Category Archives: newsflash

Newsflash: “Secure” in Your Browser’s URL doesn’t Always Mean “Safe”

This is a topic I consider important enough to abandon the “non-commercial-only” policy of BeyondJava.net. I hardly ever quote from or link to professional web pages unless they are so ubiquitous you can’t avoid them or there’s a good reason to do so. Web security definitely is one of the best reasons. Today, Wordfence – a professional company providing a popular WordPress security plugin – has published an interesting blog post about the green “secure” bar in your browser’s URL.

Secure vs. safe

Cutting a long story short, “secure” doesn’t mean the same as “safe”. That’s particularly annoying for Spanish and German users because these languages don’t distinguish between secure and safe. (Chances are that this holds true for many, if not most, other languages, too). Users read a green “secure” in the address bar and feel “safe”.

But in reality “secure” means that the connection between the client and the server is secure. That’s great. It means that nobody can intercept the messages and manipulate them. But that’s all it means. It does not prevent the server from being malicious.

Revoking security certificates

The good news is that when a malicious website is discovered, the certificate guaranteeing the security of the connection usually is revoked, and the server is added to a blacklist. But that takes time, and it’s not guaranteed it’ll ever happen for a particular malicious website. Plus, Wordfence reports that the revocation of a certificate does not or not always result in a red address bar. You can see the revocation, but this information is buried in the developer tools. In other words, it’s invisible to most casual users.

Stay alert!

It’s a good thing that Google has added the “secure” and “insecure” bars to the browser’s address bar, but that doesn’t mean you don’t have to be careful. Keep looking at the address bar. Keep looking for anomalies. Nowadays, fake URLs are increasingly clever, but even so, you can spot most of them if you’re alert. The Wordfence blog covers the topic in much more detail and has a few interesting examples of fake URLs.

Newsflash: Concurrency Explained with Starbucks

It’s hard to get concurrency right! Especially for programmers who try to program it using a low-level language like, say, Java 5. In no time, you’ll run into all kinds of problems like deadlocks, race conditions and synchronization, just to name a few. That’s why I recommend using a language like Scala if you need to leverage the power of all your CPU’s core.

Funny thing is that it’s surprisingly easy to explain concurrency in simple words. This article maps concurrency to a real-world example. Serving coffee to customers is a good example on how to use multithreading to improve performance. Read the full story at particular.net. This article even explains advanced topics like out-of-order execution and speculative execution. Highly recommended!

Newsflash: Angular 2 Survey Results

Granted, I can hardly call the news of this newsflash “new”: it has been published Sept 01, 2015. But it’s very interesting nonetheless. The AngularJS team’s blog has the results of a survey asking developers what they expect of Angular 2. Each survey result is spiced with an in-depth analysis, many of which provide additional information about Angular 2. Highly recommended.

Read the survey results at http://angularjs.blogspot.de/2015/09/angular-2-survey-results.html.

Newsflash: Hope for Groovy

Pivotal’s recent announcement to drop both Groovy and Grails shook the Groovy community. The entire Java community, actually. Can we afford to invest in an open source project run by a company? Companies are sold and bought all the time, and the new owner may drop the previous owner’s pet projects without warning. That’s the story of Groovy and Grails.

I can’t help but wonder what that means to other projects. What if management decides to cut costs by releasing a project to freedom? You get the point: this move cost a lot of trust in frameworks run by a company. Any company, actually.

Among other things, the affair shows that open source isn’t a free lunch. Why don’t you support a project you’re fond of? It’s easy: tweet about it, or report a bug. You may even complain about the lousy documentation. That’s not a big deal, but it helps the developers a lot. They learn their documentation is read, and start to improve it.

At least in the case of Groovy, there’s hope. Guillaume Laforge, the public face of Groovy, has found a new job at a company that uses Groovy for their products. He won’t be able to work on Groovy full-time, but still, Guillaumes statement on reddit sounds encouraging:

Of course Groovy lives on! And I’ll still be wearing my Groovy hat on, even if only part time during my day job at Restlet. The project will indeed continue to be developed, with new features, performance improvements, more Java 8 related features, etc. We’re also going to announce in the coming days that the project is joining a foundation, to make the project more resilient!

That’s the second good news, provided it comes true. The Groovy project isn’t going to be homeless, but will be run by a foundation, which hopefully gives it an opportunity to flourish as lively as it did in the past.

Dig deeper

Guillaume Laforge joins Restlet
Let’s make APIs Grooyer
Discussion on reddit on the topic
InfoQ on the future of Groovy
Pivotal’s announcement to drop Groovy and Grails

Newsflash: Generate Random Test Data With jPopulator

Writing unit tests is hard work. Much of the hardship is preparing the test data. In my daily work life, I often deal with large business objects you can’t really mock. Refactoring might help, but it’s not an option: I don’t own the data structure.

I encountered this scenario more often than not, so I suppose it’s a scenario familiar to most of you, too.

Another difficult scenario is load and performance test. Wouldn’t it be nice to populate the database with thousands or millions of records to see what happens to the performance?

jPopulator comes to the rescue. jPopulator is a small framework written by Mahmoud Ben Hassine” (together with a couple of contributors).

The nice thing about jPopulator is it deals with complex data structures. The example on the jPopulator GitHub page consists of four classes, related to each other by 1:1 relations. I didn’t try the framework with other test scenarios yet, but judging from the source code jPopulator also supports much more complex data structures. Be that as it may, even writing tests for those four classes is a pain if done manually: they consist of 15 attributes that have to be filled.
Continue reading

Newsflash: Ceylon 1.1 published

Yesterday (Oct 9, 2014) Ceylon 1.1 has been published.

For those who don’t know Ceylon yet: Ceylon is one of the interesting emerging JVM languages introducing many interesting features. For example I reported about Ceylon’s interesting approach to get rid of NullPointerExceptions some time ago. Ceylon is developed by Red Hat’s Gavin King, who’s already well-known from his work on Hibernate and Seam.

As far as I can see, the language itself hasn’t changed much. Instead the team concentrated on performance, the SDK, the Eclipse IDE and the libraries.

Dig deeper:

Gavin King’s Ceylon 1.1 announcement
Reddit discussion on Ceylon 1.1

Newsflash: React Speeds Up AngularJS Rendering

Today I’ve read about a small but interesting framework called React.js that convinced me to start a new series on this blog. Newsflashes are small articles, just two or three sentences, describing an interesting idea and providing a link to read on. They are less thoroughly researched than the full-fledged articles of BeyondJava.net. Instead I’ll go with my guts to choose interesting bits of information.

React is a lightweight Javascript framework focusing on the UI. According to the project page, using a virtual DOM difference algorithm makes it very fast. Thierry Nicola decribes in his article how to combine AngularJS and React to make your AngularJS application faster.

While the effect is impressive, chances are you’re going to benefit from React without having to use it yourself. My bet is many frameworks, possible even browsers, are going to use virtual DOM by default.