Tarin Gamberini

A software engineer and a passionate java programmer

Ready To Use Java Dependencies Vulnerability Checker

Most of the Free Software and OpenSource consists of both new written source code and reused 3rd parties “binary” code. When we write a new software we usually make it depend on lots of 3rd parties libraries (such dependent libraries are also called dependencies).

In order to give an idea about how complex and deep the dependencies graph could be let’s suppose our new software has a direct dependency on the 3rd party library rampart-core-1.3 (on the left in the figure above). Such library itself depends on other 3rd party libraries. This second level of 3rd party libraries, with respect of our new software, includes libraries called transitive dependency. Now think that our new software might have lots of direct dependencies and figure out how many 3rd part dependencies its consist of.

Thanks to some Ready To Use Java Static Code Analyzers we know how to discover some bugs in source code, but what about bugs and vulnerabilities in 3rd parties dependencies?

Ready To Use Java Static Code Analyzers

A static code analyzer is a software which inspects a given source code, or compiled code, in order to discover problems of various kind, ranging from bugs to duplicate code, from performance to readability.

FindBugs, PMD and Checkstyle are three static code analyzers extremely easy to use.

Exploratory Refactoring

A landscape to explore

by Andrew Collins - CC-0

Exploratory Refactoring consists in a series of small changes to source code which are made by the programmer in order to better reflect his/her comprehension of explored code.

As exploration is a way to discover places by walking throughout them and by drawing a map, likewise Exploratory Refactoring is a way to discover what a piece of code does by reading it and by rewriting little part of it.

Exploratory Refactoring is a technique a developer, who works on a legacy codebase, might use to understand the codebase logic before actually starting with the actual refactoring.

Choose Your Font Or It Will Choose You

Last week a colleague of mine sat at my console to teach me how to solve a problem he had had using a (not so intuitive) client interface. He was amused by the character’s look in my IDE and he found funny I have chosen DejaVu Sans Mono font to write programs.

I think every programmer should have thought about which font to use, about once in his(her) professional life, both to be more productive and to reduce reading errors, and to relief eyes straining too.

I have bought a Libreboot T400 laptop

Libreboot is a free (free as in freedom) BIOS or UEFI replacement; Libreboot boot firmware that initializes the hardware and starts a boot loader for your operating system.

Libreboot logo
Libreboot logo

by Marcus Moeller - CC-0

My “Libreboot journey” had started when I had red the article:

The Free Software Foundation (FSF) today awarded Respects Your Freedom (RYF) certification to the Libreboot T400 laptop as sold by Minifree. The RYF certification mark means that the product meets the FSF's standards in regard to users' freedom, control over the product, and privacy.

RhinoScriptEngineFactory cannot be cast to ScriptEngineFactory

Recently I was asked to migrate a legacy web application from an old environment:

  • JBoss EAP 4.0.2
  • JDK 1.5 (Java SE Development Kit 5.0u22)

to a less old target environment:

  • JBoss EAP 5.0.1
  • JDK 1.6 (Java SE Development Kit 6u45)

Tests passed successfully and we put the migrated web application in production.

All was going well when suddenly the production log began to grow.