Recent Posts

Links

  • 1. Sogeti
  • 2. JBoss
  • 3. IBM
  • 4. Oracle
  • 5. SpringSource
  • 6. NL-JUG
  • 7. Java

Archives

Syndication  RSS 2.0

RSS 1.0
RSS 2.0

Bookmark this site

Add 'JCN Blog' site to delicious  Add 'JCN Blog' site to technorati  Add 'JCN Blog' site to digg  Add 'JCN Blog' site to dzone

Posted by Ruud Steeghs at 16:01 on Tuesday 3 February    Add 'Tom Baeyens op Engineering World' site to delicious  Add 'Tom Baeyens op Engineering World' site to technorati  Add 'Tom Baeyens op Engineering World' site to digg  Add 'Tom Baeyens op Engineering World' site to dzone

Zaterdag 7 februari aanstaande vindt in Zeist het jaarlijkse seminar Engineering World plaats. Eén van de sprekers dit jaar is Tom Baeyens, de man achter jBPM van JBoss. Andere interessante Java gerelateerde onderwerpen zijn Codestyle – Noodzaak of Irritatie, Scrum in de praktijk, Application Security Architecture en Software Ontwikkeling van mens naar Machine. De toegang is gratis en inschrijven kan via de site van Engineering World.

Tags:

Posted by Ron Lievens at 9:36 on Friday 30 January    Add 'Why Many Java Performance Tests are Wrong' site to delicious  Add 'Why Many Java Performance Tests are Wrong' site to technorati  Add 'Why Many Java Performance Tests are Wrong' site to digg  Add 'Why Many Java Performance Tests are Wrong' site to dzone

A lot of ‘performance tests’ are posted online lately. Many times these performance tests are implemented and executed in a way that completely ignores the inner workings of the Java VM. In this post you can find some basic knowledge to improve your performance testing. Remember, I am not a professional performance tester, so put your tips in the comments!

Read the full artical at: http://java.dzone.com/articles/why-many-java-performance-test

Tags:

Posted by Ron Lievens at 14:06 on Tuesday 13 January    Add 'More Than Coding Errors Behind Bad Software' site to delicious  Add 'More Than Coding Errors Behind Bad Software' site to technorati  Add 'More Than Coding Errors Behind Bad Software' site to digg  Add 'More Than Coding Errors Behind Bad Software' site to dzone

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

The Top 25 is organized into three high-level categories that contain multiple CWE entries.

Insecure Interaction Between Components

These weaknesses are related to insecure ways in which data is sent and received between separate components, modules, programs, processes, threads, or systems.

  • CWE-20: Improper Input Validation
  • CWE-116: Improper Encoding or Escaping of Output
  • CWE-89: Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
  • CWE-79: Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
  • CWE-78: Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)
  • CWE-319: Cleartext Transmission of Sensitive Information
  • CWE-352: Cross-Site Request Forgery (CSRF)
  • CWE-362: Race Condition
  • CWE-209: Error Message Information Leak

Risky Resource Management

The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources.

  • CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
  • CWE-642: External Control of Critical State Data
  • CWE-73: External Control of File Name or Path
  • CWE-426: Untrusted Search Path
  • CWE-94: Failure to Control Generation of Code (aka ‘Code Injection’)
  • CWE-494: Download of Code Without Integrity Check
  • CWE-404: Improper Resource Shutdown or Release
  • CWE-665: Improper Initialization
  • CWE-682: Incorrect Calculation

Porous Defenses

The weaknesses in this category are related to defensive techniques that are often misused, abused, or just plain ignored.

  • CWE-285: Improper Access Control (Authorization)
  • CWE-327: Use of a Broken or Risky Cryptographic Algorithm
  • CWE-259: Hard-Coded Password
  • CWE-732: Insecure Permission Assignment for Critical Resource
  • CWE-330: Use of Insufficiently Random Values
  • CWE-250: Execution with Unnecessary Privileges
  • CWE-602: Client-Side Enforcement of Server-Side Security

News Sources

Tags:

Posted by Hans-Jürgen Jacobs at 15:34 on Monday 5 January    Add 'Software development predictions for 2009' site to delicious  Add 'Software development predictions for 2009' site to technorati  Add 'Software development predictions for 2009' site to digg  Add 'Software development predictions for 2009' site to dzone

Bij de start van een nieuw jaar horen ook de verwachtingen voor dat jaar. Neil McAllister heeft in ieder geval zijn mening, ook over Java, gegeven. Wat zijn jullie verwachtingen?

Lees zijn verwachtingen: Software development predictions for 2009

Tags:

Posted by Willem van de Griendt at 12:10 on Tuesday 25 November    Add 'Free Sun Certified Developer for Java Web Services (SCDJWS) beta exam' site to delicious  Add 'Free Sun Certified Developer for Java Web Services (SCDJWS) beta exam' site to technorati  Add 'Free Sun Certified Developer for Java Web Services (SCDJWS) beta exam' site to digg  Add 'Free Sun Certified Developer for Java Web Services (SCDJWS) beta exam' site to dzone

Are you a Developer who is responsible for creating web services applications using Java technology components such as those supported by the Glassfish Metro Web service stack and the Java Enterprise Edition 5 platform? If so, this is your opportunity to get involved in the creation of the Java Web Services exam! Read more…

Tags:

Posted by Willem van de Griendt at 12:03 on Wednesday 1 October    Add 'FREE: Sun Certified Specialist Netbeans IDE Beta Certification Exam' site to delicious  Add 'FREE: Sun Certified Specialist Netbeans IDE Beta Certification Exam' site to technorati  Add 'FREE: Sun Certified Specialist Netbeans IDE Beta Certification Exam' site to digg  Add 'FREE: Sun Certified Specialist Netbeans IDE Beta Certification Exam' site to dzone

Are you a Programmer who is responsible for developing Java desktop and Java web applications using the NetBeans IDE? If so, this is your opportunity to get involved in the creation of the Netbeans IDE exam!!!!!
As a beta tester, you officially test the test and will be able to provide Sun with valuable comments and technical feedback about the Netbeans IDE questions. The Sun beta exam counts towards official SCSNI Certification! Read more…

Tags:

Posted by Hans-Jürgen Jacobs at 13:24 on Monday 22 September    Add 'Neil Bartlett: OSGi Book Update: First “Whole Book” Release' site to delicious  Add 'Neil Bartlett: OSGi Book Update: First “Whole Book” Release' site to technorati  Add 'Neil Bartlett: OSGi Book Update: First “Whole Book” Release' site to digg  Add 'Neil Bartlett: OSGi Book Update: First “Whole Book” Release' site to dzone

 

Eerst versie van OSGI boek beschikbaar. Download it here! [Neil Bartlett]

Tags:

Posted by jcn at 9:57 on Tuesday 12 August    Add 'Security vulnerabilities found in open source Java projects' site to delicious  Add 'Security vulnerabilities found in open source Java projects' site to technorati  Add 'Security vulnerabilities found in open source Java projects' site to digg  Add 'Security vulnerabilities found in open source Java projects' site to dzone

Op de serverside wordt gesproken over “software vendor Fortify Software claims that a wide variety of vulnerabilities in projects such as Struts, Hibernate, and Geronimo”. Ook het Spring framework bevat security issues. Op searchsoftwarequality.com wordt gesproken over “Critical security issues found in the Spring Framework”en “Keith Donald, principal software engineer at SpringSource, said they are working with security experts at Ounce Labs to raise awareness within the Spring community of these two issues.

http://www.theserverside.com/news/thread.tss?thread_id=50237

http://searchsoftwarequality.techtarget.com/news/article/0,289142,sid92_gci1321417,00.html

Tags: , ,

Posted by Rino Kadijk at 9:44 on Wednesday 16 July    Add 'Closures for Java' site to delicious  Add 'Closures for Java' site to technorati  Add 'Closures for Java' site to digg  Add 'Closures for Java' site to dzone

Wat zijn Closures? Op de blog van Neal Gafter staat het volgende:

Modern programming languages provide a mixture of primitives for composing programs. C#, Javascript, Ruby, Scala, and Smalltalk (to name just a few) have direct language support for function types and inline function-valued expression, called closures. A proposal for closures is working its way through the C++ standards committees as well. Function types provide a natural way to express some kinds of abstraction that are currently quite awkward to express in Java. For programming in the small, closures allow one to abstract an algorithm over a piece of code; that is, they allow one to more easily extract the common parts of two almost-identical pieces of code. For programming in the large, closures support APIs that express an algorithm abstracted over some computational aspect of the algorithm. We propose to add function types and closures to Java. We anticipate that the additional expressiveness of the language will simplify the use of existing APIs and enable new kinds of APIs that are currently too awkward to express using the best current idiom: interfaces and anonymous classes.

14 december 2007 werd er een bericht op JCN Blog
geplaatst over de presentatie van Joshua Bloch over closure support in Java. Vervolgens reageerde James Gosling als volgt op zijn blog:

There has been a lot of chatter about the closures proposal penned by Neal Gafter. And, in particular, whether or not I support it. I absolutely do.

Volgens de blog van Neal Gafter lijkt de specificatie eraan te komen voor JDK 7. Hij schrijft het volgende:

I’m co-author of a draft proposal for adding support for closures to the Java programming language for the Dolphin (JDK 7) release. It was carefully designed to interoperate with the current idiom of one-method interfaces. An abbreviated version of the original proposal is reproduced below. The latest version of the proposal and a prototype can be found at http://www.javac.info/.

Gilad Bracha, Neal Gafter, James Gosling, Peter von der Ahé

In zijn videopresentatie legt Neal Gafter uit welke voordelen Closures bieden ten opzichte van de huidige mogelijkheden.

http://gafter.blogspot.com/2006/08/closures-for-java.html
http://www.javac.info/
http://www.parleys.com/display/PARLEYS/Home#talk=5210267;title=The%20Closures%20Controversy;slide=51
http://java.sogeti.nl/blogs/ontheroad/index.php/2007/12/14/the-closures-controversy-door-joshua-bloch/#more-423
http://blogs.sun.com/jag/entry/closures
http://video.google.com/videoplay?docid=4051253555018153503

Tags: ,

Posted by Rino Kadijk at 9:22 on Friday 11 July    Add 'Java 7 NIO update JSR-203' site to delicious  Add 'Java 7 NIO update JSR-203' site to technorati  Add 'Java 7 NIO update JSR-203' site to digg  Add 'Java 7 NIO update JSR-203' site to dzone

Deze video presentatie duurt ongeveer een uur en laat duidelijk zien welke vernieuwingen er op het programma staan voor Java 7. De presentatie is ook op JavaOne gepresenteerd.

Google Tech Talks
May, 1 2008

ABSTRACT

JSR-203 is the NIO update JSR scheduled for release with Java 7. This
talk will present an overview of the new NIO features and improvements.

Speaker: Alan Bateman
Software Engineer at Sun Microsystems. Spec lead on JSR-203.

Speaker: Carl Quinn
Software Engineer at Google. E.g. member on JSR-203

http://youtube.com/watch?v=yNRS1ssLPdQ

Tags: ,

« Older Entries

© 2013 Java Competence Network. All Rights Reserved.