0 Persons are tagged with #java

#java

One person like that
1 Shares
markus@libranet.de
Markus

Papst Franziskus I.

Franziskus I: In den vergangenen Stunden wurde die Insel #Java in Indonesien von einem starken #Erdbeben erschüttert. Ich spreche dieser geschätzten Bevölkerung mein Mitgefühl aus und bete für die Toten und Verletzten.

https://twitter.com/Pontifex_de/status/1595401787602714625

One person like that
One person like that
christophs@diaspora.glasswings.com
Christoph S

Project Zero: Gregor Samsa: Exploiting Java's XML Signature Verification

Earlier this year, I discovered a surprising attack surface hidden deep inside Java’s standard library: A custom JIT compiler processing untrusted XSLT programs, exposed to remote attackers during XML signature verification. This post discusses CVE-2022-34169, an integer truncation bug in this JIT compiler resulting in arbitrary code execution in many Java-based web applications and identity providers that support the SAML single-sign-on standard.

OpenJDK fixed the discussed issue in July 2022. The Apache BCEL project used by Xalan-J, the origin of the vulnerable code, released a patch in September 2022.

That is a really crazy exploit. So many levels of indirection.
#java #xml

https://googleprojectzero.blogspot.com/2022/11/gregor-samsa-exploiting-java-xml.html

4 Likes
harald@hub.volse.no
Harald Eilertsen

Java theory and practice: Urban performance legends, revisited

The Java language is the target of a lot of abuse for performance. And while some of it may well be deserved, a tour of message board and newsgroup postings on the subject shows that there is a great deal of misunderstanding about how a Java Virtual Machine (JVM) actually works. In this month's Java theory and practice, Brian Goetz pokes some holes in the oft-repeated performance myth of slow allocation in JVMs.

Old article, but quite an interesting read about the performance of memory management (and Garbage Collection in general) in the JVM compared to traditional, manual memory management as in C and C++.

#programing #memory-management #java #c++

7 Comments
christophs@diaspora.glasswings.com
Christoph S

August 05, 2022 – JabRef 5.7 Release

Citations can now also be looked up in the Biodiversity Heritage Library and we also added support to import Citavi backup files. A new filter for the Unlinked Files Search has been introduced to respect file ignore patterns defined in a .gitignore file in the search directory. We also improved the automatic detection of the library’s charset and fixed a couple of issues regarding the writing of XMP Metadata to linked files.

Notable UI improvements include the feature to drag and drop entries across libraries, by dropping them on the library tab. The “Automatic Field Editor” dialog was redesigned and polished by our GSoC mentee @HoussemNasri. There may be some issues left, feel free to report them in our issue tracker.

As we updated the full-text search engine to Lucene 9.3, JabRef will recreate the search index in the background on start. Be aware that switching back and forth between the current version and any older version will make JabRef repeat this process every time, and this will take a long time for huge databases with many linked files.

For a complete list of all our changes, take a look at the Changelog.

You can get JabRef as free software from FOSShub.

#JabRef #openSource #LaTeX #java

https://blog.jabref.org/#august-05-2022-%E2%80%93-jabref-5-7-release

3 Likes
quetzop1@diasp.org
Fritz-Ferdinand von Pinguin

I just came across a little annoyance. A while ago, I wrote an algorithm that uses the part-of-speech (POS) model from Apache OpenNLP:

@RequiredArgsConstructor
public class Algorithm {
    private final POSModel posModel;

    public String doSomething(String text) {
        POSTaggerME tagger = new POSTaggerME(this.posModel);
        String[] posTags = tagger.tag(new String[] {text});

        // .. do some further stuff to compute "res"
        return res;
    }
}

At the time, I haven't written any unit tests for it because of time constraints and the interfaces weren't finalized yet. Now, I want to change something, so I also fix this and write a unit test for this class. However, this design isn't very test-friendly: In order to test doSomething, I need a valid POSModel instance. So, I either download the POS model from somewhere and load it before the test, or I figure out how to mock the constructor of POSTaggerME. Dependency injection of POSTaggerME, however, isn't an option because POSTaggerME::tag changes the object's internal state, so this computation isn't thread-safe.

I went with the second option because it seems easier and it has less dependencies. I searched online a while and the only solutions I found either didn't tackle my problem or proposed to use the PowerMock library. Introducing a new library to solve this issue seemed a bit wasteful and deep inside me, I knew there're some design flaws in this class.

So, I decided to actually use my brain and think about it a minute. And suddenly, the solution seemed so clear: Instead of creating a new POSTaggerME object via constructor, I could simply inject a factory that helps me to create POS taggers. This removes this class' dependency on OpenNLP's test-unfriendly classes altogether:

@RequiredArgsConstructor
public class Algorithm {
    private final PosTaggerFactory posTaggerFactory;

    public String doSomething(String text) {
        POSTaggerME tagger = this.posTaggerFactory.getTagger();
        String[] posTags = tagger.tag(new String[] {text});

        // .. do some further stuff to compute "res"
        return res;
    }
}

Then, I can easily mock the tagger factory to return a mocked tagger instance, which exactly returns what I want:

public class AlgorithmTest {
    @Test
    public void testDoSomething() {
        PosTaggerFactory posTaggerFactory = Mockito.mock(PosTaggerFactory.class);
        POSTaggerME posTagger = Mockito.mock(POSTaggerME.class);
        Mockito.when(posTagger.tag(new String[] {"Test"})).thenReturn(new String[] {"NN"});
        Mockito.when(this.posTaggerFactory.getTagger()).thenReturn(posTagger);
        Algorithm algorithm = new Algorithm(posTaggerFactory);

        String output = algorithm.doSomething("This is a test");
        Assertions.assertEquals("........", output);
    }
}

#programming #java #testing #test #unittest #mock

berternste@pod.orkz.net
Bert Ernste

Stoomtrein in Wonoredjo (Java)

Foto van versierde stoomlocomotief

Wonoredjo (Java) Nederlands Indië 1930

In de serie stoomtreinen (op 4 en 5 mei onderbroken vanwege dodenherdenking en bevrijdingsdag) mag deze versierde locomotief, die ik vond in een oud familiealbum, niet ontbreken. Het gaat om een trein voor het transport van suikerriet. De trein is versierd vanwege het maalfeest, zo vermeldt het album. Op de website Java Post vond ik een uitgebreide beschrijving van dit oogstfeest.

#dutch-east-indies #indonesie #java #maalfeest #nederlands-indie #oogstfeest #plantage #plantation #railways #spoorwegen #steam-engine #stoomlocomotief #sugar-plantation #suikerplantage #train #trein

Originally posted at: https://blog.ernste.net/2022/05/07/stoomtrein-in-wonoredjo-java/