Can/Should I use parallel streams in a transaction context?

Java

Introduction

To make a long story short, you should not use transactions within a parallel stream. This is because each thread in the parallel stream has its own name thus it does participate in the transaction.

The Streams API is designed to work correctly under certain guidelines. In practice, to benefit from parallelism, each operation is not allowed to change the state of shared objects (such operations are called side-effect-free). Provided you follow this guideline, the internal implementation of parallel streams cleverly splits the data, assigns different parts to independent threads, and merges the final result.

Continue reading “Can/Should I use parallel streams in a transaction context?”

The Transient Keyword in Java and Its Use

This article is originally posted by me in Java Code Geeks with title

The Transient Keyword in Java and Its Use

I recently came a cross in a study project of one of my friends that are studding the basics of programming in Java some forgotten sensitive information printed in text files and remembered the transient keyword in Java.

The transient keyword in Java plays an important role in terms of security and can be very useful in “accidents” like the one above as it will prevent the transmission of sensitive information like for example passwords to files, JSON messages etc that will require serialization.

To cut the long story short, if you define any variable as transient, it will not be serialized unless you define it as static or final.

Lets see some examples bellow. Continue reading “The Transient Keyword in Java and Its Use”

Oracle’s Weblogic CVE-2019-2725 CRITICAL vulnerability allows spreading of sodinokibi ransomware

Malicious users are exploiting a vulnerability in Oracle WebLogic CVE-2019-2725 to install a ransomware called Sodinokibi.

Once executed, the Trojan creates the followoing file:
[PATH TO ENCRYPTED FILES]\[RANDOM EXTENSION]-HOW-TO-DECRYPT.txt and deletes Shadow Volume Copies and disables Windows startup repair.

Next, the Trojan encrypts files on the compromised server. The Trojan appends a random extension to encrypted files that is unique for each compromised computer and creates the a ransom note file in each folder containing encrypted files: [PATH TO ENCRYPTED FILES]\[RANDOM EXTENSION]-HOW-TO-DECRYPT.txt

The ransom note informs the user their files have been encrypted and provides instructions on how they may pay to have the files decrypted.

Unfortunately CVE-2019-2725 is very easy for attackers to exploit, as anyone with HTTP access to a WebLogic server could carry out an attack. Because of this, the bug has a CVSS v3.0 Base Score: 9.8 CRITICAL.

So how safe are you feeling when vising a Weblogic server app these days? :/

Apache NetBeans (incubating) 10.0 Released

nekobean the Apache Netbeans mascot

The Apache NetBeans proudly announced the release of Apache NetBeans (incubating) 10.0.

Finally the first Apache NetBeans incubating release with full support for Java SE, PHP and JavaScript development

You can download it here: https://netbeans.apache.org/download/nb100/nb100.html

Apache NetBeans (incubating) 10.0 constitutes all but the enterprise cluster in the Apache NetBeans Git repo, which together provide the NetBeans Platform (i.e., the underlying application framework), as well as all the modules that provide the Java SE, PHP, JavaScript and Groovy features of Apache NetBeans.

In short, Apache NetBeans (incubating) 10.0 is a full IDE for Java SE, PHP and JavaScript development with some Groovy language support.

New features of the 10.0 Release:

  • JDK 11 support
  • Miscellaneous Features
  • PHP

Continue reading “Apache NetBeans (incubating) 10.0 Released”

We are switching to ENGLISH

We decided to switch the blogs main language to english. Why?

Because programmers MUST know English!

To be able to act in a community or group we must able to share our ideas. Whether we like it or now English is the glue that ties all people together, hence we decided to adopt it here.

So sorry guys but we need to change 🙂

Apache Tomcat – Critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617)

Η ομάδα του Apache Tomcat έχει πρόσφατα επιδιορθώσει πολλές ευπάθειες ασφάλειας. Μια από αυτές θα μπορούσε να επιτρέψει σε έναν μη εξουσιοδοτημένο εισβολέα να εκτελέσει από απόσταση κακόβουλο κώδικα σε επηρεαζόμενους διακομιστές.
Continue reading “Apache Tomcat – Critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617)”

Java Quiz no1

Consider the following code

[code language=”java”]

public class JavaApplication4 {

/**
* @param args the command line arguments
*/
public static void main(String[] args) {

String testValue = "1";

try{
  testValue = "2";
return;
}catch(Exception e){

}finally{
testValue = "3";
}

}
}

[/code]

What will be the value of testValue at the end of execution?