Wed 20 Apr 2022

Introduction to Doctests in Haskell

Documenting software can be challenging, but it doesn’t always need to be so.

In this article, we’ll introduce doctests: a concept that makes the documentation process pleasant and effective.

By putting tests inside module docs, doctests allow functions to speak for themselves and help you get the most out of your testing efforts.

Source: Introduction to Doctests in Haskell, an article by Nurlan Alkuatov.

CVE-2022-21449: Psychic Signatures in Java

It turns out that some recent releases of Java were vulnerable to a similar kind of trick, in the implementation of widely-used ECDSA signatures. If you are running one of the vulnerable versions then an attacker can easily forge some types of SSL certificates and handshakes (allowing interception and modification of communications), signed JWTs, SAML assertions or OIDC id tokens, and even WebAuthn authentication messages. All using the digital equivalent of a blank piece of paper.

Source: CVE-2022-21449: Psychic Signatures in Java, an article by Neil Madden.