Bernard Traversat’s Post

Post-Quantum Java is Here: Implementing ML-DSA (FIPS 204)! The "harvest now, decrypt later" threat is real. While powerful quantum computers are still on the horizon, the security of our current digital signatures is already being challenged. With JDK 24, Java officially enters the Post-Quantum Cryptography (PQC) era via JEP 497. Developers can now natively implement the Module-Lattice-Based Digital Signature Algorithm (ML-DSA) using the standard java.security API. Why ML-DSA? It’s not just "another algorithm." It’s a lattice-based scheme designed to be secure against both classical and quantum attacks. It replaces legacy algorithms like ECDSA and RSA, which rely on mathematical problems that Shor’s algorithm can solve in polynomial time.

Today I explored encryption fundamentals by building a simple cipher system in Java. I implemented a repeating-key XOR encryption algorithm, where each character in a message is transformed using a bitwise XOR operation against a corresponding character from a secret key. The key is applied cyclically using modular indexing, ensuring it works for messages of any length. One interesting property of XOR is that the same operation can be used for both encryption and decryption, which allowed me to design a clean, reusable method for both processes. This project helped me better understand: 1. Bitwise operations in Java 2. How symmetric encryption works at a low level 3. The importance of key management in cryptographic systems While this is a simplified model (not production-grade encryption), it was a great exercise in thinking about how data can be transformed and secured.

𝐋𝐨𝐜𝐤𝐬 𝐚𝐧𝐝 𝐒𝐲𝐧𝐜𝐡𝐫𝐨𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧 — 𝐩𝐨𝐰𝐞𝐫𝐟𝐮𝐥 𝐛𝐮𝐭 𝐞𝐚𝐬𝐲 𝐭𝐨 𝐚𝐛𝐮𝐬𝐞. Atomic types solve simple counters. Complex operations across multiple variables need something stronger. That's where locks come in. 𝐖𝐡𝐚𝐭 𝐢𝐬 𝐚 𝐋𝐨𝐜𝐤? Only one thread executes at a time. Everyone else waits outside. 𝐖𝐡𝐞𝐧 𝐭𝐨 𝐮𝐬𝐞? → Updating multiple variables together atomically → Protecting a shared cache or resource → Business logic that must never be interrupted → Read-heavy systems needing exclusive writes 𝐇𝐨𝐰 𝐭𝐨 𝐮𝐬𝐞 𝐜𝐨𝐫𝐫𝐞𝐜𝐭𝐥𝐲? → Always release in a finally block → Never hold longer than necessary → Acquire multiple locks in the same order always → Use tryLock with timeout — never wait forever → ReadWriteLock for read-heavy systems Java 25 fixed synchronized pinning with virtual threads. 𝐓𝐡𝐞 𝐫𝐮𝐥𝐞: Locks give you safety. Overusing them gives you a slow deadlock-prone system. Less locking always means better performance. #Java #Synchronization #Concurrency #Java25 #VirtualThreads

Java 26 dropped. And yes, the Applet is finally, officially, permanently dead. (Take a moment. You deserve it.) JDK 26 ships 10 finalized JEPs that actually matter: → Native HTTP/3 support in HttpClient, no third-party libs needed → Ahead-of-time object caching for faster startup (any GC, including ZGC) → G1 GC throughput improvements via reduced sync overhead → PEM encoding for post-quantum cryptography readiness. That HTTP/3 item is bigger than it sounds. First-class HTTP/3 in the standard library means one less dependency, one fewer CVE to chase, and better performance on lossy connections, out of the box. The real story? Java keeps evolving, and faster than the "Java is dead" crowd expected. At HaloTechLabs, we have been building Java-based systems for 15+ years. The language we ship today barely resembles what we wrote in 2010. Pattern matching. Records. Virtual threads. Sealed classes. And now HTTP/3 and AOT caching. The ecosystem did not stagnate. It matured. RIP to the Applet. You were a lesson we all needed. Are you planning to migrate to JDK 26, or waiting for the next LTS? #Java #JDK26 #SoftwareDevelopment #BackendEngineering #HaloTechLabs

🚀 Hashing with SHA-256 using JCA (Java) Hashing is a one-way function that produces a fixed-size output (hash) from an input. SHA-256 is a widely used hashing algorithm that provides strong collision resistance. It's commonly used for password storage and data integrity verification. Salting passwords before hashing them is crucial to prevent rainbow table attacks. Always use a strong and unique salt for each password. #Java #JavaDev #OOP #Backend #professional #career #development

We had a path where concurrency looked clean in code and still fell apart under load. Latency looked fine at first. Then traffic climbed and the pressure showed up where it usually does: DB connections, HTTP clients, CPU, and optional work getting in the way of critical work. The mistake was treating all parallel work the same. It was not. Some work was CPU-heavy. Some was I/O-bound. Some was required for the response. Some was just enrichment. That is what I find useful about resource-aware structured concurrency. Not more parallelism. Just a cleaner way to express that different work has different limits and different priorities. If work does not share the same resource pressure or business importance, it probably should not share the same concurrency policy. https://lnkd.in/gvVfcSDr #Java #StructuredConcurrency #ProjectLoom #BackendEngineering #DistributedSystems

🚨 Race Condition & Visibility Problem in Java Multithreading 🚨 Two of the most common concurrency issues every Java developer should understand: 🔹 Visibility Problem - One thread updates a shared variable, but another thread still sees the old value. Why? CPU cache, thread-local memory, or instruction reordering. Example: A thread sets running = false, but another thread keeps looping forever. ✅ Fix: volatile, synchronized, Locks 🔹 Race Condition - Two or more threads update shared data at the same time, causing wrong or unpredictable results. Example: count++; This is actually: Read → Add → Write If two threads run it together, one update may be lost. ✅ Fix: AtomicInteger, synchronized, Locks 💡 Key Takeaway: -Volatile solves visibility issues -AtomicInteger solves race conditions for counters Concurrency bugs are tricky because code may run perfectly many times before failing randomly. #Java #Multithreading #Concurrency #BackendDevelopment #JavaDeveloper #Programming #SoftwareEngineering

 Deadlock in Java – Causes, Detection & Prevention Explained Deadlock in Java occurs when two or more threads are blocked forever, each waiting for a resource held by another thread. This situation stops the program from progressing. Deadlocks typically happen due to four conditions: mutual exclusion (only one thread can use a resource), hold and wait (a thread holds one resource and waits for another), no preemption (resources cannot be forcibly taken), and circular wait (threads form a cycle waiting on each other). For example, Thread A holds Lock 1 and waits for Lock 2, while Thread B holds Lock 2 and waits for Lock 1 resulting in a deadlock. To detect deadlocks, developers can use tools like thread dumps, jstack, or monitoring tools that identify blocked threads. Prevention strategies include: Acquiring locks in a fixed order Using tryLock() with timeout Avoiding unnecessary nested locks Using higher-level concurrency utilities In simple terms: Deadlock = Threads waiting forever Cause = Circular resource dependency Prevention = Proper lock management Understanding deadlocks is essential for building reliable and concurrent Java applications. #JavaDeveloper #Multithreading #Concurrency #Deadlock #Java #BackendEngineer #SoftwareEngineering #SystemDesign #CodingTips #TechCareers #Threading #JavaConcurrency #CleanCode #DevCommunity #C2CJobs #CorpToCorp #C2CContract #C2CRequirements #C2COpportunities

Big week for the Java community. Here is what is happening right now. Java 26 dropped on March 17 and the ecosystem is still buzzing. JDK 26 was released on March 17, 2026 with 10 JEPs including post-quantum cryptography support, faster JVM startup, smarter heap management, and expanded C2 JIT compilation. This is not an incremental release. It is a statement. IntelliJ IDEA 2026.1 was just released with Java 26 support from day one, improvements to the debugger for virtual threads, new Spring Data and Spring Debugger features, and new AI features. If you have not upgraded yet — now is the time. The Java conference season is in full swing this month. Spring I/O is happening April 13 in Barcelona. Java Day Istanbul is April 18. JCON Europe is April 20 in Cologne. The Great International Developers Conference is April 21 in Bangalore. The Java community is more alive and active than ever. And the AI story keeps getting bigger. The Java Platform is now preparing for a paradigm shift in security by adding support for Post-Quantum Cryptography — algorithms designed to be secure against quantum computing threats. As someone building HIPAA-compliant healthcare systems at Walgreens with Java 17 and Spring Boot — I am watching Java 26 closely. Post-quantum security is not a future concern in healthcare. It is a present one. Here is my take as a practitioner, not just an observer. The Java releases used to feel slow. One big LTS every few years, then waiting. The six-month cadence changed everything. Every release is production-ready. Every release moves the ecosystem forward. And the enterprise is finally keeping up. If you are a Java Full Stack Developer and you have not looked at what Java 26 and IntelliJ IDEA 2026.1 bring to your daily workflow — carve out two hours this week. You will not regret it. What is the one Java 26 feature you are most excited about? #Java26 #SpringBoot #IntelliJIDEA #JavaFullStack #PostQuantumCryptography #VirtualThreads #JVM #SoftwareEngineering #TechLeadership #HealthcareIT #Microservices #CloudNative #JavaCommunity

Okay Java 26 is actually pretty interesting 👀 I always assumed these releases were just minor patches but the `final` field change alone made me stop and think. How many times have we used reflection to mutate something we shouldn’t have? Java is basically saying, no more. Also HTTP/3 being built in is huge. No more workarounds. It’s not a glamorous release but it feels like the kind of update you thank yourself for 6 months later in production. What’s the one change here you’ll actually use? 👇 #Java #Java26 #SoftwareEngineering