Safe Browsing At Home

13. May, 2011
The logo of Mozilla Firefox 3.5 and 3.6 from t...

Image via Wikipedia

If you’re worried about security while you’re browsing the web (and you probably should), here is a simple solution that might actually work (or at least raises the bar quite a bit): BitBox (German)

In a nutshell, it’s a secured Linux system running Firefox 4 inside of VirtualBox. The browser can only access the resources of the virtual PC.

So to infect your real system, the hacker must: Break Firefox on Linux (which is hard), break Linux (hard), break through the virtual PC layer (not that easy either) to be able to infect your real PC (as opposed to just infect your PC).

Maven Tools for Eclipse: M2 Repository Analysis And Dependency Management

13. May, 2011

I’ve finished RC1 of my set of tools to import Eclipse plug-ins into Maven 2 repositories. You can find the source on github. It needs Python 2.7 and lxml. pip is your friend.

The new features: There is now a tool to analyze the M2 repository for oddities. Currently, it can find these issues:

  • Dependencies which are used but not part of the repository
  • Dependencies which are used with different versions or version ranges (i.e. when one POM includes a dependency with 1.0 and another POM pulls in the very same dependency with version 1.1)
  • Dependencies which are used without versions or version ranges or a catch-all version like [0,)
  • Several versions of the same artifact in the repository

Plus it prints a list of all POMs in the repo with files (jar, pom, sources, test-sources, …). Here is a sample report.

The last tool can create a POM file with a dependencyManagement element containing the versions of the POMs in the repository. You can use this to nail down all versions to the ones existing in your repository (so you don’t accidentally pull in something you don’t want).

Lastly, I’ve enhanced the patch tool. Instead of overwriting replaced dependencies, it will now move them into a new profile. This way, users of the repository can specify which dependency they want (the one from the repository or, say, one from Maven Central).

I will try to build a new testing repo over the weekend so we can start wrapping up the necessary patches for a release.

Related posts: Eclipse 3.6.2 Artifacts for Maven 2