New Jackson 2.10 was released on Sep 26th, 2019. Everyone who uses the library and also scans their applications for known vulnerabilities knows about the problem with endless CVEs that have been reporting against Jackson. Let’s try to understand what makes an application vulnerable and how the new version of Jackson can help to prevent deserialization vulnerabilities.
Moving to a new country doesn’t sound like the hardest thing to do. There are harder tasks such as researching dark matter and energy or maybe crochet. However, moving abroad doesn’t sound like the easiest exercise either. When you move to a new place, you usually need to learn many new and not always easy things. Those may be laws, traditions, cultural differences, and of course, the language in which people speak in the country. Otherwise, you may end up living in a bubble.
Java 13 was released on Sep 13th, 2019. Although the new Java doesn’t contain major updates in security libraries, nevertheless it has several notable updates in the TLS implementation. Let’s take a closer look at how Java 13 helps to make your TLS connections faster and more secure.
Java 13 is going to be released on Sep 17th, 2019. Besides ~2300 bug fixes and small enhancements, the new version of Java contains 5 major enhancements which are also called JEPs (Java Enhancement Proposals). Let’s take a closer look at these major updates: text blocks, switch expressions, re-implemented the legacy Socket API, updates to ZGC and dynamic CDS archives.
In one of the previous posts I briefly described sending data to Google Sheets from a ESP32 board using MicroPython. As I mentioned earlier, the code is available on GitHub. Here are the main features:
The Google Sheet doesn’t need to be publicly available on the Internet. The device doesn’t require any middleman such as PushingBox or IFTTT.
In this post, let’s focus a bit on technical details.
On a wonderful weekend in summer time, instead of going out to a beach or somewhere else, I was staying at home and wondering if it’s possible to send data from an ESP board to a Google sheet using my favorite MicroPython. Let’s say it can send temperature and humidity measured by a DHT22 sensor. That’s how the project started.
(this post contains a brief description of the project, more technical details can be found in the next post)
The transistor delay circuit may be helpful to learn some electronics basics. The circuit is pretty simple. It only contains a transistor, a capacitor, several resistors, a switch and an LED. The circuit uses an RC filter to turn an LED on with a little delay. Let’s see how we can choose elements for the circuit, and how the delay depends on parameters of the elements.
Increasing living space unavoidably results in filling up the new available space. In the end of last year I moved to a bigger apartment. Since I still have the same furniture, the unused space and volume keep bothering me. In the winter I built a shelving and now I store some useful stuff on it. In spring I got an idea to make a small garden at home. On weekend I built several wooden boxes, and put cherry tomatoes, onions and dill into it. But then I thought it’s not enough. I bought a couple of plastic containers and put more tomatoes. But I thought even that was not enough, and I got an idea to make a hydroponic system.
Let’s take a look what is inside Java 12. The new Java release contains less major enhancements than the previous version: 8 JEPs in Java 12 vs 17 JEPs in Java 11. As you of course remember, JEP stands for JDK Enhancement Proposal. Java 11 also had more closed entries in Jira: ~2700 in Java 11 vs ~2400 in Java 12. But it’s only mid of Feb 2019, maybe they can deliver 300 Jira entries by Mar 19th 2019 when Java 12 is planned to be released. Now let’s take a closed look what is in Java 12.
Continue readingNowadays more and more companies provide web APIs to access their services. They usually follow REST style. Such a RESTful web service looks like a regular web application. It accepts an HTTP request, does some magic, and then replies with an HTTP response. One of the main differences is that the reply doesn’t normally contain HTML to be rendered in a web browser. Instead, the reply usually contains data in a format (for example, JSON or XML) which is easier to process by another application.
Unfortunately, since a RESTful web service is still a web application, it may contain typical security vulnerabilities for web applications such as SQL injections, XXE, etc. One of the ways to identify security issues in web applications is to use web security scanners. Fortunately, since a RESTful web service is still a web application, we can use web security scanners to look for security issues in web APIs.
There are several well-known web security scanners. One of them is w3af created by Andres Riancho. I’ll focus on this scanner in the post.