Foojay.io | Friends of OpenJDK and Java Programming

What if you could run 35 AWS services locally in under 25 milliseconds, using just 13 megabytes of memory, with a single Docker command and no cloud bill? That's exactly what Floci does.

In this episode, Frank Delporte talks with Hector Ventura, the creator of Floci, a free and open-source cloud emulator built with Quarkus and GraalVM native compilation. Hector walks us through why he built it when LocalStack dropped its open-source community edition, how AI tooling helped him accelerate development of new service integrations, the challenges of keeping GraalVM happy with third-party libraries, and the road ahead for Azure and GCP support.

If you're a developer who wants fast local testing, a DevOps engineer writing Terraform, or a student learning cloud without the cost, Floci is worth a look!

Guest: Hector Ventura
Foojay Author page
LinkedIn

Links
On Foojay: Introducing Floci: A High-Performance, GraalVM-Powered AWS Emulator
Floci project site
Floci on GitHub
Migrate from LocalStack

Content
00:00 Introduction of topic and guest
01:48 What is Floci?
02:15 How Floci compares to LocalStack
03:01 Why Hector started Floci
04:02 Floci emulates the cloud APIs
05:02 How additional services got integrated with AI assistance
06:31 Meaning of the name Floci
07:07 Why Quarkus and GraalVM as the starting point for Floci
09:35 How Floci starts up very fast and only uses a low amount of memory
12:18 GraalVM can be hard with some libraries or frameworks
14:02 What is needed to use Floci
14:56 The challenges to support AWS, Azure, GCP and finding contributors
20:24 Funding Floci
21:04 How data is persisted in Floci
22:37 Verifying Floci versus the "real" APIs with compatibility tests
23:56 In the future: UI for Floci
25:04 Biggest challenges while creating Floci
25:32 Functionality compared between Floci and LocalStack and migrating
28:15 Feedback from the Floci users
28:58 Long-term plans for Floci
29:59 Biggest surprises during the development of Floci
31:00 Best use-cases for Floci
32:12 In the next releases...
33:31 How to get started with Floci
35:00 Conclusion

Is your Java application actually secure, or does it just look that way? In this episode of the Foojay Podcast, Frank is joined by Steve Poole and David Welch, both from HeroDevs, to dig deep into the state of Java security in 2025 and beyond.
Steve introduces the concept of zombie dependencies: end-of-life libraries that appear safely dormant but are quietly accumulating vulnerabilities waiting to bite you. David, a co-chair of the CVE Automation Working Group, explains what a CVE actually is, how the identification and disclosure process works in practice, and why AI tools like Mythos are dramatically accelerating the pace at which new vulnerabilities are found — on both sides of the wall.
Together they cover how CVEs in the Java runtime are handled through coordinated disclosure, why Maven Central is safer than most ecosystems but not a silver bullet, and what insurance companies are starting to demand from organizations that haven't cleaned up their dependency trees. They also discuss practical steps any Java developer can take today, from generating an SBOM and running Snyk or Trivy, to adopting OpenRewrite and Renovate in your pipelines, and why vibe coding with AI tools may be quietly making your security posture worse if you are not reviewing the dependency choices being made for you.
A candid, occasionally alarming, and ultimately optimistic conversation about a problem the Java community is well-positioned to lead on.

Steve Poole
LinkedIn
Foojay Author profile
Crossing the River Styx: Spring Boot 3.5 and the Zombie Dependency Problem
Why Java Developers Over-Trust AI Suggestions

David Welch
LinkedIn

Content
00:00 Introduction of topics and guests
04:00 What are Zombie dependencies?
05:36 What are CVEs?
11:39 How Mythos and other AI tools are influencing the CVE reporting process
16:53 How CVEs in the Java runtime are handled
21:30 How the industry is looking at the increased security threats
30:17 Developers need to make better decisions "the first time" and use the right tools
31:42 Keep your OS, JVM, and dependencies up-to-date! Insurance companies will force you...
44:48 How "safe" is Maven Central compared to other repository systems
50:48 What you can do as a Java developer to make your apps safer
59:01 Should we be scared for the following years and be careful with vibe coding?
01:04:27 Conclusion

Foojay.io, the website for the Friends of OpenJDK, is turning six years old. To celebrate, Frank Delporte headed to JCON in Cologne, Germany, and sat down with twelve members of the Java community to talk about what Foojay means to them, what they learn from each other, and how the community is evolving.
Foojay is more than a blog. It is a Mastodon server, a Slack community, the Disco API, a book on sustainability, a podcast, and now an education catalog. Six years in, it is still growing, still community-driven, and still very much a place where anyone who works with Java is welcome.
00:00 Introduction
02:16 Sharat Chandar
https://www.linkedin.com/in/sharatchander/
Java community and history
What you can learn from conferences and articles
05:37 Markus Westergren
https://www.linkedin.com/in/markuswestergren/
https://foojay.io/sustainability-for-java-developers/
https://foojay.io/today/join-slack-com-t-foojay-signup/
Book "Sustainability for Java Developers"
How to "sustain yourself" in this strange-AI-changing-world
09:46 Iryna Dohndorf
https://www.linkedin.com/in/iryna-dohndorf/
https://foojay.io/today/author/iryna-dohndorf/
Mentoring about sustainability as a developer + groundness + robustness skills
High performance without crushing your soul
13:59 René Schwietzke
https://www.linkedin.com/in/reneschwietzke/
https://foojay.io/today/the-curious-case-of-different-runtimes-with-different-training-data-jit/
Diving deep into the runtime, JITWatch
About the broad mix of topics handled on Foojay
18:28 Gerrit Grunwald
https://www.linkedin.com/in/gerritgrunwald/
https://foojay.io/today/author/gerrit-grunwald/
https://foojay.io/today/disco-api-helping-you-to-find-any-openjdk-distribution/
https://sdkman.io/
The Disco API, the source with all the available OpenJDK distributions, is used by SDKMAN, Gradle, and many other tools
About the many distributions that are available, even ones that are mainly (and only) used in Asia
27:45 Catherine Edelveis
https://foojay.io/today/author/catherine-edelveis/
https://www.youtube.com/watch?v=Ytdo8OGEYFI
https://foojay.io/today/which-java-runtime-should-you-use-in-production-comparing-openjdk-distributions/
Reducing Docker sizes improves security and performance
Many distributors provide builds of OpenJDK
31:16 Jago de Vreede
https://foojay.io/today/author/jago-de-vreede/
About the Java community and the place of Foojay in it. What is good, what are we missing?
SDKMAN, creating an UI for it, and using the many OpenJDK distributions
35:05 Annelore Egger
https://www.linkedin.com/in/anneloredev/
https://foojay.io/?s=egger
Java community, conference volunteering, mentoring
How to become a conference speaker
Learn by teaching
38:03 Buhake Sindi
https://www.linkedin.com/in/buhake-sindi/
https://foojay.io/today/author/buhake-sindi/
https://github.com/langchain4j/langchain4j-cdi
Jakarta EE, LangChain4J CDI, Agent to Agent
Impact of AI on developer life and sustainability
44:03 François Martin
https://www.linkedin.com/in/fran%C3%A7oismartin/
https://foojay.io/today/author/francois-martin/
https://foojay.io/today/eliminating-flaky-tests-to-end-world-hunger/
https://foojay.io/today/five-ways-to-use-gradle-enterprise-to-identify-and-manage-flaky-tests/
Learn from mentoring, for example, how to earn from opensource
Foojay author, just published an article about Flaky tests
48:18 Dominika Tasarz-Sochacka
https://www.linkedin.com/in/dominikatasarz/
https://foojay.io/today/author/dominika-tasarz/
https://foojay.io/today/join-slack-com-t-foojay-signup/
https://foojay.io/today/how-to-submit-your-next-article-on-foojay-io/
The future of Foojay, how can we get the community even more involved
What you can learn from the community
51:18 Geertjan Wielenga
https://www.linkedin.com/in/geertjanwielenga/
https://education.foojay.social/
Java communities are everywhere
How Foojay started and grew
How can contributing to the community influence your career
58:15 Conclusion

In this episode of the Foojay Podcast, we're bringing you something special: a full batch of hallway-track conversations recorded live at VoxxedDays Amsterdam.
Fifteen guests, one conference, and one theme that kept coming back, whether we planned it or not: Java has grown up quietly, steadily, and in ways that still surprise people who haven't looked lately. We talked about migrating between versions, new features in the latest Java releases, authorization done right, AI-assisted coding, cryptography, containers, open-source contributions, GDPR data experiments, and, yes, the things people hate about Java but secretly love.
I spoke with Ko Turk, who organized this very conference, Johannes Bechberger, Lutske de Leeuw, Aicha Laafia, Marit van Dijk, Adele Carpenter, Patrick Baumgartner, Sohan Maheshwar, Jeroen Egelmeers, Erwin Manders, Alexander Shopov, Maarten Verburg, Arjan Tijms, Joost Kaan, and Stephan Janssen.
That's a lot of people. That's a lot of opinions. And somehow, they mostly agree: update your JDK, read your code, and please talk to your actual users.

Content

00:00 Introduction
00:30 Ko Turk
https://www.linkedin.com/in/ko-turk-b271b929/
Organizer of VoxxedDays Amsterdam
Migrating between Java versions
02:25 Johannes Bechberger
https://www.linkedin.com/in/johannes-bechberger/
Java is boring, and that's why it's brilliant
Java 26 test it, but not in production
JFR improvements in the latest versions
06:28 Lutske de Leeuw
https://www.linkedin.com/in/lutske/
Volunteer at the conference
Java is boring, and that's why it's brilliant
Java 5 till 26 evolutions
10:35 Aicha Laafia
https://www.linkedin.com/in/aicha-laafia-0266a6126/
Lambda stream gatherers in Java 25
Simpler and more fun code
Update your JDK!
16:16 Marit van Dijk
https://www.linkedin.com/in/maritvandijk/
Fun in coding, write Java the playful way
Java evolutions and how writing code has evolved
Importance of code reading with AI-assisted coding
22:04 Adele Carpenter
https://www.linkedin.com/in/adele-carpenter-a988623a/
The things I hate about Java, but actually love it
27:37 Patrick Baumgartner
https://www.linkedin.com/in/patbaumgartner/
Organizing VoxxedDays Zurich
Spring Boot optimization
Using Buildpacks to create better containers
35:02 Sohan Maheshwar
https://www.linkedin.com/in/sohanmaheshwar/
Authorization, the good way
JWT is a bad idea
38:34 Jeroen Egelmeers
https://www.linkedin.com/in/jegelmeers/
https://craftingaiprompts.org/documentation/se-framework/craft-framework
AI, prompt engineering, agentic programming
The CRAFT Framework: Orchestrating Agentic Flow
The importance of interacting with your end-users
43:32 Erwin Manders
https://www.linkedin.com/in/erwinman/
Cryptography, digital signatures, and securing data and messages
Comparing Kotlin and Java
45:12 Alexander Shopov
https://www.linkedin.com/in/alshopov/
Developer at Uber
Comparing different languages: Java, Python, Go
How Java is modernizing by learning from other languages
49:18 Maarten Verburg
https://www.linkedin.com/in/maartenverburg/
Using your own GDPR data for fun experiments
Comparing early Java with the current status
Java Streams the most important change
52:35 Arjan Tijms
https://www.linkedin.com/in/arjantijms/
https://omnifish.ee/
Jakarta Faces, Security, Authentication and Authorization, EE,...
Jakarta specs are used in Spring
How Java evolved and is still evolving
How can you contribute to opensource
59:55 Joost Kaan
https://www.linkedin.com/in/joost-kaan/
What you can learn at a conference, besides the expected language-related talks
AI influences on the developer work
Contributing to the Java community, AI user group
01:03:52 Stephan Janssen
https://www.linkedin.com/in/stephanjanssen/
https://geniebuilder.ai/
The importance of the "Hallway Track" where you can chat with like-minded people
Using AI-assisted spec-driven coding
Talking to your end-user becomes more important than ever
01:09:00 Conclusion

Welcome to another episode of the Foojay Podcast! In this episode, we're talking about Java 26, released on March 17 in the year 26. Again, right on schedule with Java's six-month release cadence.
Now, Java 26 is not a Long Term Support (LTS) release; that was Java 25. But don't let that fool you into thinking there's nothing interesting here. This release brings ten JDK Enhancement Proposals (JEPs). They cover everything from performance improvements to long-overdue cleanups. Of those ten JEPS, five are new features, and we also get five preview/incubator features.
Guests
Simon Ritter
https://www.linkedin.com/in/siritter/
Loïc Mathieu
https://www.linkedin.com/in/lo%C3%AFc-mathieu-475b144/
Content
00:00 Introduction of topic and guests
01:35 Differences between Long and Short Term Support
05:10 Which Java versions are used by companies
https://foojay.io/today/foojay-podcast-90-highlights-of-the-java-features-between-lts-21-and-25/
07:54 Internal changes and improvements in release 26, highlighting UUIDv7 support
https://foojay.io/today/java-26-whats-new/
12:02 JEP 500: Prepare to Make Final Mean Final
13:24 JEP 526: Lazy Constants (Second Preview)
16:12 JEP 517: HTTP/3 for the HTTP Client API
https://en.wikipedia.org/wiki/HTTP/3
https://en.wikipedia.org/wiki/QUIC
18:48 JEP 504: Remove the Applet API
20:52 JEP 524: PEM Encodings of Cryptographic Objects (Second Preview)
21:59 JEP 516: Ahead-of-Time Object Caching with Any GC
https://openjdk.org/projects/leyden/
https://docs.azul.com/prime/analyzing-tuning-warmup
https://foojay.io/today/faster-java-warmup-crac-versus-readynow/
25:30 JEP 522: G1 GC: Improve Throughput by Reducing Synchronization
Trash Talk - Exploring the JVM memory management by Gerrit Grunwald
28:04 JEP 525: Structured Concurrency (Sixth Preview)
https://openjdk.org/projects/loom/
31:09 JEP 529: Vector API (Eleventh Incubator)
https://openjdk.org/projects/panama/
https://openjdk.org/projects/valhalla/
34:59 When do JEPs get selected to be included in a release
https://openjdk.org/projects/jdk/26/
https://openjdk.org/projects/jdk/27/
38:03 JEP 530: Primitive Types in Patterns, instanceof, and switch (Fourth Preview)
https://openjdk.org/projects/amber/
Java Puzzlers talk by Simon
42:14 Do we need "Carrier Classes"?
Amber mailing list: Data Oriented Programming, Beyond Records
JVM Weekly newsletter by Artur Skowroński
44:38 What changes does Java need for the AI world?
JEP DRAFT 8361105: Code reflection (Incubator)
https://openjdk.org/projects/babylon/
https://www.tornadovm.org/
47:53 Remarkable numeric facts about releases
48:30 Conclusion