Christmas holidays is soon here but before that it's time to see what I've read this week. I've been playing with legacy Java EE 5 development and came across System Integrity Protection in OS X which prevents you of installing JDK 5. And on top of that I just wish I could run OC4J with JDK 5 on Docker as you can do for WebLogic 12.2.1. In security point of view there was startling announcement as Juniper Networks had found backdoor in their firewalls code. We also learn the basics of web accessibility and if you're not using dotfiles and you're on Linux or OS X, now is a good time to start.
Until next week, Happy Holidays!
Issue 5, 2015-12-23
Survey of essential tools/frameworks for the modern Java developer
Opinionated choices for modern Java developer.
Java EE Kick-off app
Java EE kickoff app is an app skeleton that demonstrates a couple of technologies:
JSF 2.1 views, CDI backing beans, JASPIC authentication, EJB services, Bean Validation, JPA models, Java EE 6 and H2 database.
What is the "System Integrity Protection" feature in El Capitan?
I was developing legacy Java EE 5 application and came across problems with installing JDK5 for OS X El Capitan. Turns out that even with root you can't modify certain directories. It's for your own protection. Annoying.
The web accessibility basics
List of absolute web accessibility basics every web developer should know about and which are extremely easy to implement but matter a lot. Next time you build something, consider incorporating those few things. (from WDRL 117)
3 Disasters Which I Solved With JProfiler
Interesting article of using JProfile to solve problems caused by using JPA and Hibernate.
WebLogic 12.2.1 on Docker
Interesting article with examples of how to run WebLogic 12.2.1 on Docker as I just played with Vagrant and Ansible for creating legacy Java EE 5 development environment with OC4J. Maybe in the future legacy environments are easier to manage as you can virtualize them more easily.
To think about
One Googler’s take on managing your time
If you don’t have time to read this... read it twice. The maker’s day is most effective in half-day or full-day blocks. Commit to protecting Make Time on your calendar including the time and place where you’ll be making, and ideally detail on what you’ll be making. That way, you know, it’ll actually happen.
Detect and disconnect WiFi cameras in that AirBnB you’re staying in
There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn.
Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA
Internal code review pays off for Juniper. This week Juniper Networks revealed in a startling announcement that it had found "unauthorized" code embedded in an operating system running on some of its firewalls, ScreenOS. As the terrific summary of the Juniper backdoor explains, it allowed attackers to take complete control of Juniper NetScreen firewalls. This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire when other hackers will piggyback on top of existing backdoor to build their own backdoor.
Instagram's Million Dollar Bug
tl;dr; Security researcher finds remote code execution vulnerability in Instagram which pivots to getting all kinds of data from AWS S3 but Facebook CSO plays it down to trivial and a thing which violates the poorly worded whitehat program rules. The point of this story is that Facebook fails on their bug bounty program as their actions show that it would be better just to "sell million dollar bugs on the black market for a million dollars" and not get threaten with legal actions for just being a good guy.
20+ Cheatsheets & Infographics For Photographers
Informatic cheatsheets for photographers covering various aspects of photography. Also a good resource for fresh and new ideas.