Contributing Improved Security to JavaMelody with Content Security Policy

JavaMelody is a web based monitoring tool frequently run in production environments, providing insights including CPU usage, hot spots in code, database connection pool utilization, and more. I’m always on the lookout for ways to improve security, so when a security scan pointed out that the JavaMelody web interface didn’t have a Content Security Policy … Continue reading Contributing Improved Security to JavaMelody with Content Security Policy →

Contributing to GitLab and Lighthouse CI

While running Lighthouse CI on GitLab CI, I came across a problem: Lighthouse CI wants information about the current git commit, but it couldn’t get all of that information. In that case, Lighthouse CI falls back to running the git command; however, in my docker images, I don’t have git installed nor did I want to do so. So, I set out to fix this shortcoming in both Lighthouse and GitLab by adding the necessary environment variable to GitLab CI and having Lighthouse use it. The result is that I submitted a PR to Lighthouse that was merged and included in Lighthouse CI 0.7.1 and an MR to GitLab that was merged and included in GitLab 13.11. Now users (including my future self) will have a smooth, Just Works™ experience with these two tools.

Fixing a Bug in Java

I discovered a bug in how Java handles file paths on Windows that has existed for 22 years. I reported the bug, JDK-8262277, then I submitted a pull request fixing the bug which got accepted. I also submitted pull requests to Spring (which were accepted for version 5.3.5) working around the bug so users of … Continue reading Fixing a Bug in Java →

Lighthouse Performance Testing

Lighthouse is a great way to establish a build-measure-learn feedback loop resulting in continuous value creation by testing ideas in the areas of SEO, performance, accessibility, and more. In this article, I’ll cover what Lighthouse is and how to add it a project with examples covering pure Javascript (node) projects and Gradle projects (with any … Continue reading Lighthouse Performance Testing →

Testing a Java application on Windows without Windows

Java is supposed to be “write once, run anywhere” but in practice, there are always platform differences that can and do result in bugs. For that reason, and because in general it’s a good idea to test as much as possible, it’s nice to run tests (even for Java applications) on multiple platforms. As evidence … Continue reading Testing a Java application on Windows without Windows →

java-httpclient-webclient-spring-boot-starter: Powering Spring’s WebClient with Java 11’s HttpClient

java-httpclient-webclient-spring-boot-starter is a library that I created to provide a quick and easy way to use Java 11’s HttpClient as Spring’s WebClient’s client HTTP connector. If you’re using Spring Boot 2.3 or later, it’s worth checking out.

Reproducible Builds in Java

Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code. https://reproducible-builds.org/ Reproducible builds are important and provide benefits in many areas, including: Security. Because the same input source code always provides the same output binary artifact, you know that no attacker modified the toolchain to inject vulnerabilities … Continue reading Reproducible Builds in Java →

Version Controlling Database Schemas and Data with Liquibase

Version controlling database schemas facilitates repeatable deployments and consistent environments. The alternative is have a human manually perform database modifications; since humans are human, we tend to make mistakes especially when performing repetitive tasks, and our time is also very expensive compared to that of machines, so automating database schema changes is superior approach. More … Continue reading Version Controlling Database Schemas and Data with Liquibase →