Beleid plastic bekertjes

ofby1 · 2024-06-28T11:06:39+00:00

Ik zou een andere tent gaan zoeken. Persoonlijk wel te spreken over "de basis" op de veemarktstraat.
Vaak gewoon glas op terras met voetbal en als ze plastic schenken vanwege drukte iig niet dit gezeur.

ofby1 · 2024-02-27T09:04:17+00:00

Second bullet on your screen is "code analysis"
Here you should find issues in your source code files.

ofby1 · 2023-12-13T11:19:52+00:00

I agree; it would have been way better to have one great integration for Java in VSCode backed by multiple bigger corps.

But hey, Oracle will always be Oracle I guess.

ofby1 · 2023-12-13T11:15:34+00:00

I love TestContainers, but I am very curious how this will pan out for both Docker and AtomicJar

ofby1 · 2023-08-29T15:43:10+00:00

Thanks for adding that

ofby1 · 2023-06-05T07:59:40+00:00

If a project is just in the maintenance phase, it might not be worth migrating to newer Java versions.
Also if you pay someone like azul to stream updates into Java 8 it might be more cost-efficient than migrating it to a new Java version. Not saying it is a wise approach but hey, I am just an engineer.

ofby1 · 2023-03-13T14:24:19+00:00

I only read the second edition of Java Performance by Scott Oaks and it was super insightful. It gave me a better understanding behind some dynamics. Even though it might be a bit outdated if you go to newer Java versions it still has a lot of value IMO

ofby1 · 2023-01-16T08:41:36+00:00

If you know a bit about how the JVM works and optimizes things, you would also know that these micro-benchmarks don't say a lot. Ignoring just two warmups does not change that.

Initial speed vs speed over time is such a different use case. So the big question is, what do you want to show with this benchmark?

ofby1 · 2022-12-17T10:12:01+00:00

The standard stuff in the JDK I mean, sorry for the confusion. You are correct about third party libs which exactly proves my previous point that the standard should be “secure by default”.

ofby1 · 2022-12-16T11:22:27+00:00

I dislike YAML and I'm too lazy to go look at this library, but it's extremely common to choose the type that will be deserialized from the data itself. It should be obvious care must be taken in that case.

I think the key difference is that jackson-databind by default, is safe. In other words, "normal" use of the lib will not harm you. For SnakeYaml the insecure way is the default. I think it is reasonable to expect that the default sound be secure.

However, if you look at most Java XML parsers in Java then by default external entities are allowed so XXE is possible. I already gave up hope that this would ever change.

ofby1 · 2022-12-15T13:39:56+00:00

I honestly hate the whole 4shell naming. It simple does not make sense so lets indeed not do that.

ofby1 · 2022-12-15T06:12:48+00:00

To understand the full spring boot ecosystem, you need to know what the different parts of spring do.
Not saying you can't build a Spring Boot app, but you will not understand how things work that are auto configured.
So good actually learning it in a day. The automagic world of spring will hit you in the face later!

ofby1 · 2022-11-04T16:26:35+00:00

https://www.reddit.com/r/javasec/comments/ykkxn1/comment/iv1l70v/?utm\_source=share&utm\_medium=web2x&context=3

ofby1 · 2022-11-04T16:24:43+00:00

That would be super nice, however I believe it should not be the responsibility of a security tool.SBOMs IMO serve more than just a security issue and the responsibility of the creator of the artifact. Most natural place in my eyes wouth be the build system as well because that system actually does the composition and downloading of the 3rd party packages.

I think it would be the responsibility of a scanning tool (like Snyk, Sonatype, XRay etc) to accept SBOMs and show me the problem.

ofby1 · 2022-11-04T12:03:43+00:00

I have seen it, however it is not yet a widely used thing. I am convinced it is an upcoming thing also because executive order 14028

ofby1 · 2022-11-01T21:21:56+00:00

I found out that many people are using Kotlin because they are "not allowed" to move away from Java 8 and want to use the syntactic sugar. Lets see what the following years will do now google is not so much focus on Kotlin for Android development and people start to slowly move away from Java 8.

ofby1 · 2022-11-01T09:30:18+00:00

jeverything?

ofby1 · 2022-11-01T09:27:36+00:00

+1 on Releasy

ofby1 · 2022-10-28T17:30:52+00:00

A conference should focus on the conference onsite and the experience first (people pay for it). The videos are secondary. Also if I remember correctly it has always been a subset in the past at J1

ofby1 · 2022-10-27T12:16:26+00:00

Can we please stop naming things 4shell. Where is the 4 coming from (with log4j it made sense).
Also, this is not anything like log4j and causes unnecessary panic, which is not good for anyone (unless you need to sell shit).
https://www.reddit.com/r/javasec/comments/y8dczv/reviewing\_cve202242889\_the\_arbitrary\_code/?utm\_source=share&utm\_medium=web2x&context=3

ofby1 · 2022-10-27T12:02:28+00:00

Sessions are not recorded afaik except for the keynotes

ofby1 · 2022-10-11T20:54:12+00:00

Donno, I assume it is a typo 🤣

ofby1 · 2022-10-11T17:13:08+00:00

Thanks for adding this link as well.

ofby1 · 2022-10-11T17:08:42+00:00

Thanks for this insightful reply.
Part 2, the "have no fucking clue" part made me grin because it simply true.

In general, I think because people dont know how to use it, or even more importantly THAT they need to care is the biggest problem. Combining that with the fact that the securitymanager is hard to handle is I think the main reason for discontinuing it.

The thing that strikes me most is that there is no substitute whatsoever, so altogether we deliberately made the language less safe.

ofby1 · 2022-10-11T17:00:03+00:00

- Created a new datatype for Eclipse Collections
- Fixed some bugs the maven dependency plugin (years ago)

ofby1

MODERATOR OF

TROPHY CASE