Security

OffHeap 73. Live from DevNexus 2022 in Atlanta

So we did it! We got together at the DevNexus Conference and produced a live show! With Okta’s super famous Matt Raible, and of course our own Danno Hinojosa (and Bob and I), we got together and talked Security (what does it mean to be secure in today’s day and age and how it has changed from 10 years ago)

So come and enjoy one of our most livelier shows as we quiz Matt and Danno on the most notorious vulnerabilities that has happened in the past 15 years! In all a very fun episode that we get to do live!

https://www.javaoffheap.com/datadog
We thank DataDogHQ for sponsoring this podcast episode

DO follow us on twitter @offheap
http://www.twitter.com/offheap

OffHeap 72. There’s a war going on…what does it mean for tech?

So there are slow news month, and there are some months where there’s so much news that is hard to comprehend. For one hand, we have seen the world opening up little by little again. There seems to be a good uptick of new in-person conferences and the Java ecosystem keeps moving on!

On the other hand, the world is changing rapidly and unexpectedly, and we find ourselves watching a new war unfold. There are ripples that happen in all parts of the world, and tech is not exempt. In this episode we talk about what’s happening in the tech space as the war between Russia and Ukraine unfolds (including companies stopping doing business, and open source vulnerabilities among others)

http://www.javaoffheap.com/datadog
We thank DataDogHQ for sponsoring this podcast episode

DO follow us on twitter @offheap
http://www.twitter.com/offheap

Conferences:
Oracle Live (Java Innovation March 22/24)
https://t.co/QaacSmzwAV

DevNexus (Apr 11)
https://www.devnexus.com

J on the Beach (Apr 22)
https://jonthebeach.com/speakers

SpringOne Tour
Chicago April 26-27
Toronto June 7-8
New York June 28-29
Seattle July 12-13
Bangalore September 13-14
Atlanta October 4-5
Amsterdam October 11-12

JFokus (May 2) (hybrid)
https://www.jfokus.se/

Microsoft JDConf (May 4) (online)
https://docs.microsoft.com/en-us/events/learntv/jdconf-2022/

GeeCon Krakow (May 11) (in person)
https://www.geecon.org/

Devoxx UK (May 11) (In person)
https://www.devoxx.co.uk/

jPrime (May 25) (in person)
https://jprime.io/

Spring I/O Barcelona May 26-27 (in person)
https://2022.springio.net/

Jnation (June 7) (in person)
https://2022.jnation.pt/

JBCN Conference (July 18) (in person)
https://www.jbcnconf.com/2022/

JavaZone (9/7) (in person)
https://2022.javazone.no/#/

SpringOne (12/6)
https://springone.io/

NetBeans 13 Released
https://netbeans.apache.org/download/nb13/index.html

Jakarta EE 10 Coming Soon
https://eclipse-ee4j.github.io/jakartaee-platform/jakartaee10/JakartaEE10ReleasePlan

JDK 18 Release (3/22)
https://jdk.java.net/18/release-notes

Google Sunsets Legacy G Suite
https://techcrunch.com/2022/01/28/google-will-let-legacy-g-suite-users-migrate-to-free-google-accounts/

Daylight Savings Time permanent?
https://www.cnn.com/2022/03/15/politics/senate-daylight-saving-time-permanent/index.html

Discussion:

Tech companies that left
https://www.cnet.com/news/politics/what-companies-have-left-russia-see-the-list-across-tech-entertainment-and-financial-institutions/

OffHeap 69. Ok, so the internet burned down with Log4J.

Hopefully you have had some time to R&R, but if you were in tech around Dec 2020, you heard that there was this massive security incident around Log4j. It affected almost everyone, from large to small companies, and if you work in Java, chances are that you might’ve to work on it too (and if you haven’t, it’s a good idea to double-check your code)

It has a severity of “10”, which is rare, and what makes it hard to ignore. If you want to understand what it was about, and how it got there, then take a listen. Learn how to patch against it, as we travel and dive into the mechanics and the missed opportunities that happened.

http://www.javaoffheap.com/datadog
We thank DataDogHQ for sponsoring this podcast episode

DO follow us on twitter @offheap
http://www.twitter.com/offheap

News
MicroProfile 5.0:
https://microprofile.io/

Eclipse IDE Release
https://www.eclipse.org/downloads/packages/release/2021-12/r

NetBeans 12.6 Release
https://netbeans.apache.org/download/nb126/index.html

Spring Native 0.11 Release
https://docs.spring.io/spring-native/docs/current/reference/htmlsingle/

Discussion

Log4j2
https://www.lunasec.io/docs/blog/log4j-zero-day/

It made CNN:
https://www.cnn.com/2021/12/13/politics/us-warning-software-vulnerability/index.html

Episode 49. End of Year Review… Oh, my, it has been an interesting year.

Ah, we got together with our usual suspects, and while our local Curmudgeon was enjoying his Old-fashioned, I was enjoying Cold Medicine. Even so, we went through the biggest events that happened this year, including the Oracle v Google debacle, The new copy-and-kill strategies from cloud providers, the proliferation of Java implementations, the re-emergence of Eclipse Foundation as a home for standards, and of course, the Java EE (reincarnated as Jakarta EE) saga.

It has been a great year, and we couldn’t have made it with our listeners. Thanks for listening to our podcasts. We have expanded our OffHeap family, so don’t forget to check all of our podcasts. And you can always drop off a line @offheap (https://twitter.com/offheap)

We thank DataDogHQ for sponsoring this podcast episode

DataDog Logo


DO follow us on twitter @offheap




Episode 46. On Clouds, 10x Developers, JDK Mystery Meats, and Python bytes!

Ah, “cloud wars” are getting interesting (we claim dibs on the movie title!). With Oracle losing their bid w/the Pentagon, and Microsoft also reaching out and partnering with Oracle, there is tons of interest in what’s going on.

But that’s not all! The twitters was set aflame by the 10x Developer twitter that has been going around (for the record, we think is mostly nonsense), and we dive into a hilarious take on what 10x developers are supposed to be.

We also dive into Gil Tene’s OpenJDK Mystery meat, and the threat of “just taking the latest Docker image”. It’s a sobering thought that sometimes even when you see the version of OpenJDK, it might not be the right thing due to the OS packaging, which in turn becomes a Docker reference image. In all a troubling precedent specially when Common Vulnerabilies and Exposures (CVE) are concerned.

Lastly, there are predictions that Python is going to overtake Java as the most used language in the TIOBE index. Of course this crowd will not just take that proclamation laying down. So we went into a heated discussion why and how it is (in our humble opinion) a little rushed to say that python is going to overtake Java in mere four years.

Tons of punditry, enough beer, and a whole lotta entertainment in this episode, so what’cha waiting for? Start listening now!

We thank DataDogHQ for sponsoring this podcast episode

DataDog Logo

We also thank OverOps for sponsoring this podcast episode

OverOps Logo


DO follow us on twitter @offheap





Episode 38. Of Big Hacks, Jakarta News, Who is running what on the JVM, and (Since is election season) CJUG running for a JCP Seat.

We start our episode by diving into that big China hack that seems to come out of nowhere. We then discuss the promise of RedHat for supporting OpenJDK 8. We then take a detour and check on Jakarta EE (how is it doing on Eclipse). After we dive into the Snyk report (what are people running on the JVM). Lastly, the Chicago Java Users Group is running for a seat at the Java Community Process (JCP) table! Do vote for them as we like them a lot!

 

We thank DataDogHQ for sponsoring this podcast episode

DO follow us on twitter @offheap

Episode 35. A bug in Java 9 and 10? Oh noes, Serializable is out! And now Microsoft took over GitHub. Lastly, EE Spec docs are not being transferred! (Now what?)

Oh my, there are so much news going on. Starting with a weird string concat bug in Java 9 and 10. We also see that Serializable is going to be removed (and hopefully there is an alternative for it), and we also dive into the ethics of Google as it turns down military contracts they are uncomfortable with. We also see Mission Control being open sourced and explore what that means (an opportunity for growth or a death knell for the product?).

Lastly we dive into a bit of a news where Oracle will retain the description of the EE specs and not transfer it to the Eclipse Foundation. What does that mean for Jakarta? All this and more in the full-to-the-brim episode!

We thank DataDogHQ for sponsoring this podcast episode

DO follow us on twitter @offheap

Episode 34. On twitter, IPOs, vulnerabilities, (Java)script name copyrights, and IBMs play on JVM Maintenance

So we start with Twitter news (change your password) to then dive into exciting news this month. There are a couple of notable IPOs and Aquisition including @pivotal, and @smartsheet. (Congrats!). We then take a detour onto Mesosphere raising $125 million (and talk about if all these valuations feel right?) to then see Cambridge Analytica disbanded. Oh, and think twice about naming something with “Java” in your app as Oracle seems to flexing more Copyright muscle. Lastly we see a new play from IBM where they will provide support for OpenJDK’s OpenJ9. What does this mean for Oracle and their commercial support? Only time will tell. But that doesn’t stop us from speculating about it! So take a listen to a fully charged Java OffHeap!

 

We thank DataDogHQ for sponsoring this podcast episode

DO follow us on twitter @offheap

 

Episode 32. On Java10, the next internet bubble and data breaches!

Yes, #Java10 is out, and #Java11 is on early release! Join us as we dive into Salesforce acquiring Mulesoft (at a cool 6.5 billion), and wonder…is the next tech bubble here? We then tackle Facebook and its privacy concerns and wonder, do we, as developers have a responsibility to help prevent this? Overall, a very charged episode worth listening!

We thank DataDogHQ for sponsoring this podcast episode

DO follow us on twitter @offheap

Episode 30. On Meltdowns, Payara, and the state of Java EE (with Eclipse’s Executive Director Mike Milinkovich)

What an eventful time for being a Software developer. We got a Meltdown, and a Spectre in our field to begin with, and we also have some interesting news brewing from Payara. But most importantly we secured an interview with no other than Eclipse Foundation’s own Executive Director Mike Milinkovich! He takes us into an inner tour of what’s going on with JavaEE (and the handoff between Oracle and the Eclipse Foundation). We talked on all topics EE, including namespaces, future names, clarifications on what is being open sourced and the relevancy of the JCP in today’s climate. In all, even if you think you don’t use Java EE (hint…you are probably using specs that are surviving under the EE umbrella…Json much?) you should take a listen!

DO follow us on twitter @offheap