adplus-dvertising
Connect with us

Tech

Java News Roundup: WildFly 31, Eclipse Store 1.1, Liberica NIK, Quarkus, JHipster Lite – InfoQ.com

Published

 on


This week’s Java roundup for January 22nd, 2024 features news highlighting: WildFly 31.0.0, Eclipse Store 1.1.0, BellSoft Liberica Native Image Kit, multiple Quarkus and JHipster Lite releases and Jakarta EE 11 updates.

OpenJDK

After its review had concluded JEP 455, Primitive Types in Patterns, instanceof, and switch (Preview), has been promoted from Proposed to Target to Targeted for JDK 23. This JEP, under the auspices of Project Amber, proposes to enhance pattern matching by allowing primitive type patterns in all pattern contexts, and extend instanceof and switch to work with all primitive types. Aggelos Biboudis, Principal Member of Technical Staff at Oracle, has recently published an updated draft specification for this feature.

JDK 23

Build 7 of the JDK 23 early-access builds was made available this past week featuring updates from Build 6 that include fixes for various issues. More details on this release may be found in the release notes.

JDK 22

Build 33 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 32 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.

Jakarta EE 11

In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, has provided an update on the progress of Jakarta EE 11 and beyond. As per the Jakarta EE Specification Process, the Jakarta EE Specification Committee will conduct a progress review of the planned Jakarta EE 11 release and vote on a ballot to approve. If the ballot does not pass, the release date of Jakarta EE 11 could be delayed.

Also, the Jakarta EE Working Group has been thinking beyond Jakarta EE 11 and discussing some ideas for new specifications, such as Jakarta AI. The group has created this Google Doc for the Java community to review and provide input/feedback.

Spring Framework

The Spring Framework team has disclosed that versions 6.1.3 and 6.0.16, released on January 11, 2024, addressed CVE-2024-22233, Spring Framework Server Web DoS Vulnerability, that allows an attacker to provide a specially crafted HTTP request that may cause a denial-of-service condition if the application uses Spring MVC and Spring Security 6.1.6+ or 6.2.1+ is on the classpath.

Version 3.2.1 and 3.1.8 of Spring Shell have been released deliver notable changes: a resolution for the command alias not working on the type level when the subcommand is empty; a split of the JLine dependencies due to issues with native image and to avoid importing classes that may not be needed in an application; and a resolution to the shell cursor not being restored in the terminal multiplexer (tmux) if the shell is hiding the cursor. Both versions build upon Spring Boot 3.2.2 and 3.1.8, respectively. More details on these releases may be found in the release notes for version 3.2.1 and version 3.1.8.

The release of Spring Cloud Commons 4.1.1 has been released featuring a bug fix in which implementations of the Spring Framework BeanPostProcessor interface were not registered correctly when the @LoadBalanced annotation bean was instantiated during auto-configuration. Further details on this release may be found in the release notes.

BellSoft

BellSoft has released versions 23.1.2 for JDK 21 and 23.0.3 for JDK 17 of their Liberica Native Image Kit builds as part of the Oracle Critical Patch Update for January 2024 to address several security and bug fixes. Other notable improvements include: support for AWT and JavaFX fullscreen mode; intrinsified memory copying routines on AMD64 platforms and, where available, they now use AVX instructions for better performance; and SubstrateVM monitor enter/exit routines for accelerated startup of native images.

WildFly

Red Hat has released version 31 of WildFly with application server features such as: support for MicroProfile 6.1, Hibernate ORM 6.4.2, Hibernate Search 7.0.0 and Jakarta MVC 2.1; and the ability to exchange messages from the MicroProfile Reactive Messaging 3.0 specification with Advances Messaging Queuing Protocol (AMQP) 1.0. This release also introduces WildFly Glow, a command line and a set of tools to “provision a trimmed WildFly server instance that contains the server features that are required by an application.” InfoQ will follow up with a more detailed news story.

Quarkus

Red Hat has also released version 3.6.7 of Quarkus with notable changes such as: ensure that the refreshed CSRF cookie retains its original value based on the presence of the token header; dependency management for the Hibernate JPA 2 Metamodel Generator; and a resolution to entity manager issues with Spring Data JPA when using multiple persistence units. More details on this release may be found in the changelog.

Quarkus 3.2.10.Final, the tenth maintenance release in the 3.2 LTS release train, primarily delivers resolutions to CVEs such as: CVE-2023-5675, an authorization flaw with endpoints used in Quarkus RestEasy Reactive and Classic applications customized by Quarkus extensions using the annotation processor; and CVE-2023-6267, an annotation-based security flaw in which the JSON body that a resource may consume is being processed, i.e., deserialized, prior to the security constraints being evaluated and applied. Further details on this release may be found in the changelog.

Helidon

The release of Helidon 4.0.4 delivers notable changes such as: a resolution to the currentSpan() method defined in the TracerProviderHelper class throwing a NullPointerException in situations where an implementation of the TracerProvider class is null; a cleanup and simplification of the logic to determine which type of IP addresses, v4 or v6, to consider during name resolution in WebClient configuration; and security propagation is now disabled when not properly configured. More details on this release may be found in the changelog.

Micronaut

The Micronaut Foundation has released version 4.2.4 of the Micronaut Framework featuring Micronaut Core 4.2.4, bug fixes, dependency upgrades and updates to modules: Micronaut AWS, Micronaut Flyway, Micronaut JAX-RS, Micronaut JMS, Micronaut MicroStream, Micronaut MQTT and Micronaut Servlet. Further details on this release may be found in the release notes.

Hibernate

The release of Hibernate Reactive 2.2.2.Final ships with: a dependency upgrade to Hibernate ORM 6.4.2.Final; removal of unused code that caused a ClassCastException in Quarkus at start up; and new annotations, @EnableFor and @DisabledFor, to enable and disable, respectively, tests for database types. More details on this release may be found in the release notes.

The second alpha release of Hibernate Search 7.1.0 provides: compatibility with Hibernate ORM 6.4.2.Final, Lucene 9.9.1 and Elasticsearch 8.12; an integration of the Elasticsearch/OpenSearch vector search capabilities; and the ability to look up the capabilities of each field when inspecting the metamodel. Further details on this release may be found in the release notes.

Eclipse Store

The release of Eclipse Store 1.1.0 delivers new features such as: monitoring support using the Java Management Extensions (JMX) framework; integration with Spring Boot 3.x; and an implementation of JSR 107, Java Temporary Caching API (JCache). More details on this release may be found in the release notes.

Infinispan

Versions 15.0.0.Dev07 and 14.0.22.Final of Infinispan ship with dependency upgrades and resolutions to notable bug fixes such as: a flaky test failure from the testExpirationCompactionOnLogFile() method defined in the SoftIndexFileStoreFileStatsTest class; an IllegalArgumentException from within the getMembersPhysicalAddresses() method defined in the JGroupsTransport class; and a NullPointerException due to a failover of the Hot Rod Client hanging. Further details on these releases may be found in the release notes for version 15.0.0.Dev07 and version 14.0.22.

JHipster

Versions 1.3.0, 1.2.1 and 1.2.0 of JHipster Lite have been released to deliver bug fixes, dependency upgrades and new features/enhancements such as: use of the LinkedHashSet class instead of the HashSet class for improved reproducible generated code; use of Signals and Control Flow, new features of Angular 17; and support for Protocol Buffers. More details on these releases may be found in the release notes for version 1.3.0, version 1.2.1 and version 1.2.0.

Testcontainers for Java

The release of Testcontainers for Java 1.19.4 ships with bug fixes, improvements in documentation and new features such as: an enhancement in the exec command that supports setting a work directory and environmental variables; support for MySQL 8.3; and an increase of the default startup time for Selenium to 60 seconds. Further details on this release may be found in the release notes.

Gradle

The third release candidate of Gradle 8.6 provides continuous improvement in: support for custom encryption keys in the configuration cache via the GRADLE_ENCRYPTION_KEY environment variable; improvements in error and warning reporting; improvements in the Build Init Plugin to support various types of projects; and enhanced build authoring for plugin authors and build engineers to develop custom build logic. More details on this release may be found in the release notes.

About the Author

Adblock test (Why?)

728x90x4

Source link

Continue Reading

News

The Internet is Littered in ‘Educated Guesses’ Without the ‘Education’

Published

 on

Although no one likes a know-it-all, they dominate the Internet.

The Internet began as a vast repository of information. It quickly became a breeding ground for self-proclaimed experts seeking what most people desire: recognition and money.

Today, anyone with an Internet connection and some typing skills can position themselves, regardless of their education or experience, as a subject matter expert (SME). From relationship advice, career coaching, and health and nutrition tips to citizen journalists practicing pseudo-journalism, the Internet is awash with individuals—Internet talking heads—sharing their “insights,” which are, in large part, essentially educated guesses without the education or experience.

The Internet has become a 24/7/365 sitcom where armchair experts think they’re the star.

Not long ago, years, sometimes decades, of dedicated work and acquiring education in one’s field was once required to be recognized as an expert. The knowledge and opinions of doctors, scientists, historians, et al. were respected due to their education and experience. Today, a social media account and a knack for hyperbole are all it takes to present oneself as an “expert” to achieve Internet fame that can be monetized.

On the Internet, nearly every piece of content is self-serving in some way.

The line between actual expertise and self-professed knowledge has become blurry as an out-of-focus selfie. Inadvertently, social media platforms have created an informal degree program where likes and shares are equivalent to degrees. After reading selective articles, they’ve found via and watching some TikTok videos, a person can post a video claiming they’re an herbal medicine expert. Their new “knowledge,” which their followers will absorb, claims that Panda dung tea—one of the most expensive teas in the world and isn’t what its name implies—cures everything from hypertension to existential crisis. Meanwhile, registered dietitians are shaking their heads, wondering how to compete against all the misinformation their clients are exposed to.

More disturbing are individuals obsessed with evangelizing their beliefs or conspiracy theories. These people write in-depth blog posts, such as Elvis Is Alive and the Moon Landings Were Staged, with links to obscure YouTube videos, websites, social media accounts, and blogs. Regardless of your beliefs, someone or a group on the Internet shares them, thus confirming your beliefs.

Misinformation is the Internet’s currency used to get likes, shares, and engagement; thus, it often spreads like a cosmic joke. Consider the prevalence of clickbait headlines:

  • You Won’t Believe What Taylor Swift Says About Climate Change!
  • This Bedtime Drink Melts Belly Fat While You Sleep!
  • In One Week, I Turned $10 Into $1 Million!

Titles that make outrageous claims are how the content creator gets reads and views, which generates revenue via affiliate marketing, product placement, and pay-per-click (PPC) ads. Clickbait headlines are how you end up watching a TikTok video by a purported nutrition expert adamantly asserting you can lose belly fat while you sleep by drinking, for 14 consecutive days, a concoction of raw eggs, cinnamon, and apple cider vinegar 15 minutes before going to bed.

Our constant search for answers that’ll explain our convoluted world and our desire for shortcuts to success is how Internet talking heads achieve influencer status. Because we tend to seek low-hanging fruits, we listen to those with little experience or knowledge of the topics they discuss yet are astute enough to know what most people want to hear.

There’s a trend, more disturbing than spreading misinformation, that needs to be called out: individuals who’ve never achieved significant wealth or traded stocks giving how-to-make-easy-money advice, the appeal of which is undeniable. Several people I know have lost substantial money by following the “advice” of Internet talking heads.

Anyone on social media claiming to have a foolproof money-making strategy is lying. They wouldn’t be peddling their money-making strategy if they could make easy money.

Successful people tend to be secretive.

Social media companies design their respective algorithms to serve their advertisers—their source of revenue—interest; hence, content from Internet talking heads appears most prominent in your feeds. When a video of a self-professed expert goes viral, likely because it pressed an emotional button, the more people see it, the more engagement it receives, such as likes, shares and comments, creating a cycle akin to a tornado.

Imagine scrolling through your TikTok feed and stumbling upon a “scientist” who claims they can predict the weather using only aluminum foil, copper wire, sea salt and baking soda. You chuckle, but you notice his video got over 7,000 likes, has been shared over 600 times and received over 400 comments. You think to yourself, “Maybe this guy is onto something.” What started as a quest to achieve Internet fame evolved into an Internet-wide belief that weather forecasting can be as easy as DIY crafts.

Since anyone can call themselves “an expert,” you must cultivate critical thinking skills to distinguish genuine expertise from self-professed experts’ self-promoting nonsense. While the absurdity of the Internet can be entertaining, misinformation has serious consequences. The next time you read a headline that sounds too good to be true, it’s probably an Internet talking head making an educated guess; without the education seeking Internet fame, they can monetize.

______________________________________________________________

 

Nick Kossovan, a self-described connoisseur of human psychology, writes about what’s

on his mind from Toronto. You can follow Nick on Twitter and Instagram @NKossovan.

 

Continue Reading

Tech

Tight deadlines on software projects can put safety at risk: survey

Published

 on

 

TORONTO – A new survey says a majority of software engineers and developers feel tight project deadlines can put safety at risk.

Seventy-five per cent of the 1,000 global workers who responded to the survey released Tuesday say pressure to deliver projects on time and on budget could be compromising critical aspects like safety.

The concern is even higher among engineers and developers in North America, with 77 per cent of those surveyed on the continent reporting the urgency of projects could be straining safety.

The study was conducted between July and September by research agency Coleman Parkes and commissioned by BlackBerry Ltd.’s QNX division, which builds connected-car technology.

The results reflect a timeless tug of war engineers and developers grapple with as they balance the need to meet project deadlines with regulations and safety checks that can slow down the process.

Finding that balance is an issue that developers of even the simplest appliances face because of advancements in technology, said John Wall, a senior vice-president at BlackBerry and head of QNX.

“The software is getting more complicated and there is more software whether it’s in a vehicle, robotics, a toaster, you name it… so being able to patch vulnerabilities, to prevent bad actors from doing malicious acts is becoming more and more important,” he said.

The medical, industrial and automotive industries have standardized safety measures and anything they produce undergoes rigorous testing, but that work doesn’t happen overnight. It has to be carried out from the start and then at every step of the development process.

“What makes safety and security difficult is it’s an ongoing thing,” Wall said. “It’s not something where you’ve done it, and you are finished.”

The Waterloo, Ont.-based business found 90 per cent of its survey respondents reported that organizations are prioritizing safety.

However, when asked about why safety may not be a priority for their organization, 46 per cent of those surveyed answered cost pressures and 35 per cent said a lack of resources.

That doesn’t surprise Wall. Delays have become rampant in the development of tech, and in some cases, stand to push back the launch of vehicle lines by two years, he said.

“We have to make sure that people don’t compromise on safety and security to be able to get products out quicker,” he said.

“What we don’t want to see is people cutting corners and creating unsafe situations.”

The survey also took a peek at security breaches, which have hit major companies like London Drugs, Indigo Books & Music, Giant Tiger and Ticketmaster in recent years.

About 40 per cent of the survey’s respondents said they have encountered a security breach in their employer’s operating system. Those breaches resulted in major impacts for 27 per cent of respondents, moderate impacts for 42 per cent and minor impacts for 27 per cent.

“There are vulnerabilities all the time and this is what makes the job very difficult because when you ship the software, presumably the software has no security vulnerabilities, but things get discovered after the fact,” Wall said.

Security issues, he added, have really come to the forefront of the problems developers face, so “really without security, you have no safety.”

This report by The Canadian Press was first published Oct. 8, 2024.

Companies in this story: (TSX:BB)

The Canadian Press. All rights reserved.

Source link

Continue Reading

Tech

Beware of scams during Amazon’s Prime Big Deal Days sales event: cybersecurity firm

Published

 on

 

As online shoppers hunt for bargains offered by Amazon during its annual fall sale this week, cybersecurity researchers are warning Canadians to beware of an influx of scammers posing as the tech giant.

In the 30 days leading up to Amazon’s Prime Big Deal Days, taking place Tuesday and Wednesday, there were more than 1,000 newly registered Amazon-related web domains, according to Check Point Software Technologies, a company that offers cybersecurity solutions.

The company said it deemed 88 per cent of those domains malicious or suspicious, suggesting they could have been set up by scammers to prey on vulnerable consumers. One in every 54 newly created Amazon-related domain included the phrase “Amazon Prime.”

“They’re almost indiscernible from the real Amazon domain,” said Robert Falzon, head of engineering at Check Point in Canada.

“With all these domains registered that look so similar, it’s tricking a lot of people. And that’s the whole intent here.”

Falzon said Check Point Research sees an uptick in attempted scams around big online shopping days throughout the year, including Prime Days.

Scams often come in the form of phishing emails, which are deceptive messages that appear to be from a reputable source in attempt to steal sensitive information.

In this case, he said scammers posing as Amazon commonly offer “outrageous” deals that appear to be associated with Prime Days, in order to trick recipients into clicking on a malicious link.

The cybersecurity firm said it has identified and blocked 100 unique Amazon Prime-themed scam emails targeting organizations and consumers over the past two weeks.

Scammers also target Prime members with unsolicited calls, claiming urgent account issues and requesting payment information.

“It’s like Christmas for them,” said Falzon.

“People expect there to be significant savings on Prime Day, so they’re not shocked that they see something of significant value. Usually, the old adage applies: If it seems too good to be true, it probably is.”

Amazon’s website lists a number of red flags that it recommends customers watch for to identify a potential impersonation scam.

Those include false urgency, requests for personal information, or indications that the sender prefers to complete the purchase outside of the Amazon website or mobile app.

Scammers may also request that customers exclusively pay with gift cards, a claim code or PIN. Any notifications about an order or delivery for an unexpected item should also raise alarm bells, the company says.

“During busy shopping moments, we tend to see a rise in impersonation scams reported by customers,” said Amazon spokeswoman Octavia Roufogalis in a statement.

“We will continue to invest in protecting consumers and educating the public on scam avoidance. We encourage consumers to report suspected scams to us so that we can protect their accounts and refer bad actors to law enforcement to help keep consumers safe.”

Falzon added that these scams are more successful than people might think.

As of June 30, the Canadian Anti-Fraud Centre said there had been $284 million lost to fraud so far this year, affecting 15,941 victims.

But Falzon said many incidents go unreported, as some Canadians who are targeted do not know how or where to flag a scam, or may choose not to out of embarrassment.

Check Point recommends Amazon customers take precautions while shopping on Prime Days, including by checking URLs carefully, creating strong passwords on their accounts, and avoiding personal information being shared such as their birthday or social security number.

The cybersecurity company said consumers should also look for “https” at the beginning of a website URL, which indicates a secure connection, and use credit cards rather than debit cards for online shopping, which offer better protection and less liability if stolen.

This report by The Canadian Press was first published Oct. 8, 2024.

Source link

Continue Reading

Trending