InfoQ Homepage Development Content on InfoQ
-
Imperva Open Sources Active Directory Java Connector
Imperva has publicly released the source code to Domain Directory Controller, a Java library that simplifies common Active Directory integrations.
-
Google Researchers Say Spectre Will Haunt Us for Years
According to a paper by several Google researchers, speculative vulnerabilities currently defeat all programming-language-level means of enforcing information confidentiality. This would not be just an incidental property of how we build our systems, but rather the result of wrong mental models that led us to trade security for performance without knowing it.
-
TSLint Deprecated to Focus Support on typescript-eslint
Palantir, the creators of TSLint, recently announced the deprecation of TSLint, putting their support behind typescript-eslint to consolidate efforts behind one unified linting solution for TypeScript users.
-
Debugging Microservices Running in Containers: Tooling Review at KubeCon NA
At KubeCon NA held in Seattle in December 2018, several tools for debugging containerised microservices were presented throughout the conference sessions and the sponsored booths demonstrations. A notable separation appears to be occurring within the market, between "active" and "passive" debugging tools. Two examples within these categories are Rookout and Squash, respectively.
-
Are Frameworks Good or Bad, or Both?
Preferring frameworks or libraries is somewhat controversial, Frans van Buul, Evangelist at AxonIQ, the company behind Axon Framework, writes in a recent blog post. Many argue in the favour of libraries but Van Buul thinks that a framework can be very valuable when building business applications. He believes this to be especially true for applications based on CQRS, DDD and event sourcing.
-
Mitigating Software Vulnerabilities at Microsoft over the Last 20+ Years
At BlueHat IL 2019, Microsoft engineer Matt Miller described how the software vulnerability landscape has evolved over the last 20+ years and the approach Microsoft has been taking to mitigate threats. Interestingly, among the major culprits of security bugs, says Miller, are memory safety issues, which account for 70% of total security bugs Microsoft has patched.
-
RunC Bug Enables Malicious Containers to Gain Root Access on Hosts
Security researchers have discovered a critical bug in runC - a lightweight CLI tool for spawning containers according to the OCI specification - which allows the attackers to escape the container and gain administrative privileges on the host, rendering it vulnerable.
-
Eclipse Releases MicroProfile 2.2 for Java Microservices
The Eclipse foundation recently released MicroProfile 2.2, helping developers to create microservices on top of EE 8. This release comes at the same time that Eclipse is taking over as steward of Java EE and rebranding it to Jakarta EE.
-
Amazon Adds Three New Threat Detections to Its GuardDuty Service in AWS
Amazon has added another set of new threat detections to its GuardDuty service in AWS. The three new threat detections are two new penetration testing detections and one policy violation detection.
-
Using Contract Testing for Applications with Microservices
When using microservices, integration points between services are a hotbed for bugs. With consumer-driven contract testing, the consumer defines the contract and verifications are made against it within the providers build/test lifecycle. Contract testing fits well into a microservice workflow and kills your integration bugs, argued Maarten Groeneweg at the European Testing Conference 2019.
-
MicroProfile Community Launches MicroProfile Starter, a Web-Based Project Generator
The MicroProfile community has recently launched a beta release of MicroProfile Starter, a website that allows you to create, configure and download a new automatically generated project. Users can specify the project's coordinates (groupId and artifactId), which version of MicroProfile they'd like to use, their MicroProfile server, and a number of other project configuration options.
-
JS Foundation Releases Dojo 5
At the end of January, Dojo, a progressive framework from modern web applications, released Dojo 5. Dojo 5 brings a significant amount of bug fixes and improvements in features and tooling. This iteration aims to enable developers to ship faster a smaller and more robust code base to more browsers.
-
Eclipse Releases GlassFish 5.1 Certified as Compatible with Java EE 8
Eclipse has achieved another GlassFish milestone with the anticipated GA release of version 5.1. A year in the making, this milestone included previous GlassFish milestones such as the full migration of source code and open-sourcing the Java EE TCK (September 2018), the RC1 release of GlassFish 5.1 (October 2018), and the integration of EclipseLink and Eclipse Jersey in GlassFish (December 2018).
-
Effective Mob Programming Patterns
Lisi Hocke spoke at the Testing United conference in Bratislava about how she helped shape a collaborative environment through the use of mob-programming. Hocke described how her team effectively used a strong-pairing style. Maaret Pyhäjärvi and Jeff Langr have both recently written about their own patterns for maximising the benefits of mob programming. We survey their experiences.
-
Fitness Functions to Ensure Architectural Goals Are Met
With fitness-function-driven development, we can write tests that measure a system’s alignment with architectural goals, similar to how we use test-driven development (TDD) to verify that features conform to desired business outcomes, Paula Paul and Rosemary Wang write in a blog post, describing the basic ideas of fitness functions and how architecture qualities can be verified.