Structured concurrency: will Java Loom beat Kotlin’s coroutines?

Kotlin and Java Loom: structured concurrency for the masses

Java, as slow adopter of new concepts is getting structured concurrency as part of the Loom project. This addition enables native support for coroutines (termed virtual threads) in Java. What does that mean for Java & Kotlin developers? Should we now all transform our existing code bases to support virtual threads? Or even jump back to Java?  We compare two approaches to do structured concurrency on the JVM: Java Loom’s virtual threads and Kotlin’s coroutines. As it turns out, Kotlin coroutines show to be more developer friendly, while Java Loom might have its sweet spot as part of Java libraries and frameworks. Want to know why? Buckle up, as we have a lot to talk about!

Read more →

Three Security Highlights For Terraform on AWS

So, you want to build your infrastructure in AWS and use Terraform for your Infrastructure as Code? And you want to do it securely? In this blog we highlight three things you should pay attention to from a security perspective: your IAM roles and trust relationships, your Terraform state, and your detection & monitoring. Of course, each of these topics deserve their own in-depth blog, but we’ll start highlighting three key touchpoints.

HashiCorp Terraform and AWS logos
HashiCorp Terraform & AWS
Read more →

Secure Deployment: 10 Pointers on Secrets Management

In a previous blog we talked about secure deployment. Secrets management is an important part of that. So what does that mean? In this blog we’ll give some pointers on how to do secrets management well in the perspective of a secure deployment. It’s easy to start saying “use tool X to store the secret” or “have all these detection tools in place!”, but that would lead to blind spots. Instead, let’s take a look at some pointers that would help you increase secret security holistically.

That’s a whole lot of secrets to manage…
Source: https://commons.wikimedia.org/wiki/File:Birn_Municipal_Bank_HQ_Safes.jpg
Read more →

From Build to Run: Pointers on Secure Deployment

Our experience with resources on secure deployment

Have you ever searched for resources on “Secure Software Deployment”? Most of the results revolve around the pentesting or putting security tools in your CI/CD pipeline. It would be the same as researching how to improve your cake baking skills, but end up with manuals of kitchen appliances. We want to address this gap: in this blog, we want to give you key pointers for a secure deployment.

person holding black fruit near cake for secure deployment analogy
You definitely want to protect this cake from malicious actors by ‘deploying it securely’ 🙂

So, what should you think of? We’ll start with a few aspects that we believe are important to think of when you work on a secure deployment. After that, we will touch upon the areas that you need to work on to actually achieve it. Finally, we’ll advise where to go from here.

Read more →

CertShout: All your domains are public

TLS should be mandatory for every website. But, when you set it up, make sure you configure the certificate correctly. This includes not having any sensitive data in any of the fields of the certificate. Because that certificate will become publicly available if you use a CA supporting Certificate Transparency. By Marinus Kuivenhoven and Jeroen Willemsen .

Read more →

How to create your own Lint rule

When you are part of a multi-team project in Android, it becomes relatively hard to have a common understanding of how components should be used. This is where Android Lint can help you! In this blog we will show you how you can write your own Lint rules and test them. As an example, we create a sample Lint Detector, which is used to detect whether you have excluded the “secret data” in your application from the Android Authobackup introduced in Android Marshmallow.

Read more →