java

Virtual Threads (Project Loom) – Revolutionizing Concurrency in Java

Posted by Alexius Dionysius Diakogiannis on in Core Java 0 Comment
Project Loom Virtual Threads in Java

Introduction

Concurrency has always been a cornerstone of Java, but as applications scale and demands for high throughput and low latency increase, traditional threading models show their limitations. Project Loom and its groundbreaking introduction of virtual threads redefines how we approach concurrency in Java, making applications more scalable and development more straightforward.

In this post, we’ll go deep into virtual threads, exploring how they work, their impact on scalability, and how they simplify backend development. We’ll provide both simple and complex code examples to illustrate these concepts in practice.

Continue reading “Virtual Threads (Project Loom) – Revolutionizing Concurrency in Java”

The Generational Z Garbage Collector (ZGC)

Posted by Alexius Dionysius Diakogiannis on in Core Java 2 Comments
An image for a blog post with the phrases JAVA 21 and GenZGC prominently displayed

The Generational Z Garbage Collector (ZGC)

The Generational Z Garbage Collector (GenZGC) in JDK 21 represents a significant evolution in Java’s approach to garbage collection, aiming to enhance application performance through more efficient memory management. This advancement builds upon the strengths of the Z Garbage Collector (ZGC) by introducing a generational approach to garbage collection within the JVM. Continue reading “The Generational Z Garbage Collector (ZGC)”

Introduction to Java Modules: A Comprehensive Tutorial

Posted by Alexius Dionysius Diakogiannis on in Core Java
A picture showing a scren with java source code

Java 9 introduces a new feature called Java Modules, which is part of the Java Platform Module System (JPMS). The Java Platform Module System, also known as Project Jigsaw, brings several benefits to Java developers, including smaller application distributables, encapsulation of internal packages, and startup detection of missing modules. In this tutorial, we will explore the basics of Java modules, their structure, and how to use them effectively. Continue reading “Introduction to Java Modules: A Comprehensive Tutorial”

Java 8 to Java 17: New Features and Hassle-Free Migration

Posted by Alexius Dionysius Diakogiannis on in Architecture, Core Java
Java 8 to Java 17

Java, the widely-used programming language, as it continues to evolve with each new release I still see companies and projects hesitating to transition from Java 8 to Java 17, the latest long-term support (LTS) release. This leads them into either using unsupported Java 8 versions or paying a heavy fee for support or for the usage of an alternative VM like Azul. The transition from Java 8 to Java 17 has brought about numerous enhancements and features that developers can leverage to create more efficient and robust applications. In this article, we will delve into the new features introduced in Java 17, compare them with Java 8, and provide best practices for migrating from Java 8 to Java 17. Continue reading “Java 8 to Java 17: New Features and Hassle-Free Migration”

Why Governments Need To Favor Open Source Software for Enhanced Security and Transparency

Posted by Alexius Dionysius Diakogiannis on in Open Source
illustration of a cogweel with a lock

As governments around the world grapple with the increasing reliance on technology for delivering citizen services and ensuring national security, the debate over adopting open source software has never been more critical. With recent instances of cyberattacks and surveillance, the need for transparent and secure government software is paramount. This article explores the importance of transitioning government software to open source and highlights key concerns, challenges, and benefits associated with this shift. By examining real-world examples, we aim to emphasize the significance of open source software in improving security, transparency, and trust in public institutions. Continue reading “Why Governments Need To Favor Open Source Software for Enhanced Security and Transparency”

How to install SonarQube locally or in production to check your code for vulnerabilities, performance and maintainability

Posted by Alexius Dionysius Diakogiannis on in Core Java, Open Source, Security
A picture with a teenager starring. the caption sais looking at your code after one year. Did I wrote that?

Introduction

From Wikipedia: SonarQube (formerly Sonar) is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security recommendations. SonarQube can record metrics history, evolution graphs and provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.). In other words it checks if what your team has written is secure, performs well, it is tested and easy to maintain.

Continue reading “How to install SonarQube locally or in production to check your code for vulnerabilities, performance and maintainability”

Spring Framework 6.0 goes GA

Posted by Alexius Dionysius Diakogiannis on in Spring

Spring Framework 6.0.0 is generally available from Maven Central now! It was quite some time since a major release last happened but this release focuses on 2023 for embracing current and upcoming innovations in OpenJDK and the Java ecosystem. At the same time, it is carefully designed it as a straightforward upgrade from Spring Framework 5.3.x

Continue reading “Spring Framework 6.0 goes GA”

Logging Failed and Successful Authentication Attempts with SpringBoot

Posted by Alexius Dionysius Diakogiannis on in Core Java, Security, Spring

Introduction

In the latest OWASP top 10 (OWASP Top 10:2021) list with, the well known standard awareness document for developers and web application security that represents a broad consensus about the most critical security risks to web applications, a mentioned is made regarding identification and authentication failures (A07:2021 – Identification and Authentication Failures). Previously known as “Broken authentication” it refers to the dangers a web application has from week authentication implementations. Bellow I am going to demonstrate the implementation of one of the counter measures which is to be able to log authentication attempts whether these are successful or not. Continue reading “Logging Failed and Successful Authentication Attempts with SpringBoot”

Don’t Abuse Java Parallel Streams

Posted by Alexius Dionysius Diakogiannis on in Core Java

A long long time ago I wrote an article regarding Can/Should I use parallel streams in a transaction context? that pointed out a part of the pitfalls regarding the erroneous usage of parallel streams. Recently I am seeing more and more usage of parallel streams with the false assumption that it will increase performance and not taking into account completely the potential issues. So let’s analyze the do’s and dont’s of parallel streams in Java. Continue reading “Don’t Abuse Java Parallel Streams”

[UPDATE] Log4j RCE 0-day vulnerability (CVE-2021-44228) mitigation actions

Posted by Alexius Dionysius Diakogiannis on in Security 3 Comments
CVE-2021-44228 - Log4j RCE 0-day mitigation

UPDATE 14/12/2021

I had an update from my very good friend and excellent consultant Stella Varvarigou in which she explained me that setting com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase to false does not fully mitigate the threat as it is possible to send the exploit code with the request.  [2]

Introduction

Apache Log4j, the most popular logging system, has announced a zero-day exploit CVE-2021-44228 on December 9, 2021 that results in remote code execution. Let’s analyze whys this happened and what can be done in order to mitigate the risk. Continue reading “[UPDATE] Log4j RCE 0-day vulnerability (CVE-2021-44228) mitigation actions”