You are here: Bens IT-Comments
Bens IT-Comments Posts
As an Apache Shiro PMC member, I have occasionally contact to cryptographic functions. For example, Shiro 1.x allows hashed passwords in your shiro.ini
configuration.
Now, everyone should know by now that just hashing (and salting) a password is not a good protection against brute force attacks. Even with hundreds or thousands of iterations, such a password can be prone to brute force attacks nowadays. This it is not a surprise that Lez Hazlewood (the original creator of Apache Shiro) had the idea to add an bcrypt implementation.
If you use OpenLiberty Java Application Server, you should be careful when maintaining a cipher list. See what happens if you are not careful. Now,…
The Release of Apache Shiro 1.7.1 is out. Why I blog about this? I have been a commiter for the Apache Shiro project for a while now and recently became PMC member. 😊
Read on for information what has changed in Apache Shiro 1.7.1.
The Apache Maven team is pleased to announce the release of the Apache Maven JLink Plugin, version 3.1.0.
This plugin is used to create a JLink distribution using Maven. It is as easy as creating a jar file, but will instead create a zip file containing a reduced Java Runtime along with a launcher script, as well as the actual application of course. A JLink zip file is therefore platform dependent.
Whenever you pull in SnakeYAML (either directly or via Jackson), you will break your modulear builds. The reason: SnakeYAML is a named automatic module. But then, automatic modules cannot be used in jlink
images.
But this can be healed. You can rescue your builds using the moditect-maven-plugin
. It is a little hard to use, as the documentation is very technical. It also has few examples, and the documentation does not explain when to use which goal, and how to proceed. So, if you want to see a simple example, read on! 🙂
If you want to integration-test your Maven project, you might already use GitHub Actions.
Testing with a Maven toolchain is a little more complex to set up. This tutorial will show how I did this for the maven-jlink-plugin.
I recently created a new OpenPGP key for my Apache (ASF) account. Of course I wanted to sign it with my existing GnuPG key I have since 2007. To my surprise, it failed with these error messages:
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: signing failed: Invalid digest algorithm
gpg: signing failed: Invalid digest algorithm
It took me a few hours to figure out what’s wrong. Obviously something with SHA1, but GnuPG doesn’t tell you WHAT is wrong and HOW to fix it.
Have you ever wondered how your program will connect to other hosts?
Well, I can tell you the answer for Java (any version) and compare it to Python. It is a 90’s implementation, and there is not even a good way to fix it.
Here is a list of my top 10 OpenLiberty hidden features. They are not the “best” features by any means of »hidden knowledge«, but they are the most handy features I use regularly not everyone knows about. YMMV. 😉
Glowroot is a lightweighted but feature-rich java VM agent, which will allow you to collect and evaluate metrics from almost any VM. For larger setups, you might want to install a central collection instance. This guide covers how to set up Glowroot Central on OpenLiberty, a lightweigt and extremely fast Java Application Server (aka Servlet Container).