InfoQ Homepage Development Content on InfoQ
-
Tomcat and Kafka Selected for EU Bug Bounty Programme
The European Union recently launched a bug bounty program for critical infrastructure projects, offering financial compensation to anyone who finds and reports a new security flaw. The bug bounty is offered as part of FOSSA, the “Free and Open Source Software Audit” project. The FOSSA list includes two notable Java projects: Apache Tomcat and Kafka.
-
Linaria 1.0 Released: CSS-in-JS with No Runtime
The first major iteration of Linaria, a zero-runtime CSS-in-JS library, is now available to developers. It provides a new API to facilitate using it with React, aims at a better developer experience and build integration, and is more robust.
-
Imperva Open Sources Active Directory Java Connector
Imperva has publicly released the source code to Domain Directory Controller, a Java library that simplifies common Active Directory integrations.
-
Google Researchers Say Spectre Will Haunt Us for Years
According to a paper by several Google researchers, speculative vulnerabilities currently defeat all programming-language-level means of enforcing information confidentiality. This would not be just an incidental property of how we build our systems, but rather the result of wrong mental models that led us to trade security for performance without knowing it.
-
TSLint Deprecated to Focus Support on typescript-eslint
Palantir, the creators of TSLint, recently announced the deprecation of TSLint, putting their support behind typescript-eslint to consolidate efforts behind one unified linting solution for TypeScript users.
-
Debugging Microservices Running in Containers: Tooling Review at KubeCon NA
At KubeCon NA held in Seattle in December 2018, several tools for debugging containerised microservices were presented throughout the conference sessions and the sponsored booths demonstrations. A notable separation appears to be occurring within the market, between "active" and "passive" debugging tools. Two examples within these categories are Rookout and Squash, respectively.
-
Are Frameworks Good or Bad, or Both?
Preferring frameworks or libraries is somewhat controversial, Frans van Buul, Evangelist at AxonIQ, the company behind Axon Framework, writes in a recent blog post. Many argue in the favour of libraries but Van Buul thinks that a framework can be very valuable when building business applications. He believes this to be especially true for applications based on CQRS, DDD and event sourcing.
-
Mitigating Software Vulnerabilities at Microsoft over the Last 20+ Years
At BlueHat IL 2019, Microsoft engineer Matt Miller described how the software vulnerability landscape has evolved over the last 20+ years and the approach Microsoft has been taking to mitigate threats. Interestingly, among the major culprits of security bugs, says Miller, are memory safety issues, which account for 70% of total security bugs Microsoft has patched.
-
RunC Bug Enables Malicious Containers to Gain Root Access on Hosts
Security researchers have discovered a critical bug in runC - a lightweight CLI tool for spawning containers according to the OCI specification - which allows the attackers to escape the container and gain administrative privileges on the host, rendering it vulnerable.
-
Eclipse Releases MicroProfile 2.2 for Java Microservices
The Eclipse foundation recently released MicroProfile 2.2, helping developers to create microservices on top of EE 8. This release comes at the same time that Eclipse is taking over as steward of Java EE and rebranding it to Jakarta EE.
-
Amazon Adds Three New Threat Detections to Its GuardDuty Service in AWS
Amazon has added another set of new threat detections to its GuardDuty service in AWS. The three new threat detections are two new penetration testing detections and one policy violation detection.
-
Using Contract Testing for Applications with Microservices
When using microservices, integration points between services are a hotbed for bugs. With consumer-driven contract testing, the consumer defines the contract and verifications are made against it within the providers build/test lifecycle. Contract testing fits well into a microservice workflow and kills your integration bugs, argued Maarten Groeneweg at the European Testing Conference 2019.
-
MicroProfile Community Launches MicroProfile Starter, a Web-Based Project Generator
The MicroProfile community has recently launched a beta release of MicroProfile Starter, a website that allows you to create, configure and download a new automatically generated project. Users can specify the project's coordinates (groupId and artifactId), which version of MicroProfile they'd like to use, their MicroProfile server, and a number of other project configuration options.
-
JS Foundation Releases Dojo 5
At the end of January, Dojo, a progressive framework from modern web applications, released Dojo 5. Dojo 5 brings a significant amount of bug fixes and improvements in features and tooling. This iteration aims to enable developers to ship faster a smaller and more robust code base to more browsers.
-
Eclipse Releases GlassFish 5.1 Certified as Compatible with Java EE 8
Eclipse has achieved another GlassFish milestone with the anticipated GA release of version 5.1. A year in the making, this milestone included previous GlassFish milestones such as the full migration of source code and open-sourcing the Java EE TCK (September 2018), the RC1 release of GlassFish 5.1 (October 2018), and the integration of EclipseLink and Eclipse Jersey in GlassFish (December 2018).