OCI base run image with proper font support

oci base image with reporting support
TL/DR > We have released our take on creating a base OCI run image for containerized (cloud) deployments of Java applications with support for Jasper Reports and and some commonly used fonts. This derrives from the fact, that base OCI images, although beautifuly lean and otherwise fantastic in almost every other aspect, lack some type-related libraries and fonts. Get it here on GitHub.

We love the base OCI cloud native images for running our Java/Spring based apps and services (as opposed to the bloated full ones). Like so often, also in OCI base images there’s a tradeoff between the size and out-of-box usability. One option is to be (wrong kind of) lazy and just use the bloated full image. Us, being the right kind of lazy, we make our life easier by creating our own base image based on standard one and adding just the needed stuff.

Today we have decided to opensource our take on one of them – the one that adds support for popular Java-based reporting tools and typefaces as it seems this is a common pain for many developers around the globe. It is based on current Jammy Base run image and we will be updating on regular basis to keep it fresh. You can get it here in its GitHub repo. Of course you are welcome to fork it and/or contribute. All sensible pull-requests will be accepted.

Happy Holidays everybody!

Email charter – 10 simple rules to reverse the e-mail spiral

cutting down the email spiral

Many years ago, Chris Anderson ran the emailcharter.org site (now defunct) that I used to link in all my email signatures and lived by its code (I still do). To honor it and remind its still valid points, here they come.

1.  Respect recipients’ time. Minimize the time it takes someone to process the messages you send, even if it means taking more time to send.

Tip: Edit mercilessly. Can you say the same thing in fewer words? Is the message better delivered with a phone call? Can you create bullets to make a message scannable?

2.  Cut each other some slack. Short or slow is not rude. If it takes time for you to receive a response, don’t take it personally.

3.  Celebrate clarity. For example, start with a subject line that clearly labels the topic. Clue in the recipient by starting the subject with the words Info, Action, Time Sensitive or Low Priority. Avoid strange fonts and colors.

4.  Quash open-ended questions. For example, instead of asking “How can I help?” offer the recipient an easier-to-answer question: “Can I help best by (a) calling (b) visiting or (c) staying out of it?”

5.  Slash surplus cc’s. Don’t default to “Reply All.” Maybe you need to cc only a couple of people on the original thread.

6.  Tighten the thread. Before forwarding a long email conversation, cut what’s irrelevant so the recipient can quickly see what matters.

7.  Attack attachments. Can you paste text into the email rather than sending as an attachment? Are you using logos or signatures that appear as attachments?

8.  Give these gifts: EOM NNTR. Can you fit your message into the subject line? Then do it. Follow with “EOM” (End of Message). End­­ing a note with “No need to respond” is a wonderful act of generosity.

9.  Stop sending contentless responses. Be judicious in your use of email responses that merely say “Great” or “Thanks.”

10.  Disconnect. If we all agreed to spend less time sending email, we’d all get less email. Spend a day email free. Or set up an auto-response that references your commitment to this charter.

There is an “I” in Ukraine

Free Ukraine

The unthinkable is happening in Europe. The corrupt and despotic Russian regime is waging an all-out war on its peaceful neighbor that has dared to cross Putin’s red line – i.e. decided to walk the path of democracy and self-determination. Our democratic world is “deeply concerned” and “stands strong in symbolic support”. Social networks and public proclamations are full of hearts & minds & prayers for Ukraine, full of denouncing the aggressor. Nice but shamefully not enough. Frankly, the action that we have taken so far is close to a farce. Time for words is over, time for action of every single I is now.

1. To my friends and colleagues in civilized democratic world

We need to stop asking “What can be done to help?”, “What will EU, NATO, Biden, Germany…do?”. Instead we need to introspect and ask “What am I going to do?”. I am providing our family estate to accommodate refugee families whose fathers and brothers are fighting on the front-line (contact me if you know fleeing families in need). I am pushing my government to support the most most aggressive and painful angle towards Kremlin. I am sending relief money to support the Ukraine cause via Člověk v tísni. I am writing this article in hope the I-attitude would go exponential. What are you going to do?

2. To brave Ukrainian people defending their families, homes and lives

You have my admiration and my gratitude. You are standing proud, you are fighting my battle and I will do everything I can to help you my end.

3. To invading Russian soldiers

You are lied to and abused. You know all too well you are not attacking Nazis and you are not freeing enslaved people from oppressors. I understand you are under oath and command. Still, you are free human beings accountable for your actions. Although in the wrong, please be heroes by staying human. Please bear that in mind next time you are loading a mortar shell, next time you are about to fire a rocket next to a kindergarten, next time you are about to shoot a man, probably a father who stands his ground to protect his family’s freedom and lives.

4. Lastly but most importantly, to all free-thinking Russians

I know this is not your war. I have received word from a lot of my Russian friends and I am happy to say you all stand united on a single position - you are ashamed and furious. The corrupt and aggressive regime that has been suffocating your nation for many years is holding you hostage in this senseless bloodshed. But as everywhere else in the world, change that is to stay needs to come from within, not without. Now is your big chance to make impact that lasts for generations. As we did more than 30 years ago in Czechoslovakia, now is your chance to stand up and ask: "Who, if not us?! When, if not now?!"

This article has been originally posted on author’s LinkedIn.

Photo courtesy of https://unsplash.com/@maxkuk

Season’s greetings 2021

Yet another interesting year is coming to an end and once again we would like to share our Tom's office artwork and our Season's greetings with you

The very-very best to our friends, clients and all people of good will. Be happy, stay cool. A good year is over, a great year is coming.

Drawing by Tomas, flawless as always. Whiteboard and eraser scribbly deco by Binka ❤︎

Spring Boot and log4j2 vulnerability

TL/DR > Spring Boot has got your back yet again. The way we @ DTF along with vast majority of the world is using Spring Boot, it is safe against log4j2 vulnerabilities CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 (updating this list as they come). That being said, although Spring Boot gives you rock-solid fundamentals and defaults, it is also flexible and gives you an option to eventually switch to vulnerable versions of log4j2, details bellow.

The log4j-to-slf4j and log4j-api jars that are included in spring-boot-starter-logging cannot be exploited on their own. Only applications that would override this by switching the default logging system to log4j2 and are using log4j-core and including user input in log messages are vulnerable. Spring Boot team has responded with this article and it is being updated as more info, CVEs and mitigation plans are coming in.

You can sleep well (while still being vigilant) if you’re following these simple rules as we do:

  1. Be on supported versions of frameworks you are using (Spring Boot 2.5.x and 2.6.x at time of writing this article)
  2. Use CVE-checking tools in your CI/CD (like OWASP dependency-check that we are using in test stage of our GitLab pipelines)

Jmix is the next stage of Cuba RAD framework

As a late Christmas present, we have discovered that the guys at Haulmont are intending to push our favorite Spring-based open-source Rapid Application Development framework called Cuba into new heights by re-branding it to Jmix (not important) plus making bunch of architectural decisions in right direction (very important).

We have delivered some powerful business apps to our clients utilizing Cuba and thus have also experienced its shortcomings that we had to eventually overcome. Hence we are extremely thrilled about the intention to have less framework redundancy with Spring and getting closer to vanilla Spring Boot. We are also very happy about seeing proper migration approach with adopting Liquibase as we had to write our own migrations for previous versions of Cuba. There’s a bunch of good stuff announced but I will refrain from elaborating further to honor the no-needless-redundancy principle, feel free to dig in here.

We will keep an eye on releases for you and let you know about our hands-on experience with Jmix as soon as we deliver a project on it. Stay tuned.

Jmix as a xmas present, image © Jmix / Haulmont

Season’s greetings 2020

Season's greetings to our friends + clients + all people of good will from all of us @DTF. Peace, happiness and balance. 

This year’s been difficult for many but great as well as we learned to cope with something unprecedentedly new.

See you all in 2021 – a great year to come!

Enjoy a bit of our office artwork (courtesy of Tomas M. a great backend software engineer and our resident artist)

Our new website is up

After years of having a super-geeky, no-content website and being proud of it, we have finally decided it’s time to move on. For the sake of storing this pinnacle of creativity in 2017’s web design for future generations, here it is. It comes in two flavours generated by our state-of-the-art AI machine to suit the visitors profile:

Flavour #1 – Light side of the force

Note the subtle, barely visible Yoda peeking from the header bar right at you

Flavour #2 – Dark side of the force

Likewise, only this time it’s Lord Vader peekin’

Gone, but not forgotten.