InfoQ Homepage News
-
Mitigating Software Vulnerabilities at Microsoft over the Last 20+ Years
At BlueHat IL 2019, Microsoft engineer Matt Miller described how the software vulnerability landscape has evolved over the last 20+ years and the approach Microsoft has been taking to mitigate threats. Interestingly, among the major culprits of security bugs, says Miller, are memory safety issues, which account for 70% of total security bugs Microsoft has patched.
-
Uber Open-Sources Ludwig Code-Free Deep-Learning Toolkit
Uber Engineering is open-sourcing Ludwig, a deep-learning toolkit that allows users to experiment with a variety of neural network structures without writing code.
-
RunC Bug Enables Malicious Containers to Gain Root Access on Hosts
Security researchers have discovered a critical bug in runC - a lightweight CLI tool for spawning containers according to the OCI specification - which allows the attackers to escape the container and gain administrative privileges on the host, rendering it vulnerable.
-
DNS Solution CoreDNS Graduates from the Cloud Native Computing Foundation
CoreDNS, a cloud-native DNS server commonly used for dynamic DNS-based service discovery, has become the first Cloud Native Computing Foundation (CNCF) project to graduate in 2019.
-
Eclipse Releases MicroProfile 2.2 for Java Microservices
The Eclipse foundation recently released MicroProfile 2.2, helping developers to create microservices on top of EE 8. This release comes at the same time that Eclipse is taking over as steward of Java EE and rebranding it to Jakarta EE.
-
Amazon Adds Three New Threat Detections to Its GuardDuty Service in AWS
Amazon has added another set of new threat detections to its GuardDuty service in AWS. The three new threat detections are two new penetration testing detections and one policy violation detection.
-
Katherine Kirk on Dealing with Teamwork Hell
Dysfunction in teams can truly feel like being in hell, confined within an endless loop of unhappiness, and there are ways to approach the challenges through actively managing your own response to stressful situations, maintain your own integrity and ethical standards and diligently take small steps rather than trying to address every aspect of the situation at one time.
-
Using Contract Testing for Applications with Microservices
When using microservices, integration points between services are a hotbed for bugs. With consumer-driven contract testing, the consumer defines the contract and verifications are made against it within the providers build/test lifecycle. Contract testing fits well into a microservice workflow and kills your integration bugs, argued Maarten Groeneweg at the European Testing Conference 2019.
-
Release Management and Customer Experience at Snapchat
In 2019, T-Mobile hosted Snapchat executive, Tammarrian Rogers, and release manager, Claire Reinert, who presented how, in three years, they transformed their release management processes and culture which directly improved their customer experience.
-
MicroProfile Community Launches MicroProfile Starter, a Web-Based Project Generator
The MicroProfile community has recently launched a beta release of MicroProfile Starter, a website that allows you to create, configure and download a new automatically generated project. Users can specify the project's coordinates (groupId and artifactId), which version of MicroProfile you'd like to use, your MicroProfile server, and a number of other project configuration options.
-
JS Foundation Releases Dojo 5
At the end of January, Dojo, a progressive framework from modern web applications, released Dojo 5. Dojo 5 brings a significant amount of bug fixes and improvements in features and tooling. This iteration aims to enable developers to ship faster a smaller and more robust code base to more browsers.
-
Managing Cloud Spend, Azure Cost Management Reaches General Availability
In a recent blog post, Microsoft announced Azure Cost Management has reached general availability (GA). Azure Cost Management provides a native cost management solution for enterprise customers which allows organizations to manage and optimize Azure costs across their subscriptions. The core feature set includes cost analysis, budgets, data export, management APIs and alerting.
-
Eclipse Releases GlassFish 5.1 Certified as Compatible with Java EE 8
Eclipse has achieved another GlassFish milestone with the anticipated GA release of version 5.1. A year in the making, this milestone included previous GlassFish milestones such as the full migration of source code and open-sourcing the Java EE TCK (September 2018), the RC1 release of GlassFish 5.1 (October 2018), and the integration of EclipseLink and Eclipse Jersey in GlassFish (December 2018).
-
Q&A on Cloud Discovery Tool for Multi-Cloud Environments
Cloud Discovery is an open-source tool from Twistlock that connects to cloud providers and gets an inventory of all the various infrastructure resources deployed. Cloud Discovery gathers and reports resources metadata in an aggregated way. Furthermore, application security holes can be identified when there’s more visibility across environments, such as which resources are missing a firewall rule.
-
Effective Mob Programming Patterns
Lisi Hocke spoke at the Testing United conference in Bratislava about how she helped shape a collaborative environment through the use of mob-programming. Hocke described how her team effectively used a strong-pairing style. Maaret Pyhäjärvi and Jeff Langr have both recently written about their own patterns for maximising the benefits of mob programming. We survey their experiences.