Dominik Schadow

Category: Java

  • Upcoming secure development for Java developers talks

    I‘ll be speaking about OWASP Top 10 and secure development for Java developers at DOAG SIG Security on March 20th 2012 in Munich. Two more talks about the same topic are scheduled for May 9th in Bern and May 10th in Zuerich at the Java User Group Switzerland. Hope to see you at one of…

  • Apache XML Security 1.5.0 released

    Apache Santuario 1.5.0 has been released. As the release notes point out, this release is not binary compatible with Santuario 1.4 any more. There are some really good updates included, of which I like that Xalan/Xerces are not required dependencies any more the most. Under the covers, support for Java 1.4 was dropped, and generics…

  • Java security updates – January 2012

    The Oracle Secure Coding Guidelines for the Java Programming Language are available in version 4.0 (probably already for a couple of days, couldn’t find any announcement). This version includes some hints for the latest Java 7 SDK. And John Melton announced the Year of security for Java with weekly (at least it looks like weekly…

  • EGit 1.1 pushes only the active branch by default

    As it turns out, there is already a fix in EGit 1.1 for the unexpected EGit behavior I described here and here. The new default for EGit 1.1 is to only push the active branch via Push to Upstream in case there is no explicit default spec. More is not possible at the moment due…

  • EGit pushes all local branches when no explicit RefSpec is found – Update

    As it turns out, some parts of yesterdays' post are not correct: The description of the behavior I expect was OK, but EGit behavior is not correct at all. Have a close look at the Git push spec and the sentence in bold: The special refspec : (or +: to allow non-fast-forward updates) directs git…

  • EGit pushes all local branches when no explicit RefSpec is found

    Cloning a Git repository with EGit 1.0 and no further configuration causes some unexpected behavior. The moment you clone a repository, say from GitHub, everything is set up for you, and you are ready to push and pull. And since you fully adopted the Git workflow, you do create a new branch for every bug…

  • My session at the Java Forum Stuttgart

    My session for the upcoming Java Forum Stuttgart, Push up your code – next generation version control with (E)Git, was accepted! May session takes place at 12:15 p.m. (D4). As you can probably guess, it is about Git, especially about the Eclipse version EGit. The slides are in English, but I'll be speaking German. See…

  • Eye on EclipseCon 2009

    EclipseCon 2009 is over, and it has been great! A lot of things to learn, and even more people to meet. This was my first EclipseCon, and it couldn't have been any better! Monday started with some great tutorials: Building Commercial-Quality Eclipse Plug-ins in the morning and Advanced Eclipse Rich Client Platform in the afternoon.…

  • A whole bunch of new XML Security working drafts

    The W3C XML Security Working Group has released eight first public working drafts last week, from updated XML Encryption 1.1 and XML Signature 1.1 specifications to even some new ones. Among others, these drafts include revisions to XML Signature and XML Encryption to support new algorithms and a new document proposing simplifications to the XML…

  • Best Practices für XML Signatures

    Das W3C hat vor einigen Tagen unter http://www.w3.org/TR/2008/WD-xmldsig-bestpractices-20081114/ eine Sammlung von 16 Best Practices für die digitalen Signaturen mit XML veröffentlicht. Noch ist es ein Working Draft (d.h. Kommentare sind bei der Working Group willkommen), aber ein erster Blick darauf kann keinem schaden, der mit XML Signatures zu tun hat. Generell geht es mit den…