Episode 67


Manage episode 123418589 series 123744
By Mark Derricutt, Richard Vowles, Mark Derricutt, and Richard Vowles. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Unsupported Operation 67



Web Stuff

  • NettoSphere - A WebSocket and HTTP server based on Atmosphere and Netty.
  • vert.x - node.js like asynchronous web server/platform - lets you write applications in js, ruby, and java. comes with distributed event bus, websocket support, tcp/ssl, pre made modules for mailer, authentication, work queues
  • Thymeleaf 2.0 - XML/HTML specific template engine.
  • GateIN 3.2.0 Final - people still use portal servers?
  • JRebel 4.6 released, JRebel for Vaadin announced

Apache / Maven / Related

  • Shavenmaven - super-lightweight dependency management - NO XML - just URLs
  • Grails 2.0.1 now uses RichardStyle composites, and hopefully will make its way to “Apache Maven Central” soon.
  • Apache Jena 0.9.0 - Java framework for building Semantic Web
  • Commons Math 3.0
  • Apache Camel 2.9.1
  • Apache Hama 0.4 - incubating - metrics on Hadoop
  • Apache Rave 0.8 - incubating - social mashup
  • Apache Tomcat Native 1.1.23
  • Apache Ant 1.8.3
  • Directory studio 2.0.M3
  • ApacheDS 2.0.0-M6
  • Apache Directory LDAP 1.0.0-M11
  • Apache Commons Daemon 1.0.10
  • Apache ACE has become a top level project
  • Apache OFBiz 09.04.02 (2nd TLD in a month - DeltaCloud was the other)
  • Apache MyFaces extension for CDI 1.0.4





  • Clojure 1.4 beta 4
  • First Github got hacked, then node.js’s NPM, Clojars takes precautions:

    Hello folks!

    In light of the recent break-in to the Node.js package hosting site (https://gist.github.com/2001456), I’ve decided to bump the priority of increasing the security on Clojars. I’ve deployed a fix that uses bcrypt (http://codahale.com/how-to-safely-store-a-password/) for password hashing. The first time you log in, it will re-hash your password using bcrypt and wipe the old weak hash.

    Note that Clojars has NOT had a security breach at this time. This is a preventative measure to protect your password in the event of a future breach. We are also looking into allowing signed jars (and possibly requiring them for releases). If you’re interested in helping out with this effort, (design or code) please join the clojars-maintainers mailing list: http://groups.google.com/group/clojars-maintainers

    Because we can’t ensure that everyone will log in to re-hash their password, at some point in the future (probably 2–3 weeks out) we will WIPE all the old password hashes. Otherwise users who have stopped using Clojars or missed the announcement could have their passwords exposed in the event of a future break-in. I will be sure to send out a few more warnings before this happens, but even if your password has been wiped it’s easy to reset it via the “forgot password” functionality.

    If you have any applications storing passwords hashed with SHA1 (even if you use a salt) I highly recommend you take the same steps; refer to http://codahale.com/how-to-safely-store-a-password/ for details.

    please log into Clojars to re-hash your password.

    Thanks for your attention.


  • Related news - Bouncy Castle 1.46 released
  • Static code analyzer for Clojure - kibit 0.0.2 now released
  • Marginalia v0.7.0 - documentation generator for clojure
  • lein 2.0 preview releases are out, and now preview2 is supported by Travis-CI
  • lein-navem is a lein plugin that converts a maven pom.xml into lein project.clj
  • Datomic is a new database service from Rich Hickey. And dayam it looks nice. Some really nice ideas in here.

25 episodes