Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://java.duke.social/users/naomi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>naomi</span></a></span> <a href="https://infosec.space/tags/JVM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JVM</span></a> in <a href="https://infosec.space/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rust</span></a>, <em>when</em>?</p><p><a href="https://infosec.space/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Java</span></a> <a href="https://infosec.space/tags/MemirySafe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MemirySafe</span></a> <a href="https://infosec.space/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MemorySafety</span></a> <a href="https://infosec.space/tags/ProgrammingLanguages" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProgrammingLanguages</span></a> <a href="https://infosec.space/tags/Meme" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Meme</span></a> <a href="https://infosec.space/tags/Memes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Memes</span></a></p>
Viimatised otsingud
Otsimisvalikud
#java
17 postitusega15 osalejaga2 postitust täna
Google's vulnerability scanner checks container layers and Maven projects
The new version of Google's open source Vulnerability Scanner examines dependencies in container image layers and Maven projects.
heise online · Google's vulnerability scanner checks container layers and Maven projects
One of the great things about the #Java community is its commitment to inclusion.
At #JavaOne today there were at least two parents with babies (each only a few months old) attending the keynotes and sessions.
Shout out to @Sharat_Chander and crew for building an event that reflects the values of the community!
Hey there #fediverse, I’m looking to hire a senior engineer to work with some awesome folks on #Netflix’s build tools & test infrastructure. If you are interested please apply online! (see link in Toot)
My DMs are open if you have any questions about the role or if you want to let me know that you applied.
https://explore.jobs.netflix.net/careers/job/790301668836?utm_source=LinkedIn&domain=netflix.com
explore.jobs.netflix.netSenior Software Engineer (L5) — Build & Dependency Management Team (JVM Ecosystem) | USA - Remote | NetflixCommon Languages and Tools: Java & other JVM languages, Gradle, Nebula, Spring Boot, JUnit, GraphQL, Kafka, PostgreSQL. Implement and manage build solutions that enhance the efficiency and reliability of software delivery. Develop and maintain backwards-compatible tools for dependency management and analysis. Integrate internal and vendor-provided build and test infrastructure into engineering workflows, focusing on reliability and ease of use. Design and develop tools and infrastructure to automatically detect, quarantine, and reproduce flaky tests. Create and maintain tools for analysis of distributed tracing tools for test runs. Develop and integrate software solutions that provide high-quality synthetic test data generated from captured production traffic and API schema registries. Correlate test coverage data with code changes, runtime execution, and trace data for comprehensive reporting. Maintain a strong focus on scalability, usability, and reliability in platform design to support a growing cohort of engineers. Be willing and able to showcase our team's offerings to internal audiences Consult with other teams about how to best collaborate, integrate, and/or set up solutions for their needs A skilled software engineer with experience in developer platform or productivity teams. A meticulous software designer who researches and documents technical tradeoffs clearly and concisely. A self-motivated and organized individual who can independently drive engineering-wide solutions. A proactive communicator who engages effectively with technical and non-technical stakeholders. An advocate for strong build, dependency management, and testing practices, with familiarity in popular build tools, test frameworks, code coverage tools, continuous integration systems, and post-deployment verification methods (a healthy contempt for flaky tests is a plus). You have shipped and maintained Java code in production. You have worked on various technology stacks and are familiar with a variety of ways that software could be designed for different optimizations. You have designed and implemented build and dependency management solutions. You have built (and tested) custom Gradle plugins. You have assembled JVM Spring Boot applications using Gradle. You have experience with Nebula, Gradle, Maven, etc, for dependency management. You have experience with using and explaining Develocity dashboards. You are comfortable working with Zipkin or similar tools in the tracing space. You have implemented advanced log, metric, or error stacktrace analysis.
Java 24: Stream Gatherers, Class-File API and quantum-resistant algorithms
A total of 24 JEPs in JDK 24 extend stream processing, introduce quantum-resistant algorithms and provide an API for accessing class files.
heise online · Java 24: Stream Gatherers, Class-File API and quantum-resistant algorithms
Java 24 / JDK 24: General Availability: https://mail.openjdk.org/pipermail/jdk-dev/2025-March/009843.html
Features: https://openjdk.org/projects/jdk/24/
A decent explanation of the Apache TomCat bug I posted a link to the PoC for earlier:
https://scrapco.de/blog/analysis-of-cve-2025-24813-apache-tomcat-path-equivalence-rce.html
scrapco.deLingua Diabolis | Analysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE
PoC vulnerable app for the Camel bug:
https://github.com/akamai/CVE-2025-27636-Apache-Camel-PoC
Code that may/may not exhibit the same kinds of problems:
https://github.com/search?q=import+org.apache.camel+RouteBuilder&type=code
GitHubGitHub - akamai/CVE-2025-27636-Apache-Camel-PoCContribute to akamai/CVE-2025-27636-Apache-Camel-PoC development by creating an account on GitHub.
SideWinder targets the maritime and nuclear sectors with an updated toolset
The SideWinder APT group intensified its activities in the second half of 2024, targeting maritime infrastructures, logistics companies, and nuclear sectors across Asia, the Middle East, and Africa. The group updated its toolset, including improvements to its RTF exploit, JavaScript loader, and Backdoor Loader. SideWinder's infection chain begins with spear-phishing emails containing malicious DOCX files, exploiting CVE-2017-11882 to deliver a multi-stage payload. The group demonstrated agility in evading detection, often updating their tools within hours of being identified. Notable targets included government entities, military installations, and diplomatic missions, with an increased focus on maritime and nuclear-related organizations.
Pulse ID: 67cebdf90f3d662d90cb0701
Pulse Link: https://otx.alienvault.com/pulse/67cebdf90f3d662d90cb0701
Pulse Author: AlienVault
Created: 2025-03-10 10:24:57
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Bonjour/soir!
Je suis un développeur débutant. Je ne suis pas vraiment nouveau sur Mastodon, mais j'ai décidé d'abandonner mes pseudos.
J'ai ma propre distribution Linux (une modification de Arch orientée laptop/Clevo). Je code des programmes bizarres, comme des outils de stéganographie ou dernièrement un outil CLI de téléchargement automatisé de podcasts pour la plateforme Radio France.
I just discovered Jshell, a Java REPL shell. It's like Python's interactive shell , but in Java ;-)
It's not new. Jshell was introduced in ... Java 9. Shame to me I only learn about it in Java 23!
asciinema.orgJshell 23.0.2 demoAre you aware you can now *script* Java ? Did you know Java has an interactive shell? Showing use of the shell, performing Base64 encoding/decoding, functions, completion etc.
“Sukatani, a punk rock duo hailing from Purbalingga in Central #Java, went viral after they uploaded a video on Instagram on Thursday apologising for their song “Bayar, Bayar, Bayar”, or “Pay, Pay, Pay”, which denounces police over corruption.”
#Indonesia: a punk band’s apology for anti-police song sparks outcry over perceived censorship
#tootsea
South China Morning Post · Censorship in Indonesia? Outcry over punk band’s apology for anti-police songActivists say there may now be a ‘chilling effect’ of artists censoring themselves to avoid persecution from authorities.