InfoQ Homepage News
-
Tomcat and Kafka Selected for EU Bug Bounty Programme
The European Union recently launched a bug bounty program for critical infrastructure projects, offering financial compensation to anyone who finds and reports a new security flaw. The bug bounty is offered as part of FOSSA, the “Free and Open Source Software Audit” project. The FOSSA list includes two notable Java projects: Apache Tomcat and Kafka.
-
Linaria 1.0 Released: CSS-in-JS with No Runtime
The first major iteration of Linaria, a zero-runtime CSS-in-JS library, is now available to developers. It provides a new API to facilitate using it with React, aims at a better developer experience and build integration, and is more robust.
-
Imperva Open Sources Active Directory Java Connector
Imperva has publicly released the source code to Domain Directory Controller, a Java library that simplifies common Active Directory integrations.
-
Google Researchers Say Spectre Will Haunt Us for Years
According to a paper by several Google researchers, speculative vulnerabilities currently defeat all programming-language-level means of enforcing information confidentiality. This would not be just an incidental property of how we build our systems, but rather the result of wrong mental models that led us to trade security for performance without knowing it.
-
TSLint Deprecated to Focus Support on typescript-eslint
Palantir, the creators of TSLint, recently announced the deprecation of TSLint, putting their support behind typescript-eslint to consolidate efforts behind one unified linting solution for TypeScript users.
-
Debugging Microservices Running in Containers: Tooling Review at KubeCon NA
At KubeCon NA held in Seattle in December 2018, several tools for debugging containerised microservices were presented throughout the conference sessions and the sponsored booths demonstrations. A notable separation appears to be occurring within the market, between "active" and "passive" debugging tools. Two examples within these categories are Rookout and Squash, respectively.
-
Are Frameworks Good or Bad, or Both?
Preferring frameworks or libraries is somewhat controversial, Frans van Buul, Evangelist at AxonIQ, the company behind Axon Framework, writes in a recent blog post. Many argue in the favour of libraries but Van Buul thinks that a framework can be very valuable when building business applications. He believes this to be especially true for applications based on CQRS, DDD and event sourcing.
-
Mitigating Software Vulnerabilities at Microsoft over the Last 20+ Years
At BlueHat IL 2019, Microsoft engineer Matt Miller described how the software vulnerability landscape has evolved over the last 20+ years and the approach Microsoft has been taking to mitigate threats. Interestingly, among the major culprits of security bugs, says Miller, are memory safety issues, which account for 70% of total security bugs Microsoft has patched.
-
Uber Open-Sources Ludwig Code-Free Deep-Learning Toolkit
Uber Engineering is open-sourcing Ludwig, a deep-learning toolkit that allows users to experiment with a variety of neural network structures without writing code.
-
RunC Bug Enables Malicious Containers to Gain Root Access on Hosts
Security researchers have discovered a critical bug in runC - a lightweight CLI tool for spawning containers according to the OCI specification - which allows the attackers to escape the container and gain administrative privileges on the host, rendering it vulnerable.
-
DNS Solution CoreDNS Graduates from the Cloud Native Computing Foundation
CoreDNS, a cloud-native DNS server commonly used for dynamic DNS-based service discovery, has become the first Cloud Native Computing Foundation (CNCF) project to graduate in 2019.
-
Eclipse Releases MicroProfile 2.2 for Java Microservices
The Eclipse foundation recently released MicroProfile 2.2, helping developers to create microservices on top of EE 8. This release comes at the same time that Eclipse is taking over as steward of Java EE and rebranding it to Jakarta EE.
-
Amazon Adds Three New Threat Detections to Its GuardDuty Service in AWS
Amazon has added another set of new threat detections to its GuardDuty service in AWS. The three new threat detections are two new penetration testing detections and one policy violation detection.
-
Katherine Kirk on Dealing with Teamwork Hell
Dysfunction in teams can truly feel like being in hell, confined within an endless loop of unhappiness, and there are ways to approach the challenges through actively managing your own response to stressful situations, maintain your own integrity and ethical standards and diligently take small steps rather than trying to address every aspect of the situation at one time.
-
Using Contract Testing for Applications with Microservices
When using microservices, integration points between services are a hotbed for bugs. With consumer-driven contract testing, the consumer defines the contract and verifications are made against it within the providers build/test lifecycle. Contract testing fits well into a microservice workflow and kills your integration bugs, argued Maarten Groeneweg at the European Testing Conference 2019.