What is Minimal Values Type?

Bjorn Vardal from IBM and Frederic Parain from Oracle report about value types being explored in the Value Types Valhalla project
08 August 2017   1457

To provide a path towards earlier community involvement and feedback from early adopters, the Valhalla Value Types project is working on an experimental initial implementation step. The intent is to explore a subset of JVM changes that would be required to support Value Types, without exposing them through the Java language compiler. Through a clever use of MethodHandles and byte code generation, we can give an early taste of some of the capabilities of Value Types. This talk will focus on the subset of Value Types provided in the Minimal Value Types, models of usage,some of the design trade-offs we are making to provide a coherent subset and touch on some of the open issues.

Minimal Value Types is an early access preview of value types being explored in the Value Types Valhalla project. It has been built on top of early results from the project. This talk will review several of the key changes made to JVMs to support value types, covering the representation of value types in the JVM model (stack slot, experimental bytecodes, signatures). Possible strategies to implement and optimize value type handling will be presented, covering also data layout with the opportunity value types offer to be flattened in arrays or fields, and the consequence of this flattening on type dependencies and class loading/resolution. This talk will also present the new JIT optimizations put in place for value types, the modification the bytecode verification needs with the introduction of value types into the Java type system, and some early performance results

New Vulnerability to be Found in Google+

Due to this vulnerability it was possible to obtain private information of 52.5 million accounts
11 December 2018   108

Google decided to close the social network Google+ not in August 2019, but in April. The reason was another vulnerability in the API, due to which it was possible to obtain private information of 52.5 million accounts. The company plans to close the social network API until mid-March 2019.

By December 10, 2018, the following error information was published:

  • Third-party applications requesting access to profile data, because of the bug in the API, received permission to view information, even if it is hidden by privacy settings;
  • the names of users, their email addresses, information about occupation, age and other confidential information were at risk;
  • passwords, financial data and national identification numbers have not been compromised;
  • the company has no evidence that anyone has exploited the vulnerability;
  • the error was fixed within 6 days: from November 7 to November 13, 2018.
  • Google said it sends notifications to all users affected by the bug.

The previous data leak of Google+ users occurred in October 2018. Then about 500 thousand accounts were compromised. The attackers could get the names, email addresses, age, gender and occupation of users.