LofgoFail: BIOS vendor logo loader vulnerability

 

Logofail, a vulnerability in the loading of vendor logo  image files from BIOS bypasses secure boot measures from all major BIOS vendors. 

More info...

Negative news gets more clicks

A study in Nature Human Behaviour shows that people are more likely to pick negative news articles to read:

• For every negative word in a news title the chance a user clicks on it increases by 2.3%.
• For every positive word in a news title the chance a user clicks on it decreases by1%.

more...

RSA and other encryption servers vulnerable to 25-year old Marvin attack

 Among others, popular OpenSSL and GnuTLS implementations are vulnerable.

The authors recommend to stop using RSA PKCS#1 v1.5 and switch to Elliptic curve Diffie-Hellman.

They suspect that any cryptographic library using general purpose integer implementations ( (default mode of OpenSSL's BIGNUM, Java's BigInteger, Python's int, Rust's apin...) is vulnerable.

What can the attackers gain?

• The attacker is able to decrypt RSA ciphertexts and forge signatures.
• For a TLS server that defaults to RSA encryption key exchanges, that means the attacker can record a session and decrypt it later.

more...

 

 

When you can't pin a .exe to your windows 11 start menu

 I have a program on my new Windows 11 machine, for which I'd like to add the .exe to my start menu.

When I use the right click menu on the .exe to do this, nothing happens.

Here's how I solved the problem:

1. Create a shortcut (myProgram.lnk) for the myProgram.exe
2. Copy the shortcut to your desktop
3. Use the right click menu on the shortcut to pin it to your start menu (now this works for me!)
   
4. Throw away the shortcut on your desktop (if you don't like it there)
   

Processing LocalDateTime with Moshi in Java

Moshi is a library for marshalling/unmarshalling JSON. The Moshi API is very similar to the API of its predecessor Gson. Just like Gson, Moshi does not have support for LocalDate(Time) processing. This is the recommended Java Date/Time representation, so Moshi does not work out of the box for Java, and that's a shame. 

Here's how you can solve this, for LocalDateTime. The procedure for LocalDate is similar.

Option 1: write an Adapter from scratch

1. Write the Adapter class

public class LocalDateTimeAdapter {

  // Specify in which format you want your DateTime 
  private final DateTimeFormatter formatter = DateTimeFormatter.ISO_LOCAL_DATE_TIME;

  @ToJson
  public String toText(LocalDateTime dateTime) {
   return dateTime.format(formatter);
  }

  @FromJson
  public LocalDateTime fromText(String text) {
    return LocalDateTime.parse(text, formatter);

  }
}

2. Add the adapter when building Moshi

Moshi moshi = new Moshi.Builder()
  .add(new LocalDateTimeAdapter())
  .build();
// That's all! 
// Now just parse (or serialise) your data as normal
// Here serialising a Ticket object
JsonAdapter<Ticket> jsonAdapter =  moshi.adapter( Ticket.class);
System.out.println(jsonAdapter.indent("  ").toJson(ticket));

Option 2: write an Adapter that delegates to Moshi's Date adapter

Here we are using the MoshiRfc3339DateJsonAdapter, that is in the Moshi adapter's library. It can marshall/unmarshall java.util.Date.

1. Add the Moshi adapters library

I'm using gradle and add the dependency to build.gradle.kt, in addition to the moshi library that was already there

dependencies {
    implementation("com.squareup.moshi:moshi:1.15.0")
    implementation("com.squareup.moshi:moshi-adapters:1.15.0")
    //...
}

2. Write the Adapter class

In the adapter I'm converting LocalDateTime to/from Date and then use the Moshi adapter to convert the Date to/from JSON.

//...
// Do NOT import this from com.squareup.moshi.Rfc3339DateJsonAdapter, that one's deprecated

import com.squareup.moshi.adapters.Rfc3339DateJsonAdapter;

public class DelegatingLocalDateTimeAdapter {

  // adding .nullSafe() to the adapter allows it to write null dates in json rather than skipping them
  private static final JsonAdapter<Date> ADAPTER = new Rfc3339DateJsonAdapter().nullSafe();

  @ToJson
  public String toJson(LocalDateTime timestamp) {
   return ADAPTER.toJson(Date.from(timestamp.atZone(ZoneId.systemDefault()).toInstant()));
  }

  @FromJson
  public LocalDateTime fromJson(String json) throws IOException {
   return LocalDateTime.ofInstant(  ADAPTER.fromJson(json).toInstant(), ZoneId.systemDefault());
  }
}

3. Add the adapter when building Moshi

This step is the same as the last step in Option 1

Moshi moshi = new Moshi.Builder()
  .add(new DelegatingLocalDateTimeAdapter())
  .build();
// That's all! 
// Now just parse (or serialise) your data as normal
// Here serialising a Ticket object
JsonAdapter<Ticket> jsonAdapter =  moshi.adapter( Ticket.class);
System.out.println(jsonAdapter.indent("  ").toJson(ticket));

Windows: get parentprocess ID / name

Powershell command to get parent processes of all processes with a given name (javaw.exe):

Get-CimInstance Win32_Process -Filter "Name = 'javaw.exe'" | select ParentProcessId

Or in a script. TYhis one takes the process name as a parameter and also shows the , this time with the parent process name: 

$targetProcessName = $args[0]

$targetProcessName = $args[0]
$targetProcesses = Get-CimInstance -ClassName Win32_Process -Filter "Name = '$targetProcessName'"

foreach ($process in $targetProcesses) {
    $parentProcessId = $process.ParentProcessId
    $parentProcess = Get-CimInstance -ClassName Win32_Process -Filter "ProcessId = $parentProcessId"
    Write-Output "Process: $($process.processId) $($process.Name), Parent Process: $($ParentProcessId)    $($parentProcess.Name)"
}

Jetbrains 2023.2 releases

Some highlights:

• AI assistance (chat GPT) integration beta. 
• Currently no new users of the plugin are being accepted, with no timeframe for when this will change.
  
• process gitlab merge requests (merge them in intellij)
  
• multiple member and multi caret selection in refactorings
• HTTP client enhancements (view result as HTML...)
  

more info....

Java 21 LTS releases september 19th 2023

With the upcoming new LTS (Long Term Support)  release of Java, Java 21, quite some preview features of earlier releases are finally completed.  These are the most important goodies we get withe the new LTS release:

• record pattern matching: destructuring for records
  
• several switch enhancements
• type and pattern matching
• null matching
• more complex tests using case ... when ... constructs
  
• SequencedCollection: extra operations on first and last elements for collections for which the order of the elements is known.
• lightweight threads 
• text manipulation methods
  
• String::splitWithDelimitors
• SringBuilder::repeat
• Character eomji methods
  

More info...

Umlet 15.1 supports UML class generation from java code

Umlet 15.1 now generates UML class diagrams from code. 

You can give it a file or directory and will generate class elements in a grid like diagram with no relations.

The generation stops if Umlet encounters an enum, which is a bit of a bummer, but still this can give your a nice headstart if you already have some code.

This release is (maybe even more importantly) also reported to solve a nasty bug that crashed Umlet 15.0 on some actions.