I made it a goal of mine. It took patience, but a year later, I was presented an offer. And here I am.

Reading just today on twitter that people were attending the final episode struck me very strongly. I knew it wouldn’t last forever. In the past couple of years, their subject material was shifting away from Java and into other areas. That was natural, because the members had moved into other areas of the vast Java community.

In the end, ten years of podcasting is an incredible story. Congratulations Dick, Tor, Joe, Carl, and Chet! Your production has touched more people than you can possible imagine.


“Learning Spring Boot” is available for pre-order! /cc @JavaMUG @NashvilleJUG

3021OS_mockupcover_normalThe day is here! You can now pre-order your copy of Learning Spring Boot!

At this very moment, I am working with the finishing editors to polish up this book and get it uploaded to the printers. It should be out SOON! I’m naturally eager to get the word out. But it isn’t just about money. Spring Boot is something I’m incredibly passionate about. In fact, I have been working for the past five weeks on another feature, auto-configuration of Spring Security OAuth2.

Suffice it to say, I can’t wait to see it ship. I just hope you are as eager to get your copy as I am!

Use social media; don’t let it use you

I have seen a handful of posts and tweets recently that have summarized my own developing view of where we as people should stand in relation to social media. For starters, we need to recognize that social media is a product for which we are probably NOT the client:

If you are not paying for it, you’re not the customer; you’re the product being sold. –blue_beetle

Do you use Facebook, Twitter, LinkedIn, or anything else? In case you didn’t know, you aren’t the client. The client is the person that pays for it. So what are the consequences?

For years, I have put up with time wasting emails from recruiters sending me ridiculous job opportunities. I have seen past colleagues recommending me for technologies I never really used. It took me at least four years to realize this, but I finally shut down my LinkedIn account. And it wasn’t but a few days later, when I read a compelling article that outlined how GitHub is not a 1:1 match for your CV. I couldn’t help but back that up.

Another revelation in the slippery use of social media came from a long time friend of mine, when he tweeted this:


My friend Russ had signed up for some freebie service that would automatically track his own twitter usage and generate more content on a weekly basis. It took else to bravely ask him, “are you getting any value out of that?” This inspired Russ to say no, and drop it. To be honest, all those extra tweets annoyed me, but I didn’t feel I had time to pause and ask Russ the same question.

Today’s IoT seems to be all about generating traffic any way possible. We get drawn to the idea of generating more buzz about ourselves, regardless of any value, just so we can get everyone else to say “look at me!” Have you felt like this?

everyone-can-be-super-and-when-everyones-super-no-one-will-beI confess I feel a desire to do it myself. I couldn’t put my finger on it until I saw an article posted by Eberhard: Why Generation Y Yuppies are Unhappy. In summary, we are being fed this message that we are all special and that we should be ambitious as well. A good career is a given. We simply need to choose in what way. Hot top: if everyone is special then no one is special. Sorry, but we aren’t all special. We are all unique and each of us can contribute something to society. But it doesn’t mean we will all be glamorous, have a legion of follows on any social media network, or catch everyone’s eye. Those that expect this and are not actually seeing life shape out this way, are becoming unhappy.

Today’s social media provides this platform where we can constantly publish who and what we are. Only what we put out there is undoubtedly positive, polished, and the best of who we are. We never put out our faults and our mistakes. It creates pressure on our friends, family, and, well, everyone that things are going great. They should feel the same! If something isn’t going great for them, then something must be wrong on their end. What kind of message is that?

I have many colleagues that do different things. One of my buddies travels to conferences all the time. He has a bit of techno glamour because he often gives talks and has built a great network of technical fame and street cred. I have sometimes been jealous of that. But when I stop and think about what I would have to give up to travel like that, I realize that his life is not what I want. (And perhaps, my life is not what he wants!)

I don’t want to miss anything my family is doing. This was strongly justified when I met a particular person at SpringOne this year. It was someone that had been following me on Twitter for a bit. He walked up and greeted me in the coder’s lounge, eager to shake my hand. “It’s so great to finally put a face with the name!” I admit I was startled by this. We talked about technical stuff over lunch. I enjoyed that. I wasn’t the creator of something like Ruby on Rails. I wasn’t the inventor of the Spring Framework. But I was making my own small contributions to the Spring community and other people were recognizing that.

olivergierke_2014-Nov-02I see tweets from colleagues living in Europe. For them, it’s not such a big deal to jump on a train and travel to Prague or Switzerland for some a conference or a meetup. They snap pictures along the way and tweet them. Amazing stuff! I enjoy seeing them posted!

But I recognize that I have my own beautiful sights here as well. There are many times I’ve taken my family on my father-in-law’s boat to ride on the river through downtown Clarksville. Driving through the hills of Tennessee to Florida has many wonderful sights to take in. And taking your family to Disney World several times a year is something not everyone else can partake of. It takes recognition to appreciate what is in your own backyard and not take it for granted.

It feels as if today’s generation is all about getting on the hip and cool social media networks because that’s what everyone else is doing. The next time you do, stop and ask yourself, “Is this giving me what I want? Is this serving ME. Am I posting things that I enjoy so I can socialize with others, or am I posting things to make myself happier?” If it’s the latter, then you need to guard yourself.

We must all seek happiness through things that resonate with our core values. I have enjoyed writing computer programs since I was a kid. I learned how to push around a “turtle” (aka triangle) on an Apple II when I was a youngster using Logo. That was FUN. And I haven’t stopped doing fun stuff since. Twitter provides the means for me to follow people that post articles, links, and pictures of similar experiences.

But I am now learning how to control my social media involvement. As I wrote at the top, I shutdown LinkedIn because it didn’t help me. A few months ago, I started turning off Tweetbot during the day, because it was absorbing too much time. When I first signed up for Twitter, I started following lots of people. Now, I am starting to unfollow people when I realize they are not providing me any value. Are you sifting through your own social media networks like that?

This is why Facebook is now at the top of my list for deciding, “Is this of value to me?” I uninstalled the app from my iPhone almost a year ago, and I haven’t missed it! I feel close to being able to pull the trigger on closing my whole account. (I want to contact my high school German teacher, and it appears I can find here there. Perhaps we can trade email accounts for correspondence?)

To wrap up things up, I can tell I definitely enjoyed the conclusions of ‘Why Generation Y Yuppies are Unhappy” when the author wrote:

  • Stay wildly ambitious.
  • Stop thinking your special.
  • Ignore everyone else.

Being ambitious is what it takes to be successful. Realizing you might not be famous, special, or widely recognized is okay. Having a handful of very close friends you can truly depend on is more important.

The hardest one, though, is learning to ignore everyone else. Social media networks encourage us to look at everyone else and constantly evaluate and judge ourselves based on everyone else. Knock it off! Social media networks should be used to share, chat, and converse with your friends. It should never be used as a meter stick to develop our own self worth. If you ever find yourself doubting yourself based on what you have seen or read on social media, than double check the authenticity of that.

Progress Report: Learning German with Anki

After reading numerous articles on Hacking Chinese, I decided to dive into Anki. Anki is space repetition software. It lets you create any set of flashcards that you want, and then helps you review your deck daily in a more efficient manner.

Thanks to the iPhone app, it has become very easy to stick to a daily routine over the past two months. Looking at the current stats, I have done 13 hours of reviews. I recently ran out of “new words”. Now everything in my deck is either “Young+Learn” or “Mature”. Reviews that used to take me 10-20 minutes now take 5-8 minutes.

This is exciting! My deck has just under 900 flash cards in it. And I have realized that I am only getting started. It’s time to start adding new words to the mix. I have started to add new cards, in part thanks to German is easy!. That author has the funniest yet well written articles on the roots of German and English.

Am I fluent yet? Hardly. 900 words isn’t enough to hang your hat on. I read tweets from my German friends and feel like I keep getting closer to understanding it before hitting “Translate” on Tweetbot.

Nonetheless, I feel like I am better grounded to learn German than ever. But it’s important that I keep loading up my deck with new words and expressions. And getting them from a native German author is the best way to capture contextual sentences to build up my deck. If I can make a habit of extracting new content from every blog article and also creating reverse cards (where the front and back are swapped), who knows where I could be a year from now!

Why github and LinkedIn are not my CV

I recently read a compelling article, “Why github is not your CV“. I was shouting “yes yes yes” as I went through it.

As you may or may not know, I recently closed my LinkedIn account. I was feeling some of the same things the first article expressed. In short, these platforms don’t let you put together a properly edited and polished perspective. Instead, they put together a one-size-fits-all view and try to couple several features that they think work, like building contact lists.

I prefer to use my own blog site as the place to publish my public persona. I spend time on the sidebars showing key things I want people to know. I order things as I see fit. And I move things up and down based on priority. Try that with github or LinkedIn.

The best developers aren’t always found on github

Another critical nugget in that other article is the issue if your company won’t interview someone with no github profile. If having a github profile was a critical component, I would never have made it to the Spring team. I had worked for years at my prior company, polishing skills, and building rock solid apps…for the government. None of my work was staged on github.

Yet I had maintained a mission critical, 24×7 system. This was a system that evolved constantly and had tons of real world issues I had to solve. With a legacy, EOL’d, no books or public forums language. Your ability to contribute to OSS projects should NEVER be the end all/be all of your skill set. If you want to become a team leader for a particular OSS project, your contributions to that project are certainly of value. But the lack of such contributions shouldn’t be viewed as a negative.

As a meet more and more people, and travel more and more places, it is apparent that the universe of software development is infinite. Whether or not someone has contributed to OSS is simply not enough to slap a pre-determined filter on prospects, which is what recruiters are always looking for.

Book Review: “Vaetra Unveiled” by @DanielRMarvello

VaetraUnveiledCover_tnI just finished Vaetra Unveiled by Daniel Marvello. It was a delightful read! I wanted to write up my reactions to it.

Vaetra Unveiled is a classic swords-and-sorcery novel. There is action, suspense, and charm amongst the characters. Daniel does a great job at world building in the sense that I could imagine everywhere the story took me without getting bogged down in it.

For the record, I have also read The Hobbit and Lord of the Rings, paragons of high fantasy. Sometimes Tolkien’s world building, or rather culture/history/mythology building would overload me, causing me to sometimes skip over songs and other material.

I enjoyed seeing how magic was presented. Daniel’s take on magic is quite interesting. I promise not to give anything away. The main character, Jaylan Forester, in his various pursuits, begins to encounter magic, something he isn’t used to dealing with. He doesn’t understand it, let alone how it works. As he tries to solve the problem at hand, he discovers his own gifts in that arena. I won’t say more than that, but it was fun adventuring along with Jaylan as he tries to figure out the rules of vaetra.

Having read Doctor Strange comic books for years, I rather enjoyed seeing that vaetra isn’t just made up on a whim. Instead, vaetra appears to have a real set of rules that empower and constrain who can do what. No one has infinite power, and the various characters have to work together to free some innocent “mundanes”.

Which leads me to another good point. I enjoyed that there was real plot as well. As George Lucas stated, the point is to tell a story, not show off the set that was built. There were a couple moments along the way where I felt Jaylan was a bit dimwitted and I thought not “getting it” as fast as I thought he would. But it was only a couple. For what turns out to NOT be a 500-page tome of fantasy, it was nice that I could read it with the Kindle app on my iPhone in about five days. It certainly whets my appetite to the read the rest of the series.

The only con I can think of is that sometimes Jaylan feels a bit simplistic. Perhaps a bit too much of the good side. This may be my own bias after having read the first ten Jack Reacher novels, where when Reacher sees something wrong, he dispenses hard core justice. Jaylan is nothing of the kind. Perhaps a little more nitty gritty and some tougher decisions would strengthen Jaylan’s character. But at the end of the day, his character was believable.

About Daniel Marvello

Daniel has been of great assistance to me. I discovered his blog while working on Python Testing Cookbook. My desire to pick up and write the fictional novel i had started 20 years ago was rekindled as I helped my wife polish her trade novel. Googling about structure and tips, I found Daniel’s article on the details of a beat sheet. Suffice it to say, I wooed him to beta read Darklight. As a beta reader, I felt like he provided me top quality feedback in grammar, diction, and POV.

The side effect is that I developed a desire to read his own craft. A) I enjoy a good story. B) Could he really write fiction analogous to the critique he provided me? C) For a Kindle book, it only cost $3. D) Since my cheapskate days are behind me, I honestly like to support other people that seem to deserve it. I’m glad I did!

Goodbye LinkedIn, it’s not me it’s you

I finally did it. I’ve been debated for the past four years whether or not to close my LinkedIn account. When I saw an email come out about how you can get ALL your data in a single download, I jumped at the chance. I grabbed all my connections’ contact info, and put it on a private page inside my personal blog. Then I proceeded to dump LinkedIn.


Starting back in 2009, I wanted to relocate my family to Tennessee. My old company didn’t have offices there, so I started on a hunt to find a new position elsewhere. The first place I turned was all the contacts I had built via LinkedIn. Guess what? Not a single opportunity was raised with my so called network.

Perhaps that’s a bit drastic? Agreed. Which is why I didn’t drop it at the time. I found an interview with one company at the time through a past co-worker. Another interview was yielded through a recruiter I found through other means in the Nashville area. The best opportunity was when I met Keith Donald at the 2008 SpringOne conference. I had to travel to a remote conference to find out his office was five minutes from my own back in Melbourne, Florida.

Any who, a year after handing Keith a resume, he calls me up with a new opening. Suffice it to say, that’s how I found my way into VMware, and now Pivotal.

LinkedIn: 0  Users: 1

Updates to LinkedIn

I can’t remember if this was last year or two years ago. LinkedIn comes out with a new “plugin” to your iPhone. Essentially, it routes ALL your email through their servers just so it can add a bit of metadata about the person emailing you using your connections. The security alarms this threw off in my head were justified by the amount of negative press it generated in the blogger community.

GPG-signed messages would break. The possibility for MITM attacks was there. And pay note: this predated the discover of NSA snooping major companies.

LinkedIn: 0  Users: 2

A few months ago, I saw the ultimate thing. Someone had screen captured a headline from LinkedIn’s own website which read more or less, “You don’t like recruiters? We don’t either.”

Are you KIDDING me? LinkedIn, you make your money on upselling accounts so that recruiters have more access. This told me that LinkedIn would do anything to keep to come to their site. And in the meantime, the only emails I am getting are from recruiters. No friends, no colleagues, nobody. The people that wish to contact me either email me directly, buzz me on twitter, or reach me through another channel NO ONE Is using LinkedIn.

LinkedIn: 0  Users: 3

Anybody using endorsements today? I know. What a joke. This year, I have received several endorsements from past co-workers of my old job for subversion the CM tool. From people that don’t write software. A tool I did NOT use when I worked there. I tool I haven’t used for four years.

I get endorsements on Rational ClearCase. A tool I haven’t seen for just as long. Anytime i go to their website, I’m always seeing, “Will you endorse so-and-so for abc?” No NO NO!!!! Endorsements have no value.

Bottom line

  • Endorsements haven’t earned me a dime of value
  • Reviews from past co-workers and colleagues hasn’t earned me a dime of value
  • Security policies from LinkedIn are absurd

I have better control over my personal brand using this website. I can post links to what I think is important. I move things to the top of the sidebar based on relevance. Right now, Learning Spring Boot is at the top. Two months ago, I had SpringOne 2014 at the top. Two months before that, my updated keys due to heartbleed.

And I am in control of this data. No one is spamming me. Recruiters aren’t hassling me. The place where I can build real relationships is through twitter, my responses to questions on stackoverflow, and meeting people face-to-face at the Nashville JUG. Why do anything else?

If you’re still reading, then feel free to raise me on twitter. You’ll find the link on the sidebar.

LinkedIn, it’s not me it’s you.

According to @PacktPub: “Learning @SpringBoot” slated for release at end of November /cc @JavaMUG

learning-spring-boot-mock-coverGreetings readers!

I have hammering my editor to give me an updated plan for when Learning Spring Boot is expected to come out. They had been hinting that it would be at the end of October. Hearing nothing after turning in the manuscript, I finally got word that it is expected to be ready to ship at the end of November.

That wasn’t the answer I was looking for! I was hoping for something more like “a couple weeks from now”. Sadly, that’s not the case.

I have also inquired as to when it will be listed on their website. They indicate that within two weeks of release is when they usually post new books. I immediately responded, asking if there was anyway to accelerate that. I expressed the fact that LOTS of people tracking my blog as well as my twitter feed have expressed interest in pre-ordering. and would probably fill up their order queues today if it was possible.

Are you ready to order a copy? Get on twitter and shout out to @PacktPub that you want to go ahead and place your order for “Learning @SpringBoot”! Who knows? Perhaps that will push them to make an exception. :)

In the meantime, I promise to keep you all informed as things pan out.


What keybase is and is NOT and why I’m interested in it

keybase_mariaI recently got my mitts on a kaybase invitation and signed up. I took the time to review what keybase did and did NOT do. In the end, I found it quite intriguing!

What is keybase?

Keybase is run by a couple of guys that apparently got going perhaps six months ago (maybe longer). With the site, you can register multiple pieces of information, one of them being a GPG public key. But it doesn’t start there. After all, there are already dozens of key servers around the world. Instead, what keybase does is provide some convenient tools to use your local GPG keychain and create some other documents that can all be linked via your keybase profile.

Have a twitter account? You can write a digitally signed tweet and link to that tweet to your keybase profile.

Have github? create a gist containing some digitally signed information and details and then link that gist to your keybase profile.

Have a website? Perhaps three? Create a digitally signed page and stage it on the website’s server. No server access? Create a DNS TXT entry with the same effect.

This lets you link various social identities that you own (and that other people you know believe to be you) into a single profile under keybase. Then, someone, at any time, can “verify” your keybase identity. At that point, keybase will fetch all these documents that YOU created, that YOU signed, and that are staged on YOUR social media locations. It will check the signatures against YOUR key, and verify they are all intact. If so, the person doing the lookup can decide if they really trust it’s YOU.

What keybase is NOT

I’ve seen critical articles that heavily emphasize the advice about “never invent cryptopgraphy on your own”. Guess what, neither is keybase. To use keybase, you need to have gpg on your system. Keybase just provides a convenient way to look up a new type of “directory”. The ironic thing is, you aren’t signing all these different proofs of your identify on keybase’s servers. You are instead signing them on spaces that YOU own.

The question also comes up, “how can you build a secure system off stuff that is hackable?” The fundamental concept is that you are building a profile across MANY systems. If this was only using twitter to carry the proof, then that would be weak. But to crack my keybase profile, someone has to hack my twitter account, my github account, and all of my websites while ALSO staging a new public key in order to sign new versions of these proofs. The more nodes you can distribute to, the better you can plant your flag of identity.

Keybase also doesn’t replace the value of putting your public key on standard key servers. I already had a public key. Keybase made it easy to re-use it and not roll another one just for them.

Keybase vs. face-to-face key signing parties

Ever done a key signing party? It’s where you meet someone face-to-face, and then do something like show each other your driver licenses. Everyone brings a copy of digital fingerprints of their public key, and upon confirming everyone has the fingerprint for YOUR public key, you then go home and sign their public key.

This is the cornerstone of the web of trust, and it has major issues. The reach enough people to make this practical is a logistical nightmare. I have only attended two key signing parties EVER. And that was years ago. In fact, due to the somewhat recent Heartbleed leak, I threw out those keys and generated a new set. I tried to find a couple of the people I knew from back then, but failed at that.

If you work for a company that uses GPG for all mail traffic (which I’ve interacted with before), you suddenly hit a taxing burden of meeting everyone face-to-face. So they create trustees that sign keys. Essentially, you meet this person face-to-face and you sign keys. Then you TRUST THEM such that anything they sign you trust as well. So in exchange for convenience, you have to elevate some people to higher level of trust. Does this sound risky in the world of paranoia? Ten years ago, no. In light of Snowden and the NSA? Perhaps.

When I met several people for a key signing party, it was the first time. I didn’t KNOW these people. I was trusting a driver’s license for which I had no ability to validate. And yet. critics of Keybase tell me this is the proper way to go.

Contrast that with people I have watched commit code to github for four years. I have chatted with them through various online channels and seen them talk about their commits in blog entries, tweets, HipChat discussions, and emails. I have also watched certain people tweet for several years. All of this chatter weaves together a narrative for people I have seen face-to-face once, or perhaps twice EVER. When one of those people publishes a tweet and a github gist that is cryptographically signed by the SAME KEY, I know it’s them.

Why are public social media good for bulding keybase?

For all you crypto-fanatics, you have ever read “Applied Cryptography”? For those that are not familiar, the first 30 pages or so is algorithm after algorithm about how to execute various protocols in a secure fashion. I admit I’m no expert here, but it’s very compelling to read.

Several of these protocols discuss the value of having monotonic counters that are published publicly. Signing these counter values strengthens the message for certain protocols because someone cannot simply forge a counter that the public has already seen (or not seen). It’s the cryptographic equivalent of taking a picture while holding a public newspaper. Everyone can see the newspaper, buy the same copy, and verify the date of the picture.

Well, people that chatter over twitter and commit over github, while also blogging on their site, are, in essence, generating a public newspaper of their own. If someone were to hack my twitter account in order to subvert my keybase identify, I could A) spot malicious tweets that weren’t my own and B) tip me off to immediately delete my keybase gist and my DNS proofs. At that point, anyone that uses keybase would suddenly see the essence of a revoked identify.

What you should NEVER do with Keybase

Keybase provides a handy webpage to lookup people you “track”, craft a message, and encrypt/sign it. (And please sign & encrypt, not just encrypt!) Then you can email that message my pasting it into your email tool.

But they also offer a feature to decrypt on their website. This requires that you stage you private key on their site.

NEVER NEVER NEVER NEVER give your private key to ANYONE, no matter how convenient. Laws are very loose on data that lives on other people’s machines and what companies can be forced to turn over with a court order.

Keybase may say they will keep your key triple-encrypted or whatever. But essentially, you have sort of jettisoned the point of having a public/private key pair if you let someone else hold the private key.

I’m not here to defend all aspects of keybase because A) I’m not a cryptographic expert, B) just getting started with keybase, and C) have a real job to work on. But I’m hoping that people won’t throw keybase to the curb because it’s “not gpg” or “reinventing security on your own”. Things are more detailed than that. So let’s see how this develops.