InfoQ Homepage News
-
Just, a New CLI for Spring Boot Applications
Just, a command line tool requiring zero configuration, increases the Java development experience while building Spring Boot applications. Just automatically reloads the application when there is a change in source code, build files or Docker compose files. The project also supports the creation of (native) applications and (native) Docker images.
-
Java News Roundup: Ideal Graph Visualizer Open-Sourced, TomEE MicroProfile 5.0 Certification
This week's Java roundup for January 2nd, 2023, features news from JDK 20, JDK 21, Ideal Graph Visualizer open-sourced, Spring Tools 4.17.1, Open Liberty 23.0.0.1, Quarkus 2.15.2, Quarkus OpenAPI Generator 2.0, Apache Tomcat CVE, Apache TomEE certification, Apache James 3.7.3, Apache Camel 3.20.1, MyFaces Core 4.0-RC3, Ktor 2.2.2, JHipster Lite 0.25, JobRunr 5.3.3, SourceBuddy 2.1, CircleCI CVE.
-
Report Finds Heavy Use of Open-Source Solutions for Kubernetes Security
A recent survey by Armo on the use of security software solutions with Kubernetes found that over half of respondents leverage open-source tooling. Companies using open-source tooling use on average 3.6 different tools. These open-source tools were predominately used for service mesh, network policy and micro-segmentation, and misconfiguration scanning.
-
PyTorch-Nightly Struck by Supply Chain Attack Exfiltrating Data and Files
Developers who installed the nightly builds of PyTorch between December 25 and December 30, 2022, are recommended to uninstall it and purge their pip cache to get rid of a malicious package, say PyTorch maintainers. The new attack highlights a recent trend.
-
Amazon ECS Adds Automated Rollbacks
Amazon has released native support for automated rollbacks within their Amazon ECS service. This feature leverages Amazon CloudWatch metric alarms to monitor and, if necessary, reverts the in-progress deployment. This feature supports using any system metrics that CloudWatch Container Insights collects for Amazon ECS as well as custom metrics.
-
Zero Trust Access to Corporate Applications with AWS Verified Access
At re:Invent 2022, AWS released a new enterprise application connectivity service, Verified Access. The service provides Zero Trust access to enterprise web applications by employing endpoints and policies to authenticate and authorize user requests against identity providers or device management systems. Verified Access is currently in public preview in 10 AWS regions.
-
Google Cloud Introduces Sensitive Actions to Improve Security for Premium Accounts
Google Cloud announced the preview of Sensitive Actions Service, a premium security feature to identify potentially risky behaviors on the cloud. The service detects when actions are taken in a GCP organization that could be damaging if taken by a malicious actor.
-
GlassFish 7.0 Delivers Support for JDK 17 and Jakarta EE 10
The Eclipse Foundation has released the latest version of its open-source application server, GlassFish 7.0, which is now available. The new release includes support for the MicroProfile Config, MicroProfile JWT Propagation, and Jakarta MVC 2.1 specifications. Changes to the API and JSON parts of the Jakarta Standard Tag Library and new Jakarta Authentication methods are also essential features.
-
Sustainability for Software Companies: Reducing Impact by Deciding What Not to Do
Small and medium-sized companies can contribute to sustainability with emissions reduction, mental health offerings and inclusion. To support sustainability, software engineers can think about “what not to do” to reduce complexity and make solutions smaller, resulting in a smaller carbon footprint.
-
Amazon Releases Fortuna, an Open-Source Library for ML Model Uncertainty Quantification
AWS announced that Fortuna, an open-source toolkit for ML model uncertainty quantification, has been made generally available. Any trained neural network can be used with the calibration methods offered by Fortuna, such as conformal prediction, to produce calibrated uncertainty estimates.
-
Generating Text Inputs for Mobile App Testing Using GPT-3
A group of researchers from the Chinese Academy of Sciences and Monash University have presented a new approach to text input generation for mobile app testing based on a pre-trained large language model (LLM). Dubbed QTypist, the approach was evaluated on 106 Android apps and automated test tools, showing a significant improvement of testing performance.
-
Google Publishes Technique for AI Language Model Self-Improvement
Researchers at Google and University of Illinois at Urbana-Champaign (UIUC) have published a technique called Language Model Self-Improved (LMSI), which fine-tunes a large language model (LLM) on a dataset generated by that same model. Using LMSI, the researchers improved the performance of the LLM on six benchmarks and set new state-of-the-art accuracy records on four of them.
-
Java News Roundup: Jakarta Data Initial Release, Micronaut 3.8, JReleaser 1.4, Gradle 8.0-RC1
It was very quiet for the week of December 26th, 2022, but InfoQ found a few news items of interest that include: Jakarta NoSQL 1.0.0-b5, Jakarta Data 1.0.0-b1, Micronaut 3.8.0, Apache Groovy 4.0.7, Gradle 8.0.0-RC1, and JReleaser 1.4.0.
-
Using Code Instrumentation for Fault Injection at the Application Level at eBay
eBay engineers have been using fault injections techniques to improve the reliability of the notification platform and explore its weaknesses. While fault injection is a common industry practice, eBay attempted a novel approach leveraging instrumentation to bring fault injection within the application level.
-
Learnings from Spotify Mobile Engineering’s Recent Platform Migration
Recently, Spotify Mobile Engineering Team elaborated on their experience with a recent platform migration. Working on an initiative under the Mobile Engineering Strategy program, the team migrated their Android and iOS codebases to build with Bazel, Google’s open-source build system.