So as a devops engineer on my company. I have tried using eclipse-temurin:17-jre-jammy and eclipse-temurin:17-jre java versions as base image for dockerfile but as i scanned the built image using trivy i found tons of vul nerabilities ob both. So what are the other alternatives for me ?
Apologies for the java interface, but i needed it outside of the scala bubble. Still eminently usable from scala, and still native image-safe.
There are three layers to this:
Lombok, Jakarata
Any special reason?
I'm thinking about building a business in which companies pay a fee per service/complexity and everytime a new Java LTS is released we update the service to the most updated dependencies.
Do you think is worth it? Would you be interested?
I've worked a lot with java but i never come to use any of these.
https://www.graalvm.org/latest/reference-manual/native-image/
https://www.reddit.com/r/java/comments/1lo8495/java_treeshaking_with_compile_time_di/
I saw a recent announcement that Quarkus supports tree shaking.
Is this specific to quarkus or it is coming from the GraalVM actually?
Does spring boot has something similar?
If you are using, which are your use cases?
Just shipped v0.7.0 of Bob (https://github.com/jonas-grgt/bob), a lightweight builder generator for Java.
New since v0.6.0:
I've built a free online Maven download tool that helps developers download Maven JAR dependencies along with all their transitive dependencies as a single ZIP file.
Why I built this: I needed to regularly download Maven JARs and their transitive dependencies for my projects that has tons of dependencies and whenever I add a new feature and its dependencies change, I need to download newly added dependencies with their transitive dependencies. I used to use other tools (jar-download.com) but it is paid now, so I created a completely free, open-source alternative that doesn't store any data and works entirely client-side.
Live Demo: https://maven-tools.mohants.com/
GitHub: https://github.com/pmg1991/maven-tools
Client-side dependency resolution : It happens entirely in your browser
Transitive dependency resolution : Automatically resolves all transitive dependencies including parent POMs
Version conflict resolution : Uses depth-based conflict resolution (shallowest depth wins) same as mvn
Dependency tree visualization : Displays hierarchical dependency tree with conflict information and direct download links
ZIP download : Download all resolved JARs as a single ZIP file
No data retention : Your XML is never stored - everything happens client-side
Netlify Edge Functions : Serverless proxy for Maven Central with streaming support
The tool is completely free, open-source (MIT License), and doesn't store any of your data. Give it a try and let me know what you think!
Edit: fixed markdown first time posted something using markdown
Oracle recently announced "Monthly Critical Security Patch Updates" (CSPUs).
Will this influence how the JDK handles releases and vulnerability disclosure?
Uma coisa que sempre me chama atenção é como a área de tecnologia, especialmente desenvolvimento de software, tem um impacto enorme na sociedade, mas ainda parece pouco organizada como profissão.
Médicos têm CRM. Advogados têm OAB. Dentistas têm CRO. Engenheiros tradicionais têm CREA. Essas áreas possuem conselhos, códigos de ética, critérios mínimos de formação, responsabilidade profissional, fiscalização e alguma representação formal da categoria.
Mas em software, a situação parece muito diferente.
Um sistema mal feito pode causar prejuízo financeiro, vazamento de dados, falha em serviços públicos, problemas em bancos, saúde, segurança, transporte, educação e até decisões automatizadas que afetam diretamente a vida das pessoas. Mesmo assim, a profissão muitas vezes é tratada de forma muito genérica, como “TI”, “programador”, “analista”, “engenheiro”, “consultor”, sem uma estrutura profissional clara.
Não estou dizendo necessariamente que deveríamos copiar o modelo da OAB, CRM ou CREA, nem que criar mais burocracia resolveria tudo. Mas me parece estranho que uma profissão com tanto impacto tenha tão pouca organização formal.
Algumas perguntas que ficam:
Por que a área de software nunca se organizou de forma mais forte como categoria profissional?
Seria porque tecnologia muda rápido demais?
Porque o mercado é global e difícil de regular localmente?
Porque existem muitos caminhos de entrada na profissão, com ou sem faculdade?
Porque as empresas preferem um mercado menos regulamentado?
Porque regulamentação poderia atrapalhar inovação?
Ou simplesmente porque a própria comunidade de tecnologia nunca teve interesse real em criar esse tipo de estrutura?
Ao mesmo tempo, sem organização, também surgem problemas: falta de padronização, exploração profissional, vagas com exigências absurdas, pouca clareza sobre responsabilidade técnica, dificuldade de definir senioridade, ausência de representação da categoria e pouca proteção para profissionais e usuários.
Na opinião de vocês, a área de software deveria ter algum tipo de conselho, associação forte, código de ética ou regulamentação mínima? Ou isso seria um erro e acabaria prejudicando a liberdade e a inovação da área?
Hey everyone!
It has been a while since the last update, but we have been working hard on making the Java bindings for SimpleBLE even more reliable for production environments.
For those who don’t know, SimpleBLE is a cross platform Bluetooth library with a very simple API that just works, allowing developers to easily integrate it into their projects without much effort, instead of wasting hours and hours on development.
We have been working on the Java bindings to make them feel more natural for developers and more robust to use in real applications. These are not flashy changes, but hopefully show our commitment towards becoming the trusted option for Bluetooth development for Java.
If you want to try it out, you can look at the SimpleJavaBLE examples on GitHub and see for yourself how easy it is to get started.
We added support for CompletableFuture wrappers around blocking operations. This should make SimpleJavaBLE much easier to fit into the rest of an application using async flows without having to build extra wrappers first.
We also made an important change to the JNI layer. JNI API calls are now safely wrapped so that C++ exceptions are caught and bubbled up as Java RuntimeExceptions instead of crashing the JVM.
Another small change that makes the bindings nicer to work with is that EventListener interfaces now provide default empty implementations, so if you only care about one callback, you can implement that one and move on.
We also cleaned up a few rough edges across platforms. The missing macOS x64 .dylib artifact is now fixed, JNI symbol issues have been resolved, and the jvm.dll initialization conflicts some users were seeing on Windows have been addressed.
SimpleBLE is licensed under the Business Source License 1.1 (BUSL 1.1) and is free for non commercial use. We gladly offer free licenses for small projects, so do not hesitate to reach out. Java licenses are currently on a special offer for companies interested in shaping SimpleJavaBLE, so if you are interested in a commercial license, hit us up!
If you’re building BLE products or projects, we’d love to hear from you.
Want to know more about SimpleBLE's capabilities or see what others are building with it? Ask away!
At work, we have a lot of projects with lots of dependencies and keeping them up to date by hand is tedious.
In my free time, I built this (open source) extension that scans the build.gradle, makes requests to Nexus or Maven Central to get the versions, and add a alt+enter option to update it.
Posting here if it can help anyone :)
Here it is: https://plugins.jetbrains.com/plugin/31755-gradle-dependency-updater
This is one of the common reddit comment I received for all jsp pages it's still the best things to do may be need a little bit of marketing
Could someone suggest the best way to process a large number of videos?Is it worth implementing this in Java, or would it be better to look into Python or C++ libraries instead?
The last couple of months, I ended up implementing idempotency in 2 different Spring Boot projects back to back.
As I was implementing it in the second project, I decided to look up any existing solutions/libraries for Java/Spring Boot, but I honestly couldn't find one that felt clean and flexible enough for what I needed (and what most people probably need).
So I decided to build my own and open source it.
I released it about a month ago:
Repository : https://github.com/josipmusa/idempotency4j
Maven spring boot starter : https://central.sonatype.com/artifact/io.github.josipmusa/idempotency-spring-boot-starter
The goal was to make idempotency implementations feel straightforward and easy, but also to not scope it only to spring boot or a certain storage implementation. The library has a core which can be used on any method with pluggable storage backends. It also has an integration with spring web (servlet-based for now) and a spring boot starter to simplify usage.
Usage example for a spring boot project:
@PostMapping("/payments")
@Idempotent
public ResponseEntity<Payment> createPayment(@RequestBody PaymentRequest request) {
// Runs exactly once per unique Idempotency-Key value.
// Subsequent identical requests get the stored response replayed.
return ResponseEntity.ok(paymentService.charge(request));
}
Right now it supports:
Curious whether others have run into this same problem and whether this library helps solve it for them.
Open to any feedback, suggestions, or reviews.
A prototype 3D learning platform where users can view 3D models, break them down and control them in the virtual space using hand gestures. A project that was made for learning purposes. The project can be used as a learning / demonstration tool, showcasing inner workins of a topic or breakdowns.
It uses the desktop camera to capture video feed using a python process (being executed by Java). The python process uses websockets to send gestures to the Java libGDX applciation, and it responds accordingly.
Github repo :- https://github.com/gufranthakur/IdeaSpace
Let me know if you have any questions!