#enterprisejava — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #enterprisejava, aggregated by home.social.
-
I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.
This piece is about that line.
For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.
https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius
#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava
-
I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.
This piece is about that line.
For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.
https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius
#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava
-
I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.
This piece is about that line.
For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.
https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius
#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava
-
I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.
This piece is about that line.
For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.
https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius
#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava
-
I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.
This piece is about that line.
For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.
https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius
#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava
-
From Java Coder to Software Engineer: The 2025 Skill Stack for Senior Devs
#Algorithms #AWS #Caching #CICD #CleanCode #CloudComputing #DataStructures #DevOps #docker #DomainDrivenDesign #EnterpriseJava #GitHubActions #Grafana #InfrastructureasCode #Java #Java2025 #JavaCareerPath #JavaInterview #Javajobs #JavaVirtualThreads #JVM #Kafka #Kuberne...
-
Hibernate with Panache Next just landed in Quarkus main.
One API.
Blocking + reactive unified.
Stateless sessions.
Type-safe @Find queries validated at build time.This is a real shift in how we build persistence layers in Java.
I built a full bookstore REST API to show:
• Managed vs stateless sessions
• Reactive repositories
• What breaks under loadFull hands-on deep dive:
https://www.the-main-thread.com/p/quarkus-panache-next-jakarta-data-hibernate -
Most persistence bugs are boring.
Renamed fields. Broken query strings. Invalid sort orders.
They compile. Tests pass. Production breaks later.Jakarta Data in Quarkus 3.31 moves these failures to compile time.
This article explains why that matters, how Panache 2.0 fits in, and why the Hibernate annotation processor is the real story.
https://www.the-main-thread.com/p/jakarta-data-quarkus-compile-time-persistence
-
mTLS looks simple until you realize what it doesn’t protect you from.
A trusted client certificate is not the same thing as an allowed client.
If your Java service stops at “the handshake worked,” you’re leaving a gap attackers can walk through.I wrote up a hands-on Quarkus implementation that shows:
– where TLS ends
– where security should begin
– and how to enforce certificate rules before business logic runshttps://www.the-main-thread.com/p/quarkus-mtls-client-certificate-validation-java