Posts on Sven Ruppert

A Vaadin Starter Project with a Clear Focus

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 18 Mar 2026 07:05:00 +0000

Many example projects overload the starting point by covering too many topics at once. Routing, data access, security, forms, theme customisations, and other integrations will then be presented in a single demo. This makes it more difficult for readers to recognise the project’s actual structure.

Practical i18n in Vaadin: Resource Bundles, Locale Handling and UI Language Switching

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 11 Mar 2026 07:09:00 +0000

Modern web applications are rarely used only by users with the same language. Even internal tools often reach international teams or are used in different countries. A multilingual user interface is therefore not a luxury feature, but an important part of the user experience.

Separation of Concerns in Vaadin: Eliminating Inline Styles

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 04 Mar 2026 13:05:20 +0000

Vaadin Flow enables the development of complete web applications exclusively in Java. Components, layouts, navigation, and even complex UI structures can be modelled on the server side without working directly with HTML or JavaScript. This approach is one of the main reasons why Vaadin is especially popular in Java-centric projects.

An unexpectedly hassle-free upgrade

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 16 Feb 2026 11:22:56 +0000

The starting point for this article was not a strategic architecture workshop or a long-term planned migration path, but a comparatively unspectacular step: updating the version numbers in the existing project. As part of further developing my URL shortener project, a regular dependency update was due anyway. Vaadin 25 (was already available at that time, so it made sense to proceed.

The Importance of UI in Import Processes

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 09 Feb 2026 15:15:33 +0000

Why an import needs a UI at all
#

Import functions are often treated as purely technical details in applications. Data is read in, processed and then made available – ideally without further interaction. In practice, however, an import is rarely an invisible process. It marks a transition between existing system states, between old and new data, between trust and control. This is exactly where the need for a user interface arises.

JSON export in Vaadin Flow

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 05 Feb 2026 16:50:15 +0000

Export functions are often seen as a purely technical side task: one button, one download, done. In a Vaadin-based application, however, it quickly becomes apparent that exporting is much more than writing data to a file. It is a direct extension of the UI state, an infrastructural contract between frontend and backend, and a decisive factor for maintainability and predictability.

Advent Calendar 2025 - Extracting Components - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 22 Dec 2025 07:05:00 +0000

What has happened so far
#

In the first part, the focus was deliberately on the user interface’s structural realignment. The previously grown, increasingly monolithic OverviewView was analysed and specifically streamlined by outsourcing key functional areas to independent UI components. With the introduction of the BulkActionsBar and the SearchBar, clearly defined building blocks were created, each assuming a specific responsibility and freeing the view from operational details.

Advent Calendar 2025 - Extracting Components - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Sun, 21 Dec 2025 07:05:00 +0000

Today marks a crucial step in the evolution of the URL shortener’s user interface. After the focus in the past few days was mainly on functional enhancements – from filter and search functions to bulk operations – this day is dedicated to a structural fine-tuning: the refactoring of central UI components. This refactoring not only serves to clean up the code but also creates a clear, modular basis for future extensions as well as a significantly improved developer experience.

Advent Calendar 2025 - De-/Activate Mappings - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 20 Dec 2025 07:05:00 +0000

What has happened so far?
#

In the first part of this article, the new active/inactive model for shortlinks was introduced and anchored at the architectural level. Based on the technical rationale, it was shown that a pure expiration date is insufficient for modern use cases and that an explicit activity status is required.

Advent Calendar 2025 - De-/Activate Mappings - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 19 Dec 2025 07:05:00 +0000

Why an active/inactive model for shortlinks?
#

For many users – especially those who work in the field of software development – shortlinks are much more than simple URL shorteners. They act as flexible routing mechanisms for campaigns, feature controls, test scenarios, and internal tools. The requirements for transparency, controllability and clean lifecycle management are correspondingly high.

Advent Calendar 2025 - Basic Login Solution - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 18 Dec 2025 07:05:00 +0000

What has happened so far?
#

In the first part of “Basic Login Solution”, the foundation for a deliberately simple yet structurally clean admin login was laid. The starting point was the realisation that even a technically lean URL shortener requires a clear separation between public-facing functions and administrative operations. The goal was not complete user management, but rather a minimal access barrier that integrates seamlessly with the existing Java and Vaadin architectures.

Advent Calendar 2025 - Basic Login Solution - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 17 Dec 2025 07:05:00 +0000

Introduction
#

The administration interface of a URL shortener is a sensitive area where short links can be changed, removed, or assigned expiration dates. Although the system is often operated on an internal server or in a private environment, protecting this management interface remains a fundamental security concern. Accidental access by unauthorised users can not only lead to incorrect forwarding or data loss, but also undermine trust in the overall system.

Advent Calendar 2025 - Mass Grid Operations - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 16 Dec 2025 07:05:00 +0000

What has happened so far…
#

In the previous part, the URL shortener overview was significantly expanded. The starting point was the realisation that the last UI was heavily optimised for single operations and thus quickly reached its limits as soon as larger volumes of shortlinks needed to be managed. To resolve this bottleneck, the grid was consistently switched to multiple selection, creating the technical basis for actual mass operations.

Advent Calendar 2025 - Mass Grid Operations - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 15 Dec 2025 07:05:00 +0000

The next stage of the Advent calendar focuses on further development, which becomes immediately noticeable once more shortlinks are used. The previous interaction patterns in the Overview view were geared toward individual operations and yielded only limited efficiency gains when processing many objects simultaneously. Today, this paradigm is being deliberately broken up and replaced by an interplay of new UI concepts that, for the first time, enable true multi-operation, context-sensitive work, and a much more stringent user interface.

Advent Calendar 2025 - From UI Interactions to a Deterministic Refresh Architecture

sven.ruppert@gmail.com (Sven Ruppert) — Sun, 14 Dec 2025 07:05:00 +0000

After the first part explained the conceptual basics and the new interactions among global search, search scopes, and advanced filters, the second part focuses on the technical mechanisms that enable these interactions. It is only the revised refresh architecture – above all the interaction of safeRefresh() and RefreshGuard – that ensures that the OverviewView remains calm, deterministic and predictable despite numerous potential triggers.

Advent Calendar 2025 - From Simple Search to Expert Mode: Advanced Filters and Synchronised Scopes for Power Users

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 13 Dec 2025 07:05:00 +0000

Since its inception, the URL shortener’s continuous development has focused on two core goals: a robust technical foundation without external frameworks and a modern, productive user interface that is both intuitive and efficient for power users. As part of the current development stage, an essential UI module has been revised – the OverviewView, i.e. the view in which users search, filter and manage all saved shortenings.

Advent Calendar 2025 - Introduction of multiple aliases - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 12 Dec 2025 07:05:00 +0000

Today’s update introduces another practical development step for the URL shortener. After the last few days were dedicated to UI refinement and the better structuring of detailed dialogues and form logic, the focus is now on an aspect that plays a significant role in the everyday life of many users: the flexible management of multiple aliases per target URL.

Advent Calendar 2025 - Introduction of multiple aliases - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 11 Dec 2025 07:05:00 +0000

Introduction: More convenience for users
#

With today’s development milestone for the URL Shortener project, a crucial improvement has been achieved, significantly enhancing the user experience. Up to this point, working with short URLs was functional, but in many ways it was still linear: each destination URL was assigned exactly one alias. This meant users had to create a new short URL for each context or campaign, even when the destination was identical. While this approach was simple, it wasn’t sufficiently flexible to meet real-world application requirements.

Advent Calendar - 2025 - From Grid to Detail: Understanding the User Experience in the Short-URL Manager

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 10 Dec 2025 10:32:12 +0000

The current UI from the user’s point of view
#

On the first call, the user lands in the overview. The site is built on a Vaadin grid, whose header contains a search bar, paging controls, and a small settings button with a gear icon. The most essential flow begins with the table displaying immediately understandable columns: the shortcode as a clearly typographically separated monospace value with copy action, the original URL as a clickable link, a creation time in local format, and an expiration badge that visually communicates semantic states such as “Expired”, “Today” or “in n days” via theme colours. The whole thing is designed for quick viewing and efficient one-handed operation: a click on a data record opens the detailed dialogue if required; a right-click or the context menu offers direct quick actions; and the gear button can be used to show or hide visible columns live.

Advent Calendar - 2025 - ColumnVisibilityDialog - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 09 Dec 2025 09:55:00 +0000

Server-Side Extension: PreferencesHandler and REST Interfaces
#

The server-side extension for dynamic column visibility follows the same design logic as the UI: simplicity, clear accountability, and a precise data flow. While the OverviewView and the ColumnVisibilityDialog form the interface for the interaction, several specialized REST handlers handle the processing and persistence of the user settings. Their job is to process incoming JSON requests, validate them, translate them into domain operations, and return or store the current state.

Advent Calendar - 2025 - ColumnVisibilityDialog - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 08 Dec 2025 22:42:05 +0000

From observer to designer: User control at a glance
#

With the fourth day of the Advent calendar, the perspective on the application changes fundamentally. While in the previous expansion stages users reacted primarily to prepared structures, an element of active design is now being added. The “Overview” has so far been a central mirror of the system state: It showed all saved short links, allowed them to be filtered and provided an in-depth insight into individual objects with the detailed dialog. But the structure and visibility of the columns were immutable up to this point. The user always saw the selection that the developer had defined as meaningful. With the introduction of dynamic column visibility, this state is removed.

Advent Calendar - 2025 - Detail Dialog - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Sun, 07 Dec 2025 07:05:00 +0000

Client contract from a UI perspective
#

In this project, the user interface not only serves as a graphical layer on top of the backend, but is also part of the overall contract between the user, the client, and the server. This part focuses on the data flow from the UI’s perspective: how inputs are translated into structured requests, how the client forwards them, and what feedback the user interface processes.

Advent Calendar - 2025 - Detail Dialog - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 06 Dec 2025 07:05:00 +0000

Classification and objectives from a UI perspective
#

Today’s Advent Calendar Day focuses specifically on the interaction level prepared in the previous parts. While the basic structure of the user interface and the layout were defined at the beginning, and the interactive table view with sorting, filtering and dynamic actions was subsequently established, it is now a matter of making the transition from overview to detailed observation consistent. The user should no longer only see a tabular collection of data points, but should receive a view tailored to the respective object that enables contextual actions.

Advent Calendar - 2025 - Persistence – Part 02

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 05 Dec 2025 07:05:00 +0000

Today, we will finally integrate the StoreIndicator into the UI.

The source code for this version can be found on GitHub athttps://github.com/svenruppert/url-shortener/tree/feature/advent-2025-day-02

Advent Calendar - 2025 - Persistence – Part 01

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 04 Dec 2025 07:05:00 +0000

**Visible change: When the UI shows the memory state

With the end of the last day of the Advent calendar, our URL shortener was fully functional: the admin interface could filter, sort, and display data page by page – performant, cleanly typed, and fully implemented in Core Java. But behind this surface lurked an invisible problem: All data existed only in memory. As soon as the server was restarted, the entire database was lost.

Advent Calendar - 2025 - Filter & Search – Part 02

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 03 Dec 2025 07:05:00 +0000

In the previous part, we looked at the implementation on the server side. This part is now about the illustration on the user page.

The source code for the initial state can be found on GitHub under https://github.com/svenruppert/url-shortener/tree/feature/advent-2025-day-00 .

Advent Calendar - 2025 - Filter & Search – Part 01

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 02 Dec 2025 07:05:00 +0000

With the Vaadin interface described in [Part III], our URL shortener has a fully functional administration console available for the first time. It allows viewing existing short links in tabular form and managing them manually. But after just a few dozen entries, a clear limit becomes apparent: displaying all saved mappings is neither performant nor user-friendly. An efficient shortener must be able to scale – not only when generating, but also when searching through its data.

Introduction to the URL‑Shortener Advent Calendar 2025

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 01 Dec 2025 10:22:35 +0000

December 2025 is all about a project that has grown steadily in recent months: the Java-based URL Shortener, an open-source project implemented entirely with Core Java, Jetty, and Vaadin Flow. The Advent calendar accompanies users every day with a new feature, a technical deep dive, or an architectural improvement – from the basic data structure and REST handlers to UI components and security aspects.

Real-Time in Focus: Server-Sent Events in Core Java without Frameworks

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 05 Sep 2025 08:18:47 +0000

Chapter 1 – Introduction
#

1.1 Motivation: Real-time communication without polling
#

In modern applications, it is often necessary to provide new information to the client as quickly as possible. Classic polling , i.e. regularly querying a REST endpoint, is inefficient: it generates unnecessary network traffic and puts a load on both server and client, as requests continue even when there is no new data.

Core Java - Flow.Processor

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 04 Sep 2025 11:27:00 +0000

Reactive streams address a fundamental problem of modern systems: Producers (sensors, services, user events) deliver data at an unpredictable rate , while consumers (persistence, UI, analytics) can only process data at a limited speed. Without a flow control model , backlogs, storage pressure, and ultimately outages occur.

Signal via SSE, data via REST – a Vaadin demonstration in Core Java

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 03 Sep 2025 13:05:56 +0000

1. Introduction
#

1.1 Motivation: Event-driven updating without polling
#

In classic web applications, the pull principle still dominates: Clients repeatedly make requests to the server to detect changes. This polling is simple, but it leads to unnecessary load on the server and network side, especially if the data stock changes only sporadically. Server-Sent Events (SSE) is a standardised procedure that allows the server to signal changes to connected clients actively. This avoids unnecessary requests, while updates reach the interface promptly.

How and why to use the classic Observer pattern in Vaadin Flow

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 01 Sep 2025 11:32:18 +0000

1. Introduction and motivation
#

The observer pattern is one of the basic design patterns of software development and is traditionally used to decouple state changes and process them. Its origins lie in the development of graphical user interfaces, where a shift in the data model required synchronising several views immediately, without a direct link between these views. This pattern quickly established itself as the standard solution to promote loosely coupled architectures.

Password Security: Why Hashing is Essential

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 29 Aug 2025 14:53:27 +0000

Password security is an often underestimated but critical topic in software development. Databases containing millions of user logins are repeatedly compromised - and shockingly, often, it turns out that passwords have been stored in plain text. This gives attackers direct access to sensitive account data and opens the door to identity theft, account takeovers and other attacks.

What makes Vaadin components special?

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 19 Aug 2025 13:09:52 +0000

From my experience, Vaadin has always stood out from other Java frameworks. Of course, it enables the creation of modern web UIs, but the real difference lies in its component architecture. This is not conceived as a short-term aid, but is consistently designed for maintainability and flexibility. It creates the possibility of running applications stably for many years while still being able to extend them step by step.

Part III - WebUI with Vaadin Flow for the URL Shortener

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 15 Aug 2025 10:46:10 +0000

1. Introduction and objectives
#

The first two parts of this series established the theoretical and practical foundations of a URL shortener in pure Java. We discussed the semantic classification of short URLs, the architecture of a robust mapping system, and the implementation of a REST-based service based on the JDK HTTP server. These efforts resulted in a functional, modularly extensible backend that creates, manages, and efficiently resolves short links. However, a crucial component was missing-a visual interface for direct user interaction with the system. This interface is essential for tasks such as manual link creation, viewing existing mappings, and analysing individual redirects.

Connecting REST Services with Vaadin Flow in Core Java

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 24 Jun 2025 09:39:25 +0000

1. Introduction
#

Why REST integration in Vaadin applications should not be an afterthought
#

In modern web applications, communication with external services is no longer a special function, but an integral part of a service-oriented architecture. Even if Vaadin Flow, as a UI framework, relies on server-side Java logic to achieve a high degree of coherence between view and data models, the need to communicate with systems outside the application quickly arises. These can be simple public APIs—for example, for displaying weather data or currency conversions—as well as internal company services, such as license verification, user management, or connecting to a central ERP system.

Part II - UrlShortener - first Implementation

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 20 Jun 2025 12:36:28 +0000

1. Introduction to implementation
#

1.1 Objectives and differentiation from the architectural part
#

The first part of this series focused on theory: We explained why a URL shortener is not just a convenience tool, but a security-relevant element of digital infrastructure. We discussed models for collision detection, entropy distribution, and forwarding logic, as well as analysed architectural variants – from stateless redirect services to domain-specific validation mechanisms.

Short links, clear architecture – A URL shortener in Core Java

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 10 Jun 2025 22:43:22 +0000

A URL shortener seems harmless – but if implemented incorrectly, it opens the door to phishing, enumeration, and data leakage. In this first part, I’ll explore the theoretical and security-relevant fundamentals of a URL shortener in Java – without any frameworks, but with a focus on entropy, collision tolerance, rate limiting, validity logic, and digital responsibility. The second part covers the complete implementation: modular, transparent, and as secure as possible.

If hashCode() lies and equals() is helpless

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 06 Jun 2025 20:53:34 +0000

A deep look into Java’s HashMap traps – visually demonstrated with Vaadin Flow.

The silent danger in the standard library
#

The use of HashMap and HashSet is a common practice in everyday Java development. These data structures offer excellent performance for lookup and insert operations, as long as their fundamental assumptions are met. One of them is hashCode() of a key remains stable. But what if that’s not the case?

Creating a simple file upload/download application with Vaadin Flow

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 20 May 2025 17:34:15 +0000

Vaadin Flow is a robust framework for building modern web applications in Java, where all UI logic is implemented on the server side. In this blog post, we’ll make a simple file management application step by step that allows users to upload files, save them to the server, and download them again when needed. This is a great way to demonstrate how to build protection against CWE-22, CWE-377, and CWE-778 step by step.

Open-hearted bytecode: Java Instrumentation API

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 11 Apr 2025 17:06:44 +0000

What is the Java Instrumentation API?
#

The Java Instrumentation API is part of the java.lang.instrument package and allows you to change or analyse class bytecode at runtime. It is particularly intended for the development of profilers, agents, monitoring tools, or even dynamic security mechanisms that need to intervene deeply in a Java application’s behaviour without changing the source code itself.

Synchronous in Chaos: How Parallel Collectors Bring Order to Java Streams

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 08 Apr 2025 20:25:45 +0000

Sometimes it’s not enough for something to work - it has to work under load. In modern applications that process large amounts of data, the Streams API in Java provides developers with an elegant, declarative tool to transform, filter, and aggregate data in pipelines. Describing complex data operations with just a few lines is seductive and realistic. But what happens when these operations encounter millions of entries? When should execution be done in multiple threads in parallel to save time and effectively use multi-core systems?

DNS Attacks - Explained

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 07 Apr 2025 08:48:06 +0000

1. Getting started – trust in everyday internet life
#

Anyone who enters a web address like “www.example.de” into the browser expects a familiar website to appear within seconds. Whether in the home office, at the university, or in the data center, access to online services is now a given. The underlying technical processes are invisible to most users; even in IT practice, they are often taken for granted. One of these invisible processes is name resolution by the Domain Name System (DNS).

Java Cryptography Architecture (JCA) - An Overview

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 03 Apr 2025 12:22:30 +0000

The Java Cryptography Architecture (JCA) is an essential framework within the Java platform that provides developers with a flexible and extensible interface for cryptographic operations. It is a central component of the Java Security API and enables platform-independent implementation of security-critical functions.

Rethinking Java Streams: Gatherer for more control and parallelism

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 02 Apr 2025 20:58:21 +0000

Since version 8, Java has introduced an elegant, functional approach to processing data sets with the Streams API. The terminal operation collect(…) represents the bridge from the stream to a targeted aggregation - in the form of lists, maps, strings or more complex data structures. Until Java 20 the processing was done Collector-Instances were regulated, which internally consisted of a supplier, an accumulator, a combiner and optionally a finisher. This model works well for simple accumulations but has noticeable limitations, particularly for complex, stateful, or conditional aggregations.

From Java 8 to 24: The evolution of the Streams API

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 29 Mar 2025 13:08:23 +0000

The introduction of the Stream API in Java marked a crucial step in the development of functional programming paradigms within the language. With Java 24, stream processing has been further consolidated and is now a central tool for declarative data processing Stream not about an alternative form of Collection, but rather an abstract concept that describes a potentially infinite sequence of data that is transformed and consumed through a pipeline of operations. While a Collection is a data structure that stores data, Stream is a carrier of a computing model: It does not store any data but instead allows the description of data flows.

TornadoVM - Boosting the Concurrency

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 23 Nov 2024 19:40:08 +0000

TornadoVM is an open-source framework that extends the Java Virtual Machine (JVM) to support hardware accelerators such as Graphics Processing Units (GPUs), Field-Programmable Gate Arrays (FPGAs), and multi-core central processing units (CPUs). This allows developers to accelerate their Java programs on heterogeneous hardware without needing to rewrite their code in low-level languages such as CUDA or OpenCL.

Cache Poisoning Attacks on Dependency Management Systems like Maven

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 13 Nov 2024 14:15:16 +0000

Cache poisoning on Maven Caches is a specific attack that targets how Maven Caches manages packages and dependencies in a software development process. It’s essential to understand how Maven works before we look at the details of cache poisoning.

JUnit annotations in focus: The connection between @Test and @Testable

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 08 Nov 2024 09:12:39 +0000

The annotations @Test and @Testable have played an important role in the Java ecosystem regarding application testing. They are essential tools that help developers make unit and automated testing more effective. In this paper, we will explore the differences and connections between @Test and @Testable analyze and the motivation behind the introduction of @Testable understand. We will also play the role of @Testable in developing your test engines and discuss their importance for the flexibility and expandability of tests.

The Risks of Mocking Frameworks: How Too Much Mocking Leads to Unrealistic Tests

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 05 Nov 2024 17:49:33 +0000

Extensive use of mocking frameworks such as Mockito in software development can lead to unrealistic tests. This is because mocking frameworks simulate dependencies of classes or methods in order to test them in isolation. However, when too many mock objects are used, the test often loses touch with reality, which can affect the validity and reliability of the tests. It is important to use mocking carefully to find the right balance between isolated testing and realistic simulation.

What is CWE-1007: Insufficient visual discrimination of homoglyphs for you as a user?

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 04 Nov 2024 12:34:27 +0000

The world of cybersecurity is full of threats, many of which are surprisingly subtle and challenging to detect. One such threat is the problem of so-called homoglyphs. CWE-1007, also known as “Insufficient Visual Distinction of Homoglyphs Presented to User”, is a vulnerability often used by attackers to deceive and compromise your systems or data. In this blog article, you will get a deep insight into CWE-1007, understand its mechanisms, and how to protect yourself from such attacks. We will discuss examples, technical challenges, and best practices that can help you as a developer understand and mitigate this threat.

The History of Parallel Processing in Java: From Threads to Virtual Threads

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 01 Nov 2024 22:02:37 +0000

Since the early days of computer science, parallel processing has represented one of the greatest challenges and opportunities. Since its inception in 1995, Java has undergone a significant journey in the world of parallel programming to provide developers with ever-better tools. This story is a fascinating journey through threads, the executor framework, fork/join, parallel streams, CompletableFuture and the latest developments in Project Loom. In this blog post, we take a detailed look at the evolution of parallel processing in Java and the innovations that came with it.

CWE-778: Lack of control over error reporting in Java

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 18 Oct 2024 14:07:20 +0000

Learn how inadequate control over error reporting leads to security vulnerabilities and how to prevent them in Java applications.
#

Safely handling error reports is a central aspect of software development, especially in safety-critical applications. CWE-778 describes a vulnerability caused by inadequate control over error reports. This post will analyse the risks associated with CWE-778 and show how developers can implement safe error-handling practices to avoid such vulnerabilities in Java programs.

Code security through unit testing: The role of secure coding practices in the development cycle

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 16 Oct 2024 22:17:04 +0000

Unit testing is an essential software development concept that improves code quality by ensuring that individual units or components of a software function correctly. Unit testing is crucial in Java, one of the most commonly used programming languages. This article will discuss what unit testing is, how it has evolved, and what tools and best practices have been established over the years.

Understanding TOCTOU (Time-of-Check to Time-of-Use) in the Context of CWE-377

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 07 Oct 2024 17:57:36 +0000

Building on the discussion of “CWE-377: Insecure Temporary File”, it’s essential to delve deeper into one of the most insidious vulnerabilities that can arise in this context—TOCTOU (Time-of-Check to Time-of-Use) race conditions. TOCTOU vulnerabilities occur when there is a time gap between verifying a resource (such as a file) and its subsequent use. Malicious actors can exploit this gap, especially in temporary file scenarios, leading to serious security breaches. This follow-up article will explore how TOCTOU conditions manifest in software, particularly in managing temporary files, and discuss strategies to mitigate these risks to ensure robust and secure application development.

BLD - a lightweight Java Build Tool

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 26 Sep 2024 17:31:17 +0000

What is a dependency management tool?
#

A dependency management tool is a software system or utility that automates the process of identifying, retrieving, updating, and maintaining the external libraries or packages (referred to as dependencies) required by a software project. It ensures that all necessary dependencies are included and managed in a standardised way, which helps prevent version conflicts, missing libraries, and manual errors during software development.

What are component-based web application frameworks for Java Developers?

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 25 Sep 2024 17:04:18 +0000

Tapestry, Wicket, and Vaadin
#

A component-oriented Java web application framework is a development framework that enables the construction of web applications in a modular way, using reusable, encapsulated components that manage their state, behaviour, and presentation. This approach allows developers to build complex user interfaces by assembling pre-built or custom components, like building blocks, each handling specific functionalities within the application.

CWE-1123: Excessive Use of Self-Modifying Code for Java Developers

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 12 Sep 2024 11:19:19 +0000

Self-modifying code refers to a type of code that alters its own instructions while it is executing. While this practice can offer certain advantages, such as optimisation and adaptability, it is generally discouraged due to the significant risks and challenges it introduces. For Java developers, using self-modifying code is particularly problematic because it undermines the codebase’s predictability, readability, and maintainability, and Java as a language does not natively support self-modification of its code.

IoT with TinkerForge and Java

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 04 Sep 2024 12:37:30 +0000

Introduction
#

TinkerForge is an innovative and modular hardware system that allows users to build electronic devices quickly and flexibly. Whether you’re an experienced engineer, a hobbyist, or a complete newbie, TinkerForge offers a range of components that can be easily connected and programmed, allowing for rapid prototyping and the creation of custom electronics projects. Since its launch, TinkerForge has gained popularity in various areas, including education, research, and industrial automation, due to its user-friendly design and extensive feature set.

Building More Complex Apps with Flow

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 22 Aug 2024 12:20:26 +0000

In this part of the series about Vaadin Flow, I will show how I can create the basic framework for the graphic design of a work application. The focus here is on the design of the work area and the organisation of the individual logical application groups. In other words, we create the application layout that can be used for an industrial project.

CWE-377 - Insecure Temporary File in Java

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 21 Aug 2024 13:17:12 +0000

In software development, temporary files are often used to store data temporarily during an application’s execution. These files may contain sensitive information or be used to hold data that must be processed or passed between different parts of a program. However, if these temporary files are not managed securely, they can introduce vulnerabilities that may compromise the application’s confidentiality, integrity, or availability. The Common Weakness Enumeration (CWE) identified CWE-377 as a weakness associated with the insecure creation and management of temporary files.

Vaadin Flow - How to start

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 19 Jun 2024 15:34:50 +0000

We will now create a new Vaadin Flow application step by step and create a basic framework for our own projects with this component-based open-source web framework. So, right from the start, the question arises: How can you start with as little effort as possible without avoiding the usual expenses that sometimes come with creating projects?

Comparing Code Coverage Techniques: Line, Property-Based, and Mutation Testing

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 31 May 2024 09:20:30 +0000

What is Test Coverage?
#

Test coverage is a metric used in software testing to measure the testing performed on a piece of software. It indicates how thoroughly a software program has been tested by identifying which parts of the code have been executed (covered) during testing and which have not. Here are the key aspects of test coverage:

Securing Apache Maven: Understanding Cache-Related Risks

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 27 May 2024 14:30:22 +0000

What is a Package Manager - Bird-Eye View
#

A package manager is a tool or system in software development designed to simplify the process of installing, updating, configuring, and removing software packages on a computer system. It automates managing dependencies and resolving conflicts between different software components, making it easier for developers to work with various libraries, frameworks, and tools within their projects.

CWE-22: Best practices to use Java NIO

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 22 May 2024 10:30:27 +0000

In today’s digital landscape, ensuring the security of your applications is paramount. One critical vulnerability developers must guard against is CWE-22, Path Traversal. This vulnerability can allow attackers to access files and directories outside the intended scope, potentially leading to unauthorised access and data breaches.

CWE-22: Improper Limitation of a Pathname to a Restricted Directory

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 21 May 2024 14:33:53 +0000

CWE-22, commonly called “Path Traversal,” is a vulnerability when an application fails to appropriately limit the paths users can access through a user-provided input. This can allow attackers to access directories and files outside the intended directory, leading to unauthorised access and potential system compromise. This vulnerability is particularly significant in Java applications due to the ubiquitous use of file handling and web resources. This document will delve into the nature of CWE-22, its implications, exploitation methods, and, most importantly, strategies to mitigate such vulnerabilities in Java applications.

CWE-416: Use After Free Vulnerabilities in Java

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 17 May 2024 12:17:30 +0000

CWE-416: Use After Free
#

Use After Free (UAF) is a vulnerability that occurs when a program continues to use a pointer after it has been freed. This can lead to undefined behaviour, including crashes, data corruption, and security vulnerabilities. The problem arises because the memory referenced by the pointer may be reallocated for other purposes, potentially allowing attackers to exploit the situation.

Basics of the Gauss-Krüger Coordinate System

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 16 May 2024 14:34:19 +0000

Transverse Mercator Projection :
#

The Gauss-Krüger system uses the transverse Mercator projection, which means the cylindrical projection is rotated 90 degrees. This allows for better accuracy over long north-south extents.

CWE-787 - The Bird-Eye View for Java Developers

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 15 May 2024 12:19:10 +0000

The term “CWE-787: Out-of-bounds Write " likely refers to a specific security vulnerability or error in software systems. Let’s break down what it means:

Out-of-bounds Write : This is a type of vulnerability where a program writes data outside the boundaries of pre-allocated fixed-length buffers. This can corrupt data, crash the program, or lead to the execution of malicious code.

Mastering Secure Error Handling in Java: Best Practices and Strategies

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 07 May 2024 12:43:21 +0000

What is ErrorHandling?
#

Error handling refers to the programming practice of anticipating, detecting, and responding to exceptions or errors in software during its execution. Errors may occur for various reasons, such as invalid user inputs, hardware failures, or bugs in the code. Proper error handling helps ensure that the program can handle such situations gracefully by resolving the Error, compensating for it, or failing safely.

Decoding the Logs: Essential Insights for Effective Software Debugging

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 06 May 2024 21:12:46 +0000

Logging is essential to software development, recording information about the software’s operation. This can help developers understand the system’s behaviour, troubleshoot issues, and monitor the system in production. Here’s a basic overview of logging in software development:

Secure Coding Practices - Access Control

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 03 May 2024 10:41:23 +0000

Access control is a security measure that determines who can access resources or perform actions within a system. It involves defining and enforcing policies restricting unauthorised access while allowing authorised users to perform their intended tasks. Access control mechanisms are commonly used in various domains, including computer systems, buildings, and physical assets.

What is a Logbook?

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 22 Apr 2024 11:39:20 +0000

A logbook is a record-keeping tool used in various fields to track information over time. It typically contains entries documenting events, activities, observations, or data related to a particular subject or task. Logbooks can take different forms depending on their purpose, ranging from handwritten notebooks to digital databases.

The Hidden Dangers of Bidirectional Characters

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 19 Apr 2024 10:12:58 +0000

Discover the hidden dangers of bidirectional control characters! We dive deep into how these essential text-rendering tools can be exploited to manipulate digital environments. Learn about their security risks, from filename spoofing to deceptive URLs, and uncover the crucial strategies to safeguard against these subtle yet potent threats. Understand how to protect your systems in a multilingual world. Join to ensure your digital security is not left to chance!

Audio Steganography In More Detail

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 17 Apr 2024 19:22:20 +0000

Audio steganography is a technique for hiding information within an audio file so that only the intended recipient knows of the hidden data’s existence. This method belongs to the broader field of steganography, which itself is a subset of security systems and comes from the Greek words “steganos,” meaning covered, and “graphein,” meaning writing.

Beyond the Visible: Exploring the Depths of Steganography

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 28 Mar 2024 14:02:52 +0000

Steganography is the practice of concealing a message, file, image, or video within another message, file, image, or video. Unlike cryptography, which focuses on making a message unreadable to unauthorised parties, steganography aims to hide the message’s existence. The word “steganography " is derived from the Greek words “steganos ,” meaning “covered ,” and “graphein ,” meaning “to write.”

Sleepingbags For Winter Expeditions

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 06 Mar 2024 19:55:49 +0000

What is a winter trekking tour?
#

A winter trekking tour typically involves hiking or walking through snow-covered landscapes during the winter season. These tours are popular in regions with significant snowfall and mountainous terrain, such as the Alps, the Rockies, the Himalayas, and other mountain ranges worldwide. Winter trekking tours offer adventurers the opportunity to explore stunning winter landscapes, experience the tranquillity of the snowy wilderness, and challenge themselves physically and mentally.

The Compensating Transaction Pattern

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 12 Feb 2024 12:40:41 +0000

The Bird-Eye View
#

A Compensating Transaction Pattern is a technique used to ensure consistency when multiple steps are involved in a process, and some steps may fail. It essentially consists in having “undo” transactions for each successful step, so if something goes wrong later on, you can reverse the changes made earlier and maintain data integrity.

Serialising in Java - Birds Eye View

sven.ruppert@gmail.com (Sven Ruppert) — Sun, 11 Feb 2024 13:46:53 +0000

Serialisation in Java is implemented to convert the state of an object into a byte stream, which can be quickly persisted to a file or sent over a network. This process is essential for persisting object data, supporting network communication, and facilitating sharing of objects between different parts of a distributed system.

What is UTMref?

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 08 Feb 2024 10:09:54 +0000

UTMref stands for Universal Transverse Mercator (UTM) reference system. It is a coordinate system to locate positions on the Earth’s surface. The UTM system divides the Earth into a series of zones, each 6 degrees of longitude wide, and assigns a coordinate grid to each zone. This grid system uses easting (measured in meters east of a reference meridian) and northing (measured in meters north of the equator) coordinates to define locations within each zone.

Contextual Analysis in Cybersecurity

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 05 Feb 2024 17:49:29 +0000

Contextual analysis in cybersecurity involves examining events, actions, or data within the broader context of an organization’s IT environment. It is a critical component of a proactive cybersecurity strategy, aiming to understand the significance of activities by considering various factors surrounding them. This multifaceted approach helps cybersecurity professionals identify and respond to potential threats effectively.

MilRad - a BirdEye View

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 31 Jan 2024 21:07:43 +0000

A milliradian (MilRad or mrad) is a unit of angular measurement commonly used in precision shooting, optics, and ballistics. It is based on dividing a circle into 6.283 radians (2π radians), with each radian further divided into 1,000 milliradians. The milliradian is often denoted as “mil.”

What is a Common Weakness Enumeration - CWE

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 10 Jan 2024 17:24:15 +0000

CWE stands for Common Weakness Enumeration. It is a community-developed list of software and hardware weakness types that can serve as a common language for describing, sharing, and identifying security vulnerabilities in software systems. CWE aims to provide a standardized way of identifying and categorizing vulnerabilities, making it easier for software developers, testers, and security professionals to discuss and address security issues.

What Are Magnetic Anomalies?

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 22 Dec 2023 08:47:46 +0000

Magnetic anomalies refer to variations in the Earth’s magnetic field strength at different locations on the Earth’s surface. These anomalies interest scientists and researchers in various fields, including geophysics, geology, and environmental science. This comprehensive exploration will explore magnetic anomalies’ nature, causes, measurement methods, and significance.

Inclination in Navigation: A Short Overview

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 21 Dec 2023 12:47:15 +0000

Introduction
#

Navigation is an ancient and essential practice that involves determining one’s position and direction relative to the Earth’s surface. In navigation, various factors and concepts play crucial roles in helping sailors, pilots, and even modern travellers reach their destinations safely and efficiently. Inclination is an integral concept to understanding the Earth’s magnetic field and its impact on navigation. In this comprehensive guide, we will delve into the concept of inclination in navigation, exploring its definition, significance, historical context, and practical applications.

Precision in the Wilderness: How to Navigate Safely Despite Magnetic Compass Disturbances

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 20 Dec 2023 17:08:37 +0000

Understanding the disturbance of a magnetic compass is crucial for accurate navigation. External factors like magnetic declination, ferrous objects, electromagnetic interference, temperature variations, and external forces can affect compass readings. Magnetic declination represents the angular difference between true north and magnetic north. Ferrous objects and nearby magnets can alter the local magnetic field, causing deviations. Electromagnetic interference from electronic devices may disrupt compass accuracy. Temperature variations influence materials and magnetic properties within the compass. External forces, such as vibrations and movement, can lead to temporary disturbances. To maintain accuracy, users must know these factors, hold the compass level, calibrate periodically, and avoid interference sources. Understanding and mitigating compass disturbances are essential for reliable and precise direction finding in navigation and safety-critical situations. Let’s have a look at these topics.

Mapping Mastery: Decoding the Global Impact of UTM Coordinates

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 19 Dec 2023 13:04:02 +0000

Embark on a journey to understand the Universal Transverse Mercator (UTM) coordinate system—a foundational tool in mapping and navigation. Unveil the historical evolution that led to its development during World War II, explore the technical intricacies that make it a global standard, and discover the practical applications that range from topographic mapping to field navigation.

What is WGS84 - An Overview

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 18 Dec 2023 10:01:32 +0000

The World Geodetic System 1984 (WGS 84) is a geodetic reference system used to describe the shape and size of the Earth. We will delve into its historical context, technical specifications, global significance, and practical applications.

Secure Coding Practices - Input Validation

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 13 Dec 2023 07:52:24 +0000

What is - Input Validation?
#

Input validation is a process used to ensure that the data provided to a system or application meets specific criteria or constraints before it is accepted and processed. The primary goal of input validation is to improve the reliability and security of a system by preventing invalid or malicious data from causing errors or compromising the system’s integrity.

Infection Method - Sub-Domain Takeover

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 20 Nov 2023 14:37:29 +0000

A subdomain takeover is a type of cybersecurity vulnerability that occurs when an attacker gains control of a subdomain of a website or a domain name. This attack can seriously affect the security and functionality of a web application or website. In this explanation, we’ll look at subdomain takeovers, how they work, the risks they pose, and how to prevent them.

Infection Method - Domain Takeover

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 10 Nov 2023 10:31:25 +0000

In this post, we will look at another method of infection. These are the attack vectors via domain names. This can happen at the main level, i.e. the domain itself, or via sub-domains. But what exactly is a domain takeover attack?

EclipseStore High-Performance-Serializer

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 09 Oct 2023 21:59:54 +0000

I will introduce you to the serializer from the EclipseStore project and show you how to use it to take advantage of a new type of serialization.

Since I learned Java over 20 years ago, I wanted to have a simple solution to serialize Java-Object-Graphs, but without the serialization security and performance issues Java brought us. It should be doable like the following…

EclipseStore - Storing more complex data structures

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 06 Oct 2023 12:22:50 +0000

How to store complex data structures using EclipseStore? Are there any restrictions? How can you work more efficiently on such structures? We will now get to the bottom of these questions here.

How to start with EclipseStore - 01

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 04 Oct 2023 10:00:04 +0000

We will take the first steps with the Eclipse Store here. I will show what the Eclipse Store is, how you can integrate it into your project and what the first steps look like from a developer’s perspective. All in all, it is a practical introduction.

TDD and the impact on security

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 28 Jun 2023 16:08:03 +0000

Test-driven development (TDD) is a software development approach that prioritizes writing automated tests while creating the actual code. There follows a cycle of writing a failed test, writing the code to make the test pass, and then refactoring the code. TDD was originally developed to ensure the quality, maintainability and expandability of the software created over the long term. The specific knowledge about the individual source text passages should also be shown in the tests. Thus, a transfer of responsibility between developers is supported. Better than any documentation, tests are always up-to-date regarding the function that has been implemented in the source code.

Introduction to the Linux Foundation's SLSA project

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 10 Dec 2022 21:56:43 +0000

Supply Chain Security is a hot topic these days. And more and more, we as developers are dealing with this daily. But what does this mean for us, and how is this influencing our job? I want to give an overview of common attacks against the Software Supply Chain from the developer’s view and will introduce the Open Source project SLSA from the Linux Foundation.

The Power of #JFrog Build Info (Build Metadata)

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 08 Oct 2021 13:42:05 +0000

Intro

This article will take a detailed look at what the term build-info is all about and why it will help us protect against attacks such as the Solarwinds Hack.

SolarWinds hack and the Executive Order from Mr Biden -- And now?

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 27 Jul 2021 11:10:15 +0000

In the past two years, we have had to learn a lot about cybersecurity. The new attack vectors are becoming more and more sophisticated and are directed more and more against the value chain in general. But what does that mean for us? What can be done about it, and what reactions have the state already taken?

What is the difference between SAST, DAST, IAST and RASP?

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 19 Jul 2021 15:34:30 +0000

Intro:

In this post, we’re going to look at the differences between the various cybersecurity defence techniques. Here you can identify four main groups, which we will go through briefly one after another to illustrate the advantages and disadvantages.

The Lifeline of a Vulnerability

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 25 Jun 2021 16:17:29 +0000

Intro
#

Again and again, we read something in the IT news about security gaps that have been found. The more severe the classification of this loophole, the more attention this information will get in the general press. Most of the time, you don’t even hear or read anything about all the security holes found that are not as well known as the SolarWinds Hack, for example. But what is the typical lifeline of such a security gap?

Howto Building a Bushcrafting Seat in the woods

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 26 May 2021 10:44:08 +0000

In this episode, I’ll show you how to make a comfortable bushcrafting chair out of a few sticks and a little string.

Step 1 - Finding suitable wood
#

For this seat, we need three wooden poles. These must be stable enough to bear the weight of whoever wants to sit on them. When choosing the pieces of wood, you should, as always, make sure that only dead wood is used. In addition to the aspect of not damaging living trees, it also has a convenient background. With fresh wood, you always have to expect that there is still some moisture and resin in the workpiece and leak out in different places over time. In my search, I opted for secluded beech wood. All bars have a diameter of approx. 10cm are dry and sufficiently stable to hold my weight individually. Of course, rotten wood is not advisable.

CVSS - explained - the Basics

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 07 Apr 2021 12:20:21 +0000

Intro
#

What is the Common Vulnerability Scoring System short called CVSS, who is behind it, what are we doing with it and what a CVSS Value means for you? I will explain how a CVSS Score is calculated, what the different elements of it mean and what are the differences between the different CVSS versions.

build a small Bushcraft bench from a log

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 05 Apr 2021 21:24:14 +0000

#

When I’m out in the forest, I always enjoy having some tools with me. The backpack is certainly a little heavier, but there are countless possibilities. My son was there again on one of my last tours. At the time I write this blog post (early 2021), he is ten years old. It’s always lovely to see the enthusiasm with which new things are tried.
We had set ourselves the goal of building a bank. We had an axe, a saw and a paracord with us as tools.
To find a suitable workpiece, forest areas in which there are deciduous trees are suitable. Conifers are usually not very ideal because they contain much resin. Now and then, you will find places where some medium-sized trees such as birch, beech or oak have been fallen due to the last storm, are relocated. Of course, you have to be careful in such places whether the tree trunks are still under tension. We found just such a place, and we immediately started to sift through the wood. Since the logs had fallen for some time, it was safe to move between them.

Building a Rocket-Stove with Axe and Saw only

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 13 Mar 2021 18:10:54 +0000

Today we’re going to look at how to make a rocket stove with an axe and a saw.
The construction does not require any other materials such as wire or the like.
This is a variant that can be used to boil water yourself.
Even in wet weather, this variant works very well because, with the correct selection of the workpiece, the inner dry wood is used to generate sufficient embers.
In this construction, the physical effect is used, in which hot air rises faster than the colder ambient air. This is, among other things, the reason why this variant works better the colder the ambient temperature is.

Pattern from the practical life of a software developer

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 09 Mar 2021 21:28:00 +0000

Builder-Pattern
#

The book from the “gang of four” is part of the essential reading in just about every computer science branch. The basic patterns are described and grouped to get a good start on the topic of design patterns. But how does it look later in use?
Here we will take a closer look at one pattern and expand it.

Make a Temporarily Drinking Cup from Wood and Paracord

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 09 Mar 2021 16:14:44 +0000

Intro:
#

Sometimes you need a small container to catch a little water, hold small things together, or only a temporarily drinking cup. Today we will look at how a makeshift cup can be made from a round wood piece with simple means. All we need is a saw, a knife and a little paracord. But one thing at a time. Let’s start by choosing the right piece of wood.

Delegation Versus Inheritance In Graphical User Interfaces

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 18 Feb 2021 17:26:16 +0000

Intro

In this article, we will look at the difference between the inheritance and delegation concepts. Or, to put it better, why I prefer delegation and why I want to emphasize this rarely-used feature in Java.

A Challenge of the Software Distribution

sven.ruppert@gmail.com (Sven Ruppert) — Sun, 14 Feb 2021 14:03:57 +0000

The four factors that are working against us
#

Software development is more and more dependent on Dependencies and the frequency of deployments is increasing. Both trends together are pushing themselves higher. Another element that turns the delivery of software into a network bottleneck is the usage of compounded artefacts. And the last trend that is working against us, is the exploding amount of edges or better-called edge nodes.All four trends together are a challenge for the infrastructure.But what we could do against it?

DevSecOps - Be Independent Again

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 12 Feb 2021 18:06:03 +0000

What do the effects the news of the last few months can have to do with risk management and the presumption of storage, and why is it an elementary component of DevSecOps?

The quick Wins of DevSecOps

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 28 Jan 2021 16:56:45 +0000

Hello and welcome to my DevSecOps post. Here in Germany, it’s winter right now, and the forests are quiet. The snow slows down everything, and it’s a beautiful time to move undisturbed through the woods.

Posts on Sven Ruppert

A Vaadin Starter Project with a Clear Focus

Practical i18n in Vaadin: Resource Bundles, Locale Handling and UI Language Switching

Separation of Concerns in Vaadin: Eliminating Inline Styles

An unexpectedly hassle-free upgrade

The Importance of UI in Import Processes

Why an import needs a UI at all #

JSON export in Vaadin Flow

Advent Calendar 2025 - Extracting Components - Part 2

What has happened so far #

Advent Calendar 2025 - Extracting Components - Part 1

Advent Calendar 2025 - De-/Activate Mappings - Part 2

What has happened so far? #

Advent Calendar 2025 - De-/Activate Mappings - Part 1

Why an active/inactive model for shortlinks? #

Advent Calendar 2025 - Basic Login Solution - Part 2

What has happened so far? #

Advent Calendar 2025 - Basic Login Solution - Part 1

Introduction #

Advent Calendar 2025 - Mass Grid Operations - Part 2

What has happened so far… #

Advent Calendar 2025 - Mass Grid Operations - Part 1

Advent Calendar 2025 - From UI Interactions to a Deterministic Refresh Architecture

Advent Calendar 2025 - From Simple Search to Expert Mode: Advanced Filters and Synchronised Scopes for Power Users

Advent Calendar 2025 - Introduction of multiple aliases - Part 2

Advent Calendar 2025 - Introduction of multiple aliases - Part 1

Introduction: More convenience for users #

Advent Calendar - 2025 - From Grid to Detail: Understanding the User Experience in the Short-URL Manager

The current UI from the user’s point of view #

Advent Calendar - 2025 - ColumnVisibilityDialog - Part 2

Server-Side Extension: PreferencesHandler and REST Interfaces #

Advent Calendar - 2025 - ColumnVisibilityDialog - Part 1

From observer to designer: User control at a glance #

Advent Calendar - 2025 - Detail Dialog - Part 2

Client contract from a UI perspective #

Advent Calendar - 2025 - Detail Dialog - Part 1

Classification and objectives from a UI perspective #

Advent Calendar - 2025 - Persistence – Part 02

Advent Calendar - 2025 - Persistence – Part 01

Advent Calendar - 2025 - Filter & Search – Part 02

Advent Calendar - 2025 - Filter & Search – Part 01

Introduction to the URL‑Shortener Advent Calendar 2025

Real-Time in Focus: Server-Sent Events in Core Java without Frameworks

Chapter 1 – Introduction #

1.1 Motivation: Real-time communication without polling #

Core Java - Flow.Processor

Signal via SSE, data via REST – a Vaadin demonstration in Core Java

1. Introduction #

1.1 Motivation: Event-driven updating without polling #

How and why to use the classic Observer pattern in Vaadin Flow

1. Introduction and motivation #

Password Security: Why Hashing is Essential

What makes Vaadin components special?

Part III - WebUI with Vaadin Flow for the URL Shortener

1. Introduction and objectives #

Connecting REST Services with Vaadin Flow in Core Java

1. Introduction #

Why REST integration in Vaadin applications should not be an afterthought #

Part II - UrlShortener - first Implementation

1. Introduction to implementation #

1.1 Objectives and differentiation from the architectural part #

Short links, clear architecture – A URL shortener in Core Java

If hashCode() lies and equals() is helpless

The silent danger in the standard library #

Creating a simple file upload/download application with Vaadin Flow

Open-hearted bytecode: Java Instrumentation API

What is the Java Instrumentation API? #

Synchronous in Chaos: How Parallel Collectors Bring Order to Java Streams

DNS Attacks - Explained

1. Getting started – trust in everyday internet life #

Java Cryptography Architecture (JCA) - An Overview

Rethinking Java Streams: Gatherer for more control and parallelism

From Java 8 to 24: The evolution of the Streams API

TornadoVM - Boosting the Concurrency

Cache Poisoning Attacks on Dependency Management Systems like Maven

JUnit annotations in focus: The connection between @Test and @Testable

The Risks of Mocking Frameworks: How Too Much Mocking Leads to Unrealistic Tests

What is CWE-1007: Insufficient visual discrimination of homoglyphs for you as a user?

The History of Parallel Processing in Java: From Threads to Virtual Threads

CWE-778: Lack of control over error reporting in Java

Why an import needs a UI at all
#

What has happened so far
#

What has happened so far?
#

Why an active/inactive model for shortlinks?
#

What has happened so far?
#

Introduction
#

What has happened so far…
#

Introduction: More convenience for users
#

The current UI from the user’s point of view
#

Server-Side Extension: PreferencesHandler and REST Interfaces
#

From observer to designer: User control at a glance
#

Client contract from a UI perspective
#

Classification and objectives from a UI perspective
#

Chapter 1 – Introduction
#

1.1 Motivation: Real-time communication without polling
#

1. Introduction
#

1.1 Motivation: Event-driven updating without polling
#

1. Introduction and motivation
#

1. Introduction and objectives
#

1. Introduction
#

Why REST integration in Vaadin applications should not be an afterthought
#

1. Introduction to implementation
#

1.1 Objectives and differentiation from the architectural part
#

The silent danger in the standard library
#

What is the Java Instrumentation API?
#

1. Getting started – trust in everyday internet life
#

Learn how inadequate control over error reporting leads to security vulnerabilities and how to prevent them in Java applications.
#

What is a dependency management tool?
#

Tapestry, Wicket, and Vaadin
#

Introduction
#

What is Test Coverage?
#

What is a Package Manager - Bird-Eye View
#

CWE-416: Use After Free
#

Transverse Mercator Projection :
#

What is ErrorHandling?
#

What is a winter trekking tour?
#

The Bird-Eye View
#

Introduction
#

What is - Input Validation?
#

Intro
#

Step 1 - Finding suitable wood
#

Intro
#

Builder-Pattern
#