By Foojay.io
The podcast currently has 57 episodes available.
Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.
Guests
Jonathan Vila
https://www.linkedin.com/in/jonathanvila/
https://about.me/jonathan.vila
https://twitter.com/jonathan_vila
Brian Vermeer
https://www.linkedin.com/in/brianvermeer/
https://brianvermeer.nl/
https://twitter.com/BrianVerm
Erik Costlow
https://www.linkedin.com/in/costlow/
https://twitter.com/costlow
Content
00:00 Introduction of topic and guests
01:35 Brian: Why is Log4Shell still around?
https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/
03:24 Outdated dependencies are still used a lot
04:31 Who is responsible for dependency updates?
07:55 Snyk tools to help discover issues
10:15 Comparing to Dependabot
11:21 How to keep dependencies up-to-date
14:32 Responsibility to use dependencies with care
17:17 Looking forward to the JFall conference
18:48 About Foojay
19:49 Jonathan: Is SQL injection still a problem?
https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/
24:50 Deserialization injection
27:30 Logging injection
31:22 Even experienced developers make mistakes
33:17 About Sonar tools
35:53 Other articles by Jonathan
https://foojay.io/today/author/jonathan-vila/
https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/
38:20 Other security tools
https://www.youtube.com/watch?v=-wVCYj8oQUY
39:47 Erik: Trash Pandas are attracted by unused code
https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/
43:01 How bad are insecure but unused libraries?
45:16 Problem of code only used by unit tests
47:15 Testing in different layers (develop, test, production)
49:31 How much code is not used in production?
50:31 How code becomes unused
https://foojay.io/today/foojay-podcast-57/
54:29 Conclusions
OpenJDK (Java) 23 is here! This version introduces three new features to the language and runtime, many bug fixes, small improvements, and a longer list of preview features. What are the most important facts about this release? Let's find out...
GuestsSimon Ritterhttps://webtechie.be/tags/jfx-in-action/
1:06:18 Conclusions
In this Foojay podcast, we enter the world of mathematics by discussing Vectors and how they are crucial for AI and machine learning. As ChatGPT explains: "A Vector is a mathematical structure that holds numerical values. Vectors are fundamental to the field of Artificial Intelligence, as they allow mathematical operations to be performed efficiently and form the basis of many machine learning algorithms." OK, but how are these vectors crucial for the whole Artificial Intelligence evolution?
This is the last podcast of season 3, we're taking a summer break and will be back in September with the release of Java 23 and much more OpenJDK-related topics!
00:00 Introduction of the topic and guests
01:57 What is a Vector?
https://github.com/openai/tiktoken
https://arxiv.org/abs/1301.3781
https://towardsdatascience.com/word2vec-research-paper-explained-205cb7eecc30
https://github.com/jbellis/jvector
07:14 Vectors explained as a game
A fun and absurd introduction to Vector Databases: https://www.youtube.com/watch?v=mQGf9hWTqSw
09:44 Understanding tokenizers
10:40 Do we need dedicated Vector databases?
13:39 Vectors, LLMs and hallucinations
Crafting your own RAG system: Leveraging 30+ LLMs for enhanced performance by Stephan Janssen: https://www.youtube.com/watch?v=9PX5l4ETn0g
20:40 How LLM and chat interfaces are used in companies
https://www.bbc.com/travel/article/20240222-air-canada-chatbot-misinformation-what-travellers-should-know
23:45 Indexing all of Wikipedia
https://foojay.io/today/indexing-all-of-wikipedia-on-a-laptop/
Demo application: https://jvectordemo.com:8443/
https://openjdk.org/projects/panama/
27:23 Evolutions in Java for vectors, LLMs, and AI
Vector API (Eighth Incubator): https://openjdk.org/jeps/469
Foreign Function & Memory API: https://openjdk.org/jeps/454
32:44 Is the GPU needed for vector use cases?
35:04 Can we already use the incubator Vector API in production?
38:27 Some predictions...
Colbert project: https://github.com/stanford-futuredata/ColBERT
https://thenewstack.io/overcoming-the-limits-of-rag-with-colbert/
44:19 Make your vectors smaller to make them more efficient and less expensive
https://www.sciencedirect.com/topics/engineering/vector-quantization
https://huggingface.co/blog/embedding-quantization
https://foojay.io/today/visualizing-brain-computer-interface-data-using-javafx/
Asteroids 3D in JavaFX made from AI Deep Fake Audio data: https://www.youtube.com/watch?v=vFThM9BoTLg
49:19 Outro
As a backend developer, you may not realize that Java was initially born on embedded devices like set-top boxes and gateways. We discussed this topic for the first time almost three years ago in Foojay Podcast #2 with James Gosling, Johan Vos, Erik Costlow, and Frank Delporte (https://foojay.io/today/foojay-podcast-2/).
In this episode #55, we look into the history of the Java Micro Edition and how things evolved. Nowadays, with processors becoming increasingly powerful, we can run the exact same Java runtime on any Linux system, from the biggest cloud servers to the smallest Raspberry Pi Zero. Let's find out what can be done with Java in the embedded world.
Robert von Burg
DaShaun Carter
Pavel Petroshenko
00:00 Introduction of the topic and guests
04:53 Java is running on more devices than we can imagine
06:18 History of Java ME
https://www.oracle.com/java/technologies/javameoverview.html
https://en.wikipedia.org/wiki/SavaJe
Jasper S20: https://vimeo.com/198239375
Jasper S20: https://www.phonescoop.com/articles/article.php?a=77&p=1498
15:55 Java on modern embedded devices
22:25 Are modern embedded devices still "embedded"?
25:24 Current modern Java is perfect for embedded uses
https://www.pi4j.com
30:10 How Java moved to ARM on Mac and cloud
34:48 Green Computing = Reducing costs
Presentation by Miro Wengner: https://www.youtube.com/watch?v=zP4xeeY3HIA
https://thenewstack.io/which-programming-languages-use-the-least-electricity/
37:47 Recent Java evolutions impacting embedded use
41:51 Is there a need for real-time Java?
LED strips with Java: https://www.pi4j.com/examples/jbang/pixelblaze_output_expander/
49:44 Spring IO presentation by DaShaun
https://2024.springio.net/sessions/spring-boot-on-the-edge
51:38 Java on RISC-V
https://riscv.org/blog/2024/04/java-21-and-22-now-available-on-risc-v-a-collaboration-between-rise-and-eclipse-adoptium
53:27 More details about the product Robert develops with Java
https://www.pi4j.com/featured-projects/soft-real-time-plc-written-in-strolch/
https://strolch.li/
59:09 Network alternatives on embedded (e.g. LoRa)
1:03:42 What will the future bring to embedded Java?
Pi4J Spring Boot: https://www.youtube.com/watch?v=I62IviQLNts
https://openjdk.org/projects/leyden/
https://openjdk.org/projects/crac/
1:09:07 Conclusion
MIDI is a universal standard for communicating between musical instruments and computers. Within OpenJDK, there is a whole Java package dedicated to MIDI communication and data handling. Is it up to date? Are there better approaches now? And what can we do with music, Java, and Kotlin? Let's find out...
Guests00:00 Introduction of the topic and guests
04:27 What is MIDI?
Learn more about MIDI and the javax.sound implementation in OpenJDK:
https://docs.oracle.com/javase/tutorial/sound/overview-MIDI.html
https://docs.oracle.com/en/java/javase/21/docs/api/java.desktop/javax/sound/midi/package-summary.html
https://github.com/openjdk/jdk/tree/master/src/java.desktop/share/classes/javax/sound/midi
https://www.baeldung.com/java-packages-vs-javax
09:53 MIDI Polyphonic Expression (MPE)
https://roli.com/mpe
https://midi.org/midi-polyphonic-expression-mpe-specification-adopted
https://midi.org/insights
11:23 Instruments require real-time systems
15:18 Why Atsushi used Kotlin for ktmidi
https://github.com/atsushieno/ktmidi
https://github.com/jazz-soft/JZZ
https://github.com/thestk/rtmidi
Applications created with ktmidi: https://github.com/atsushieno/ktmidi/discussions/14
https://play.google.com/store/apps/details?id=org.androidaudioplugin.resident_midi_keyboard&pli=1
23:31 Using ktmidi with JavaFX and the benefits of Kotlin
https://melodymatrix.rocks
25:00 Geert sticks to Java and loves the 6-month releases
27:24 Apps created by Geert for various Apple devices
https://uwyn.com/midiwrist-unleashed
31:11 Atsushi uses MIDI to develop audio plugins
32:34 About Geert found back his love for Java and created Rife2 and BLD
https://rife2.com
https://rife2.com/bld
https://software.moogmusic.com/store
Erik Thauvin https://www.linkedin.com/in/ethauvin/
43:13 How things just happen and finding a good open-source approach
https://codewithrockstar.com
https://webtechie.be/post/2024-06-18-jfxinaction-christopher-schnick
https://www.jdeploy.com
50:46 Conclusions
This is the final part of the JCON interviews. Did I save the best for last? It's up to you to decide. In this episode, you'll hear Simon Martinelli, Nicolas Fränkel, Marcus Hellberg, Rick Ossendrijver, and Abdel Sghiouar. We talked about a bunch of topics, like evolving your APIs, GraphQL, Java versus Kotlin versus Rust, Vaadin, AI and ChatGPT, OpenRewrite, ErrorProne, Infrastructure, and a lot more.
Content00:45 Simon Martinelli – Talks about CQRS, REST, APIs, JOOQ, Vaadin
https://www.linkedin.com/in/simonmartinelli
09:08 Nicolas Fränkel - Talks about evolving your APIs, versioning an API, GraphQL, CQRS, REST, ProtoBuffers, Java versus Kotlin versus Rust versus …
https://www.linkedin.com/in/nicolasfrankel
19:11 Marcus Hellberg – Talks about Vaadin, Web development with 100% Java, AI and ChatGPT
https://www.linkedin.com/in/marcushellberg
31:27 Rick Ossendrijver – Workshop and Talk about OpenRewrite and ErrorProne, Code analysis
https://www.linkedin.com/in/rick-ossendrijver
35:48 Abdel Sghiouar – Talks about Infrastructure, Gateways, and Proxies, Java Community in Morocco, Devoxx Morocco
42:15 Conclusion
This is part 4 of the JCON interviews. In this episode, we have 5 new guests for you. We start with garbage collectors and Intelligence Cloud, a tool created by Azul to find out which of your code is actually used in production and which dependencies are known to have vulnerabilities. My colleague Gerrit Grunwald was at JCON to give a talk about these subjects. With Balkrishna Rawool we dove into Virtual Threads, a very interesting topic as concurrency and threads can be challenging... Piotr Przybyl came to JCON to give a talk about Test Containers and how to test your application in an environment that is similar to your production environment. Another important topic related to testing is Flaky Tests. How do you handle tests that only fail from time to time and make your whole test report unreliable? François Martin had a talk about this subject, and he came to the conference together with Annelore Egger, who was one of the many volunteers.
Content00:37 Gerrit Grunwald: Talks about Garbage collectors, What is Intelligence Cloud and how can you find out which of your code is actually used in production and which dependencies are known to have vulnerabilities
https://www.linkedin.com/in/gerritgrunwald
09:55 Balkrishna Rawool: Talks about structured concurrency, virtual threads, what will come in the next Java releases
https://www.linkedin.com/in/balkrishnarawool
18:00 Piotr Przybyl: Talks about Test Containers, ToxiProxy, how to test your applications in an environment that is similar to your production environment.
https://www.linkedin.com/in/piotrprzybyl
29:23 François Martin: Volunteer JCON + Talks about Flaky Tests, how to handle waits in unit tests, how to do user interface tests, how to reproduce flaky tests.
https://www.linkedin.com/in/fran%C3%A7oismartin
26. Annelore Egger: Volunteer JCON + Visitor + the Java comm
https://www.linkedin.com/in/annelore-egger-244879188
This is part 3 of the JCON interviews. In this episode, Frank meets Otavio Santana, who recently wrote the book "Mastering the Java Virtual Machine." At JCON, he talked about the persistence layer and how you can evolve your career. You'll also learn more about Jakarta EE, GlassFish, and a PET project with messaging via Telegram.
Content00:42 Otavio Santana: Book Author, Talks about the persistence layer and evolving your career thanks to open-source.
https://www.linkedin.com/in/otaviojava
08:44 Arjan Tijms: Jakarta EE, Eclipse Foundation, Which version of Java to use
https://www.linkedin.com/in/arjan-tijms-1214aa1b1
17:08 Ondro Mihalyi – Jakarta EE, Eclipse GlassFish, Creating small Java applications, Edge devices
https://www.linkedin.com/in/mihalyiondrej
24:09 Buhake Sindi – Talks about Jakarta EE in the cloud, Comparing Jakarta EE to other frameworks, Java community in South Africa
https://www.linkedin.com/in/buhake-sindi
31:50 Patrick Baumgartner – Swiss community, Talks about a PET project with messaging via Telegram
https://www.linkedin.com/in/patbaumgartner
This is part 2 of the interviews we recorded at the JCON conference earlier this month in Germany. In this episode you get two main topics: Maven and Code Quality. In the first part, you'll hear Karl Heinz Marbaise and Steve Pool about the Maven project, the repository, Sonaytype and the security impact of dependencies. But next to security, we as developers are also responsible for the creation of readable and maintainable code. Miro Wengner, Marit van Dijk, and Hinse ter Schuur dive into this topic.
00:28 Karl Heinz Marbaise: Apache Maven version 4, Sonatype, Maven Repository
https://www.linkedin.com/in/khmarbaise/
09:59 Steve Poole: Sonatype, The many languages running on the JVM, The possible impact on a company of getting hacked, Talks about software supply chain security, Maven, SBOMs,…
https://www.linkedin.com/in/noregressions/
27:44 Miro Wegner: Talks about Disciplined Engineering
https://www.linkedin.com/in/mwengner/
34:52 Marit van Dijk: Talks about IntelliJIDEA, reading code, and AI Assistant
https://www.linkedin.com/in/maritvandijk/
43:50 Hinse ter Schuur: Being a sustainable developer, Talks about code reviews, merge requests, and branching
https://www.linkedin.com/in/hinseterschuur/
On Tuesday, May 14th, the Foojay Podcast went live at the JCON conference in Cologne, Germany, to talk with speakers and visitors about all things Java. We had so many amazing talks that we will combine them into several podcast episodes in the next weeks. This is part 1!
00:26 Geertjan Wielenga: Founding father of Foojay.io
https://www.linkedin.com/in/geertjanwielenga/
01:18 Markus Kett: Organizer JCON and JUG Oberpfalz
https://www.linkedin.com/in/markuskett/
04:47 Richard Fichtner: Organizer JCON and JUG Oberpfalz
https://www.linkedin.com/in/richardfichtner/
07:04 Jonathan Vila: Organizing Communities, JUGs, and events + Sonar, how can tools be both available for free and still make a profit as a company
https://www.linkedin.com/in/jonathanvila/
14:55 Soham Dasgupta: Community spirit, Talks about Generative AI
https://www.linkedin.com/in/dasguptasoham/
21:29 Mary Grygleski: Volunteer at JCON, Organizing Chicago JUG, Talks about Generative AI
https://www.linkedin.com/in/mary-grygleski/
30:16 Mohammed Aboullaite: Java and Machine Learning and training models
https://www.linkedin.com/in/aboullaite/
37:16 Simon de Groot and Richelle Bussenius: Organizing NLJUG, conferences, communities, and Masters Of Java
https://www.linkedin.com/in/simon-de-groot-ab832a169
https://www.linkedin.com/in/richellebussenius
The podcast currently has 57 episodes available.
260 Listeners
279 Listeners
931 Listeners
40 Listeners
637 Listeners
3,084 Listeners
198 Listeners
1,467 Listeners
8 Listeners
976 Listeners
5 Listeners
926 Listeners
61 Listeners
5,194 Listeners
1,656 Listeners