Tuesday, December 23, 2008
Speaking at Code Mash 2009
I will be speaking on Spring MVC. The title says Spring 2.5 MVC... But I'm throwing a curve ball... it will be Spring 3.0 MVC. See you there!
Monday, December 22, 2008
Complexity and Architecture
It has been too long since I had a post... I have a number of scribbled notes of blog ideas, but little time. I'm in the process of starting to write the spring 3 book, which may take me off grid more than normal. I will make an effort to post a couple of times a month (more if there is something cool to document). Currently my mind has been on 3 subjects; Spring, Architecture and languages. This blog is regarding one of the often forgotten concerns of architecture... complexity.
Defining Software Architecture
I have been in a large number of conference BOFs this year. When the audience is slow in starting a conversation, the question we gravitate to is: "What is a Software Architect?" or its keen "What is Software Architecture?". I guess I shouldn't be surprised, but it is amazing how diverse the answers to these questions are. It is a reflection of at least two things... 1) the immaturity of our industry and /or 2) the lack of standardization in this space. The conversation spans from design decisions to application architecture to enterprise architecture.
Martin Fowler defines architecture as "things that people per-ceive as hard to change". This is a really responisble definition.
I like to define it as "making decisions on all the non-funcational requirements" and "managing all the things you can't control"
The area of non-functional requirements would include:
The subject that is rarely vocalized and debated in architecture is that of complexity. Neal Ford, in a couple of his talks with NFJS, talks about principles that were documented by anciet philosophers... that of essential and accidental properties. He carries this forward into software architecture in a way that we as an industry really need to talk about. That of software architecture decisions moving the enterprise forward in a way that has essential complexity or in a way that increases the accidental complexity. Neal further clarifies the point with the following comments... We have a hard problem (Essential complexity) and we have made our problem hard (Accidental complexity). Well done Neal! Very easy to envision.
Is complexity one of the non-functional requirements which your architecture team is looking at? If not, It seems likely that what is left is accidental.
What is a concrete example of this?
Let's say that your enterprise has just purchased a shiny new ESB. Suppose there wasn't a project need for it... it was just the stated SOA direction of your organization. When down from on high the edict is brought to your project that you must use the ESB in order to justify the $1M expense. Perhaps it is a fit... but perhaps you are about to fit the square peg in the round hole... in other words accidental complexity.
Where does Accidental Complexity come from?
Neal would say that it comes from vendors who are the pushers of accidental complexity... however there is something deeper here. The reason they are referred to as the pushers is that they are incented to sell you a solution. The solution may not fit your needs exactly, but hey, if they can show you a vision of how it could help, then there is a framework to following and life should be more simplified. So essentially we are saying that any choice which doesn't provide the best solution brings complexity.
We could also say that the more stuff / more solutions we have brings complexity. So by adding more frameworks and options we have added complexity. Conversely, many organizations fall into the trap of standardizing certain aspects of development... like everything is an EJB or we don't use store procedures here. In this situation what happens is that the architect and developers will have to come up with a more complex solution in order to be compliant with the corporate standards.
I'm open to suggestions and challenges... but I think we can conclude that much of our accident complexity comes from not applying the best solution to the problem. I would expect that most teams would not do this deliberately. So the team is either 1) ignorant of the best option (which can be fixed through experience and training) or 2) it is forced upon them.
I will close with the following challenges and questions:
Next time you are looking at a software component... Ask yourself the following
1) Does it simplify the problem?
2) Is there a more simplified solution?
3) Is it testable and verifiable?
4) Does it add complexity upstream or downstream of the problem?
When evaluating solutions... try to put a value on the level of complexity. Here are some ideas:
1) If it moves code or configuration into a proprietary solution then increase its complexity score.
2) If it allows you to write less code for the same functionality then decrease its complexity score.
3) If it enhances testability, decrease its complexity score.
4) How easy is it to monitor and maintain?
5) How easy is it to integrate with and is it standards compliant?
Good luck and Happy Holidays!
Defining Software Architecture
I have been in a large number of conference BOFs this year. When the audience is slow in starting a conversation, the question we gravitate to is: "What is a Software Architect?" or its keen "What is Software Architecture?". I guess I shouldn't be surprised, but it is amazing how diverse the answers to these questions are. It is a reflection of at least two things... 1) the immaturity of our industry and /or 2) the lack of standardization in this space. The conversation spans from design decisions to application architecture to enterprise architecture.
Martin Fowler defines architecture as "things that people per-ceive as hard to change". This is a really responisble definition.
I like to define it as "making decisions on all the non-funcational requirements" and "managing all the things you can't control"
The area of non-functional requirements would include:
- User Experience
- Performance / Response Time
- Scalability
- Security
- Frameworks
- Complexity
- On public web: Number of Requests
- Number of Threads / Connections
- Number of returns from a user generated search
- Items in a batch
The subject that is rarely vocalized and debated in architecture is that of complexity. Neal Ford, in a couple of his talks with NFJS, talks about principles that were documented by anciet philosophers... that of essential and accidental properties. He carries this forward into software architecture in a way that we as an industry really need to talk about. That of software architecture decisions moving the enterprise forward in a way that has essential complexity or in a way that increases the accidental complexity. Neal further clarifies the point with the following comments... We have a hard problem (Essential complexity) and we have made our problem hard (Accidental complexity). Well done Neal! Very easy to envision.
Is complexity one of the non-functional requirements which your architecture team is looking at? If not, It seems likely that what is left is accidental.
What is a concrete example of this?
Let's say that your enterprise has just purchased a shiny new ESB. Suppose there wasn't a project need for it... it was just the stated SOA direction of your organization. When down from on high the edict is brought to your project that you must use the ESB in order to justify the $1M expense. Perhaps it is a fit... but perhaps you are about to fit the square peg in the round hole... in other words accidental complexity.
Where does Accidental Complexity come from?
Neal would say that it comes from vendors who are the pushers of accidental complexity... however there is something deeper here. The reason they are referred to as the pushers is that they are incented to sell you a solution. The solution may not fit your needs exactly, but hey, if they can show you a vision of how it could help, then there is a framework to following and life should be more simplified. So essentially we are saying that any choice which doesn't provide the best solution brings complexity.
We could also say that the more stuff / more solutions we have brings complexity. So by adding more frameworks and options we have added complexity. Conversely, many organizations fall into the trap of standardizing certain aspects of development... like everything is an EJB or we don't use store procedures here. In this situation what happens is that the architect and developers will have to come up with a more complex solution in order to be compliant with the corporate standards.
I'm open to suggestions and challenges... but I think we can conclude that much of our accident complexity comes from not applying the best solution to the problem. I would expect that most teams would not do this deliberately. So the team is either 1) ignorant of the best option (which can be fixed through experience and training) or 2) it is forced upon them.
I will close with the following challenges and questions:
Next time you are looking at a software component... Ask yourself the following
1) Does it simplify the problem?
2) Is there a more simplified solution?
3) Is it testable and verifiable?
4) Does it add complexity upstream or downstream of the problem?
When evaluating solutions... try to put a value on the level of complexity. Here are some ideas:
1) If it moves code or configuration into a proprietary solution then increase its complexity score.
2) If it allows you to write less code for the same functionality then decrease its complexity score.
3) If it enhances testability, decrease its complexity score.
4) How easy is it to monitor and maintain?
5) How easy is it to integrate with and is it standards compliant?
Good luck and Happy Holidays!
Thursday, November 13, 2008
Boulder / Denver JUG Talks
It seems I can't escape Denver. I was there last month at the JUG meeting. Matthew McCullough has some commentary on his blog. It seems Matt did a presentation on iPhone development this month. I will be speaking at NFJS this weekend in Denver. My topics include:
- Java Memory Management and GC
- Hacking - The Dark Arts
- Security Code Review
- Spring / JPA
- Spring 2.5 - Spring without XML
- Architecture and Scaling
- Java Memory Management and GC
- Hacking - The Dark Arts
- Security Code Review
- Spring / JPA
- Spring 2.5 - Spring without XML
- Architecture and Scaling
Monday, October 20, 2008
Favorite Development Tools of 2008
- Mac
- TextMate - What a great tool! Reason enough to own a Mac.
- Intellij - Version 8 is looking good.
- Groovy - This is becoming my favorite tool.
- Grails
- git - It is replacing cvs and subversion.
- gradle - replacing ant and maven
- hudson - looking to see if it replaces cruise control.
- Fusion - developing C# is more fun on a Mac.
- Spring 2.5 MVC - If you can't do Grails... this is the way to do it.
- Clojure - Interesting Language... I know very little at this point.
- F# - Probably the most interesting language on the .Net platform.
- Spring 3 and what I call ADD or Annotated Driven Development :)
- I would like to see a refresh on xplanner - This would be a great candidate for Grails.
jps - The Java way when you need to kill something Groovy
As a speaker, I'm often showing "how" to do something and often requested for "When" / "Why". I just experienced a great example of this with jps. jps is of course is the Java ps tool that is included with JDK5 and 6. So it is already on a Java developer's machine. It is the platform independent way to get PIDs.
How it Started
The Yak-Shaving started when I decided to run a groovy script from TextMate. I conventiently hit+R. Everything ran the way I wanted it to. Except... There wasn't an end to the program script... idiot! So, I closed TextMate... Still Running....
Step 1
First I went to the command line and did a ps... which didn't result in much. I followed this up with a ps -ef. Way too much info... so I ended with a ps -ef | grep JavaVM. Things just got worst. That is a lot of information!
Solution
Along comes jps. A simple jps (no args) and here are the results
9382
10620 GroovyStarter
10314 JConsole
10761 Jps
There it is GroovyStarter... kill 10620.
... and what if you had multiple GroovyStarter scripts running. Well, jps -m will give you the command-line of the script, which includes the groovy script name.
How it Started
The Yak-Shaving started when I decided to run a groovy script from TextMate. I conventiently hit
Step 1
First I went to the command line and did a ps... which didn't result in much. I followed this up with a ps -ef. Way too much info... so I ended with a ps -ef | grep JavaVM. Things just got worst. That is a lot of information!
Solution
Along comes jps. A simple jps (no args) and here are the results
9382
10620 GroovyStarter
10314 JConsole
10761 Jps
There it is GroovyStarter... kill 10620.
... and what if you had multiple GroovyStarter scripts running. Well, jps -m will give you the command-line of the script, which includes the groovy script name.
Sunday, October 19, 2008
Grails JMX Plugin
I just created and released version 0.3 of the Grails JMX Plugin. The code is at github; git://github.com/kensipe/jmx-grails-plugin.git . The documentation is at grails; http://grails.org/JMX+Plugin.
Sometime this week, I'll post some tips and tricks for using the JMX Plugin with Grails.
Sometime this week, I'll post some tips and tricks for using the JMX Plugin with Grails.
Saturday, October 18, 2008
Cooking Chef vs. Polygot Programmer
Occasionally crazy analogies pop up in my head. Sometimes these ideas don't make sense to anyone but me. Let me know if I've gone off the deep end.
So I was thinking what it was like growing up when I didn't have a microwave and how useful that tool is. Then it occurred to me that as useful as it is, there are things I would never put in the microwave. Take for instance a turkey. Perhaps it is possible to cook a turkey in a microwave, but why? You can cook toast on a gas stove as well, but a toaster just seems more appropriate. When playing chef, each tool provides a specific value. Turkey in the oven, toast in the toaster, and butter melting in the microwave.
Stretching this thought into a conversation on technology, I'm reminded of a term Neal Ford is credited with: The polygot programmer.
Why is it that developers and programmers pick camps? Why does an organization limit their technology choices to one or a small handful? When an organization says they are a "Java Shop" or a ".Net Shop", what I hear is "We only use microwaves to cook here". In many of these shops they are doing with code what can be equivalent to cooking a turkey in a microwave. They can get it to work, but it doesn't taste so good!
So I was thinking what it was like growing up when I didn't have a microwave and how useful that tool is. Then it occurred to me that as useful as it is, there are things I would never put in the microwave. Take for instance a turkey. Perhaps it is possible to cook a turkey in a microwave, but why? You can cook toast on a gas stove as well, but a toaster just seems more appropriate. When playing chef, each tool provides a specific value. Turkey in the oven, toast in the toaster, and butter melting in the microwave.
Stretching this thought into a conversation on technology, I'm reminded of a term Neal Ford is credited with: The polygot programmer.
Why is it that developers and programmers pick camps? Why does an organization limit their technology choices to one or a small handful? When an organization says they are a "Java Shop" or a ".Net Shop", what I hear is "We only use microwaves to cook here". In many of these shops they are doing with code what can be equivalent to cooking a turkey in a microwave. They can get it to work, but it doesn't taste so good!
Friday, October 3, 2008
Writing a Spring 3 Book
I'm looking at writing a book on Spring 3. Yes... I know, it doesn't exist yet. My expectation is it should have a likeness to Spring 2.5, which is also lacking in good printed materials. With this assumption, I'm looking to get a head start now and refactor based on actual delivery of product.
If you have some ideas or thoughts... please share. At this point, My goal is not to cover what is already out there. I'm focused on the new approach of annotated development.
I'm also thinking of taking this book and writing a Spring.Net book to follow... Perhaps I will change my mind as I go through the new experience of the first book.
If you have some ideas or thoughts... please share. At this point, My goal is not to cover what is already out there. I'm focused on the new approach of annotated development.
I'm also thinking of taking this book and writing a Spring.Net book to follow... Perhaps I will change my mind as I go through the new experience of the first book.
Speaking at October IASA Meeting in St. Louis
I will be speaking on Architecture and Scale at the Oct 6 Meeting of IASA in St. Louis.
Thursday, August 28, 2008
The Need for Better Interfaces (Human to Computer)
I can't help but believe that there has to be a better way. There has to be more options...
I talking about the I/O options to my computer. Here are a couple of recent stories that will hopefully bring context to what I mean.
Gestures on the Mac
Recently I purchased a new MacBook Pro. You know, one of the new Macs with the multi-touch capabilities. The idea is that if you use one finger you move the mouse, if you use 2 fingers it scrolls (and not just up and down), if you use 3 fingers then it depends somewhat on what application you are using, but generally it means go back or go forward depending on the wave of the hand. This is just awesome stuff and here is what happened to me.
First, the back and forth action of 3 fingers worked in Safari and in finder.... but not in Firefox. I was a little more than dismayed. Generally preferring Firefox, I found myself using Safari more in order to use the gestures. I really wanted this new feature in all applications. Eventually the shiny new toy lost some luster and I mostly use Firefox again. The consequence... sometimes I forget the gestures work in the finder... and I know that I would use it all the time if it always worked. In other words if the bell always rings and I can trust it, I will salivate. And I want to.
A PC with No Gestures
So eventually I found myself working again on another laptop. Man did I look like an idiot for a few minutes. I come to a page that needs scrolling, naturally I reach up to the touchpad with 2 fingers... moving it back and forth to get a scroll thinking for a moment damn computer is locked up or slow... only to discover that I was the component with the issue. It didn't help that my daughter was staring at me funny wondering what I was doing. She was still laughing even after I explained myself.
iTouch as a Birthday Gift
So last week was the same daughters birthday. I bought here a new iTouch. She loves it when I let it leave my hands for her to use. The first couple of days were great. She asked me "how do you turn it on?". I said, "It has one button... push it!". She would ask, "How do I get back out of this application?". I would say, "It has one button... push it!". And of course, she quickly gain the necessary skills and probably has surpassed my abilities on the thing within a few days.
PC is Not an iTouch
So last night she was asking me for some sync help between the laptop and iTouch. After a little conversation, she understands what she needs to do... she needs to hit the sync button on the laptop. What does she do? She taps the screen on the laptop... not once, but a couple of times and then begins to laugh. It was funny.
MacBook as a Fish Tank
Last example. I love to scuba and I love the ocean. When I saw the aquarium screen saver for the mac, it was an obvious purchase. So there is a setting on the screen saver, which reads "Enable Motion Sensor Water Tilting". First you have to turn this on! It uses the motion sensor on the mac so that if you tilt the laptop it appears that physics has applied forces on the water in your laptop the way you would expect. The water tilts! Here's the deal: The optical illusion is so good that even really savvy software developers are impressed and want to know: How?
Call to Action: Better Human Interfaces
If you combine the above stories with the fact that I just finished reading "Dreaming in Code", which outlines how far we haven't come in software development for the last half of a century, I'm left restless. There has to be more... there has to be better... Meaning more we can do and better ways of interfacing with computers. We are just beginning to see it. When you look at Microsoft Surface, Apple's iPhone and the promise of RFID, you begin to see it. It isn't what the general software developer is being train on or developing... They are still working on Dialogs.
Those who claim to be on the cutting edge, they are working on web 2.0 with javascript and cool new frameworks (they are cool). But that isn't what the future demands. The future demands seamless integration computer to human... where the human gestures to something and the machine understands. Where the computer knows what is expected and provides recommendation and choice. In this world, the interface isn't always a screen... and the input isn't a keyboard or a mouse!
I talking about the I/O options to my computer. Here are a couple of recent stories that will hopefully bring context to what I mean.
Gestures on the Mac
Recently I purchased a new MacBook Pro. You know, one of the new Macs with the multi-touch capabilities. The idea is that if you use one finger you move the mouse, if you use 2 fingers it scrolls (and not just up and down), if you use 3 fingers then it depends somewhat on what application you are using, but generally it means go back or go forward depending on the wave of the hand. This is just awesome stuff and here is what happened to me.
First, the back and forth action of 3 fingers worked in Safari and in finder.... but not in Firefox. I was a little more than dismayed. Generally preferring Firefox, I found myself using Safari more in order to use the gestures. I really wanted this new feature in all applications. Eventually the shiny new toy lost some luster and I mostly use Firefox again. The consequence... sometimes I forget the gestures work in the finder... and I know that I would use it all the time if it always worked. In other words if the bell always rings and I can trust it, I will salivate. And I want to.
A PC with No Gestures
So eventually I found myself working again on another laptop. Man did I look like an idiot for a few minutes. I come to a page that needs scrolling, naturally I reach up to the touchpad with 2 fingers... moving it back and forth to get a scroll thinking for a moment damn computer is locked up or slow... only to discover that I was the component with the issue. It didn't help that my daughter was staring at me funny wondering what I was doing. She was still laughing even after I explained myself.
iTouch as a Birthday Gift
So last week was the same daughters birthday. I bought here a new iTouch. She loves it when I let it leave my hands for her to use. The first couple of days were great. She asked me "how do you turn it on?". I said, "It has one button... push it!". She would ask, "How do I get back out of this application?". I would say, "It has one button... push it!". And of course, she quickly gain the necessary skills and probably has surpassed my abilities on the thing within a few days.
PC is Not an iTouch
So last night she was asking me for some sync help between the laptop and iTouch. After a little conversation, she understands what she needs to do... she needs to hit the sync button on the laptop. What does she do? She taps the screen on the laptop... not once, but a couple of times and then begins to laugh. It was funny.
MacBook as a Fish Tank
Last example. I love to scuba and I love the ocean. When I saw the aquarium screen saver for the mac, it was an obvious purchase. So there is a setting on the screen saver, which reads "Enable Motion Sensor Water Tilting". First you have to turn this on! It uses the motion sensor on the mac so that if you tilt the laptop it appears that physics has applied forces on the water in your laptop the way you would expect. The water tilts! Here's the deal: The optical illusion is so good that even really savvy software developers are impressed and want to know: How?
Call to Action: Better Human Interfaces
If you combine the above stories with the fact that I just finished reading "Dreaming in Code", which outlines how far we haven't come in software development for the last half of a century, I'm left restless. There has to be more... there has to be better... Meaning more we can do and better ways of interfacing with computers. We are just beginning to see it. When you look at Microsoft Surface, Apple's iPhone and the promise of RFID, you begin to see it. It isn't what the general software developer is being train on or developing... They are still working on Dialogs.
Those who claim to be on the cutting edge, they are working on web 2.0 with javascript and cool new frameworks (they are cool). But that isn't what the future demands. The future demands seamless integration computer to human... where the human gestures to something and the machine understands. Where the computer knows what is expected and provides recommendation and choice. In this world, the interface isn't always a screen... and the input isn't a keyboard or a mouse!
Speaking at Websphere Portal Techincal Conference
I will be introducing the world of Spring to the world of Portlet development at the IBM WebSphere Portal Technical Conference. The conference is in Nashville, TN between Oct 13-16. The topic of the session is Annotated Portal Development with RAD and Spring; session D19.
Sunday, August 24, 2008
Spring JavaScript
I'm sitting in Keith's Talk @ NFJS Orlando on Spring JavaScript . I've worked with a lot of the spring framework on varies projects over time. I have not until now had a chance to look at what SpringSource was doing with JavaScript. This is great technology which desires some blog time in the future.
There is an underlying theme in the approach Keith is describing which I really like. The concept is a design approach where ajax provides value-add to a client which allows for javascript. Yet the application still functions without it.
Impressions from a one hour guided tour. Things I liked:
There is an underlying theme in the approach Keith is describing which I really like. The concept is a design approach where ajax provides value-add to a client which allows for javascript. Yet the application still functions without it.
Impressions from a one hour guided tour. Things I liked:
- Choice of dojo as the underlying framework
- Design approach
- Use of Tiles
- Leveraging of yahoo performance rules for script compression and optimization
- Binding of multiple decorations to the same html element
- Closer look at Spring's CSS Framework
Thursday, August 21, 2008
Fixing Java Memory Tools on Mac OS X
A number of the Java memory management tools with the default distribution on Mac OS X Leopard are broken. The information to repair the situation seems to be hard to come by. This post will detail the steps necessary to get jmap and jhat to work on a Mac for Java 6. I assume that Java 5 has the same issue but haven't checked.
Setting up a test Java process to profile.
1. From the terminal: cd /Developer/Examples/Java/JFC/Java2D/
2. From the terminal: java -jar Java2D.jar &
3. After the process starts it should indicate the pid (in this example it is 5510)
4. You can also use jps to discover the pid: jps -l (then look for the Java2D.jar)
Fixing jmap
If you type jmap, you would expect to get a high-level memory dump... instead you get a message like:
attach: task_for_pid(5510) failed (5)
Error attaching to process: Error attaching to process, or no such process
To fix this, do a sudo, such as sudo jmap.
Debugger attached successfully.
Server compiler detected.
JVM version is 1.6.0_05-b13-52
using thread-local object allocation.
Mark Sweep Compact GC
Heap Configuration:
MinHeapFreeRatio = 40
MaxHeapFreeRatio = 70
MaxHeapSize = 88080384 (84.0MB)
NewSize = 2686976 (2.5625MB)
MaxNewSize = -65536 (-0.0625MB)
OldSize = 5439488 (5.1875MB)
NewRatio = 2
SurvivorRatio = 6
PermSize = 21757952 (20.75MB)
MaxPermSize = 88080384 (84.0MB)
Heap Usage:
New Generation (Eden + 1 Survivor Space):
capacity = 10551296 (10.0625MB)
used = 4592152 (4.379417419433594MB)
free = 5959144 (5.683082580566406MB)
43.52216069002329% used
At this point it looks like it is working, however the file dump doesn't work.
Fixing jhat
When running jhat on the hump dump, you get the following error:
Eliminating duplicate references.....................
Snapshot resolved.
Exception in thread "main" java.lang.RuntimeException: java.lang.NullPointerException
at com.sun.tools.hat.internal.oql.OQLEngine.init(OQLEngine.java:277)
at com.sun.tools.hat.internal.oql.OQLEngine.(OQLEngine.java:51)
at com.sun.tools.hat.internal.server.QueryListener.setModel(QueryListener.java:59)
at com.sun.tools.hat.Main.main(Main.java:189)
Caused by: java.lang.NullPointerException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.tools.hat.internal.oql.OQLEngine.init(OQLEngine.java:256)
... 3 more
It took me a little hunting to uncover the issue. It turns out that jhat uses the Java 6 js engine. If you go to the terminal again and run: jrunscript , it indicates that the script engine for language js can not be found. On the mac, if you execute: jrunscript -q, which provides a listing of script engines you'll see:
Language AppleScript 2.0.1 implemention "AppleScriptEngine" 1.0
Thank you apple!
As a side note if you actually wanted to run AppleScript as a shell, type jrunscript -l AppleScript
Let's get to fixing the issue
now jrunscript -q should look like this:
Language EmbeddedECMAScript 1.6 implemention "Mozilla Rhino" 1.6 release 2
Language AppleScript 2.0.1 implemention "AppleScriptEngine" 1.0
Language ECMAScript 1.6 implemention "Mozilla Rhino" 1.6R7
... and jrunscript will put you in a js shell.
... and jhat heap.out now works! Point your browser at http://localhost:7000 and object browse!
Also something I didn't realize until I was preparing for this post... jmap worked for the console dump if I sudo'd the command. However it would not do a file dump. I did the file dump using jconsole and jmx. Now that the scripting issue is fixed, jmap is improved in the following manner:
It makes me wonder what else wasn't working! Happy Coding!
Setting up a test Java process to profile.
1. From the terminal: cd /Developer/Examples/Java/JFC/Java2D/
2. From the terminal: java -jar Java2D.jar &
3. After the process starts it should indicate the pid (in this example it is 5510)
4. You can also use jps to discover the pid: jps -l (then look for the Java2D.jar)
Fixing jmap
If you type jmap
attach: task_for_pid(5510) failed (5)
Error attaching to process: Error attaching to process, or no such process
To fix this, do a sudo, such as sudo jmap
Debugger attached successfully.
Server compiler detected.
JVM version is 1.6.0_05-b13-52
using thread-local object allocation.
Mark Sweep Compact GC
Heap Configuration:
MinHeapFreeRatio = 40
MaxHeapFreeRatio = 70
MaxHeapSize = 88080384 (84.0MB)
NewSize = 2686976 (2.5625MB)
MaxNewSize = -65536 (-0.0625MB)
OldSize = 5439488 (5.1875MB)
NewRatio = 2
SurvivorRatio = 6
PermSize = 21757952 (20.75MB)
MaxPermSize = 88080384 (84.0MB)
Heap Usage:
New Generation (Eden + 1 Survivor Space):
capacity = 10551296 (10.0625MB)
used = 4592152 (4.379417419433594MB)
free = 5959144 (5.683082580566406MB)
43.52216069002329% used
At this point it looks like it is working, however the file dump doesn't work.
Fixing jhat
When running jhat on the hump dump, you get the following error:
Eliminating duplicate references.....................
Snapshot resolved.
Exception in thread "main" java.lang.RuntimeException: java.lang.NullPointerException
at com.sun.tools.hat.internal.oql.OQLEngine.init(OQLEngine.java:277)
at com.sun.tools.hat.internal.oql.OQLEngine.
at com.sun.tools.hat.internal.server.QueryListener.setModel(QueryListener.java:59)
at com.sun.tools.hat.Main.main(Main.java:189)
Caused by: java.lang.NullPointerException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.tools.hat.internal.oql.OQLEngine.init(OQLEngine.java:256)
... 3 more
It took me a little hunting to uncover the issue. It turns out that jhat uses the Java 6 js engine. If you go to the terminal again and run: jrunscript , it indicates that the script engine for language js can not be found. On the mac, if you execute: jrunscript -q, which provides a listing of script engines you'll see:
Language AppleScript 2.0.1 implemention "AppleScriptEngine" 1.0
Thank you apple!
As a side note if you actually wanted to run AppleScript as a shell, type jrunscript -l AppleScript
Let's get to fixing the issue
- Download JSR-223's engines https://scripting.dev.java.net/files/documents/4957/37593/jsr223-engines.zip
- Download Rhino http://www.mozilla.org/rhino/download.html
- Copy jsr223-engines/javascript/build/js-engine.jar to /System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home/lib/ext/
- Copy rhino1_7R1/js.jar to /System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home/lib/ext/
now jrunscript -q should look like this:
Language EmbeddedECMAScript 1.6 implemention "Mozilla Rhino" 1.6 release 2
Language AppleScript 2.0.1 implemention "AppleScriptEngine" 1.0
Language ECMAScript 1.6 implemention "Mozilla Rhino" 1.6R7
... and jrunscript will put you in a js shell.
... and jhat heap.out now works! Point your browser at http://localhost:7000 and object browse!
Also something I didn't realize until I was preparing for this post... jmap worked for the console dump if I sudo'd the command. However it would not do a file dump. I did the file dump using jconsole and jmx. Now that the scripting issue is fixed, jmap is improved in the following manner:
- if you type jmap
, it now prompts you for your admin password (instead of just failing) - jmap -dump:live,format=b.file=heap.out 5510 now works
It makes me wonder what else wasn't working! Happy Coding!
Wednesday, May 14, 2008
Portal 2 JSR-268
JSR-286 has been signed off! Here comes Portal 2. I don't know of any implementations yet... so we are still waiting to play with it.
Portal 1 Challenges
There are a number of pain points of portal development which include:
What's new in Portal 2
First, Portlet to portlet communication is not as cumbersome and isn't limited to some session hacking. The specification provides 2 mechanisms for communication at the server tier.
Second, resources are finally part of the picture. In the portal 1 days, you would often need to access a resource outside the portlet... well this request didn't have any portlet details, such as window state or portlet perferences and worse... it didn't run under the security of the portal.
Now resources are obtainable within the context of the portal. To a certain extent this provides us now with the ability to do ajax style development which wasn't possible before.
Next, there is the standard web page needs which have been addressed. For instance, because a portlet doesn't own the page, it really can't participate in provide header information... until now. There are multiple respond phases now... one for the header and one for markup. This provides the ability for a portlet to participate in the creation of the page header. Additionally access to cookies and other web oriented needs have been opened up.
On top of this their are portlet filters and portlet url listeners...
If it is not too late... the portal world is about to get a breath of fresh air. Take a look at the specification, it is worth a look if you are in this space. Perhaps when the reference implementation is out... and I have time I'll create a demo of a few things... of course I'll need to include some of the latest spring stuff in the mix. It looks like Spring 3.0 intends to have Portal 2.0 support. As I scan around on the web... it looks like liferay is portal 2 ready... maybe it is time to switch back :)
Portal 1 Challenges
There are a number of pain points of portal development which include:
- Accessing resources... this is an issue with security mainly
- Portlet to portlet communication through the server framework
- Ajax communication.
What's new in Portal 2
First, Portlet to portlet communication is not as cumbersome and isn't limited to some session hacking. The specification provides 2 mechanisms for communication at the server tier.
- Events
- Public Parameters
Second, resources are finally part of the picture. In the portal 1 days, you would often need to access a resource outside the portlet... well this request didn't have any portlet details, such as window state or portlet perferences and worse... it didn't run under the security of the portal.
Now resources are obtainable within the context of the portal. To a certain extent this provides us now with the ability to do ajax style development which wasn't possible before.
Next, there is the standard web page needs which have been addressed. For instance, because a portlet doesn't own the page, it really can't participate in provide header information... until now. There are multiple respond phases now... one for the header and one for markup. This provides the ability for a portlet to participate in the creation of the page header. Additionally access to cookies and other web oriented needs have been opened up.
On top of this their are portlet filters and portlet url listeners...
If it is not too late... the portal world is about to get a breath of fresh air. Take a look at the specification, it is worth a look if you are in this space. Perhaps when the reference implementation is out... and I have time I'll create a demo of a few things... of course I'll need to include some of the latest spring stuff in the mix. It looks like Spring 3.0 intends to have Portal 2.0 support. As I scan around on the web... it looks like liferay is portal 2 ready... maybe it is time to switch back :)
You don't even know you don't even know
My daughters and I have a phrase we've picked up from some where... probably a movie, but I don't remember which one, which is "you don't even know, you don't even know". We use it liberally to describe a situation where people are talking about stuff they clearly know nothing about, yet they are sharing their opinion about it anyway. It seems strange that this happens... and frankly it happens all the time.
So while speaking in Denver between sessions I attended a great session by Jared Richardson. We got into a discussion on developer perceptions on agile practices such as pair programming, etc. When it occurred to me that this was it... so often developers dislike pairing when they haven't practiced it. They claim they don't have time to write unit test or integration tests... but they haven't attempted it.
It appears that Agile in some circles is getting a bad name... but most of the time it is based on the opinions of someone who thinks they know what the outcome will be... they have thought it through in their head and have come to a conclusion, which has become their opinion on the matter. Sometimes this is further justified through their comments "well I heard that so and so had issues... blah...blah". Sometimes it comes in the early onslaught of pain... either it is new, or their some affect of team storming. The reality is that often new agile teams run a little slower upfront, but end up significantly ahead of non-agile teams. The pain is worth it! (at least from my experience)
So as a community let's make an agreement. If you ain't done it, you can have an opinion... but it doesn't count :) If you think it won't work or if you heard it won't work... you don't even know what you don't even know!
Knowing comes through experience! and as GI Joe says "Knowing is half the battle".
So while speaking in Denver between sessions I attended a great session by Jared Richardson. We got into a discussion on developer perceptions on agile practices such as pair programming, etc. When it occurred to me that this was it... so often developers dislike pairing when they haven't practiced it. They claim they don't have time to write unit test or integration tests... but they haven't attempted it.
It appears that Agile in some circles is getting a bad name... but most of the time it is based on the opinions of someone who thinks they know what the outcome will be... they have thought it through in their head and have come to a conclusion, which has become their opinion on the matter. Sometimes this is further justified through their comments "well I heard that so and so had issues... blah...blah". Sometimes it comes in the early onslaught of pain... either it is new, or their some affect of team storming. The reality is that often new agile teams run a little slower upfront, but end up significantly ahead of non-agile teams. The pain is worth it! (at least from my experience)
So as a community let's make an agreement. If you ain't done it, you can have an opinion... but it doesn't count :) If you think it won't work or if you heard it won't work... you don't even know what you don't even know!
Knowing comes through experience! and as GI Joe says "Knowing is half the battle".
Speaking at OSCON
Well I will be speak this year at OSCON on July 25, 2008 speaking on Spring 2.5 . It will be fun to see how I take my 1:30 hour talk which I usually run over time on and deliver it in :45 mins.
Thursday, April 24, 2008
Welcome to Viet Nam! in Bangalore
I mentioned earlier that I would blog on this subject from my India trip. So I had a very unusual situation in Bangalore. One of the attendees (Madhu) who attended the Jax conference requested that I visit his company during my stay in Bangalore. This became difficult based on a number of reasons, which resulted in Madhu and 10 of his co-workers coming to my hotel. The lobby was too noisy, so we ended up upstairs in my hotel room. The picture below is just half of us that are sitting around a bed talking tech.
We discussed a number of technical details... it started with a discussion around ORM tools and the problem they had mapping to a complex and highly normalized data store. They were creating a web admin tool which for simplicity sake I'll characterize as a content management system (CMS). In this space they don't know all the "columns" of data to store. The columns or metadata is stored in a row of a table, then there is an association table which associates the column to a 3rd table, the table of values. They didn't have to get to far in the description for me to know exactly what they were talking about. I have seen it before a number of times... it is the kind of thing a really out of touch architect, or a green DBA would suggest. I shared some horror stories of my past to try to sway them from this approach. I then discussed all the negatives to this approach.. such as:
While I was speaking at JAX on the topic of Spring and JPA, an attendee reflected on Ted Newark's article relating ORM to Viet Nam. I was amazed!! People around the world are reading Ted's Blog...
So as we were sitting around the bed discussing alternatives, I mention Ted's article which I just re-read that week ... of course I had to explain a little history regarding the meaning that Viet Nam has for most Americans. We got to the point were I was describing how a project gets so far done the road and the team has invested so much, that when anyone suggests that we are tapped out and need to rethink the projects technical approach management comes in with statements like "Come on guys, we have so much invested. Can't you just get it to work". At this point they were all smiling, looking at each other and someone spoke up and says that is exactly where we are at... to which I said "Welcome to Viet Nam" :)
We discussed a number of technical details... it started with a discussion around ORM tools and the problem they had mapping to a complex and highly normalized data store. They were creating a web admin tool which for simplicity sake I'll characterize as a content management system (CMS). In this space they don't know all the "columns" of data to store. The columns or metadata is stored in a row of a table, then there is an association table which associates the column to a 3rd table, the table of values. They didn't have to get to far in the description for me to know exactly what they were talking about. I have seen it before a number of times... it is the kind of thing a really out of touch architect, or a green DBA would suggest. I shared some horror stories of my past to try to sway them from this approach. I then discussed all the negatives to this approach.. such as:
- No indexing
- No join capabilities
- Very complex queries
- Did I mention no indices? This data structure just isn't tunable.
While I was speaking at JAX on the topic of Spring and JPA, an attendee reflected on Ted Newark's article relating ORM to Viet Nam. I was amazed!! People around the world are reading Ted's Blog...
So as we were sitting around the bed discussing alternatives, I mention Ted's article which I just re-read that week ... of course I had to explain a little history regarding the meaning that Viet Nam has for most Americans. We got to the point were I was describing how a project gets so far done the road and the team has invested so much, that when anyone suggests that we are tapped out and need to rethink the projects technical approach management comes in with statements like "Come on guys, we have so much invested. Can't you just get it to work". At this point they were all smiling, looking at each other and someone spoke up and says that is exactly where we are at... to which I said "Welcome to Viet Nam" :)
Thursday, April 17, 2008
Speaking at OSCON 2008
I will be speaking on Spring 2.5 at OSCON 2008 this year! The next tid bit of fun will be fitting my 1 1/2 hour talk into a :45 minute talk... should be fun.
Speaking in India at JAX
Just finished speaking in Bangalore at the JAX conference. The experience was very unique. I'll hit some highlights on a later post. There are 2 remember experiences from the trip. First is the driving there. A friend of mine from a previous trip capture what I'm talking about. Second, my last day I had 10 indians from a local company sitting around my hotel bed talking tech... the statement which capped the conversation was "welcome to vietnam"... I'll explain later.
Saturday, March 8, 2008
Speaking References and Links
Speaking at a number of conferences specifically
Folks generally are asking for resources, references and rss feeds for material. I've started leveraging this blog more, as well as http://del.icio.us/kensipe . So if you are looking for supporting information for my 7 habits talk then look at http://del.icio.us/kensipe/7habits or click on the tag.
Folks generally are asking for resources, references and rss feeds for material. I've started leveraging this blog more, as well as http://del.icio.us/kensipe . So if you are looking for supporting information for my 7 habits talk then look at http://del.icio.us/kensipe/7habits or click on the tag.
Friday, February 29, 2008
It is All About the Approach
Being a pilot this video makes me chuckle a little. But at the same time , I don't know a pilot who hasn't had a rough landing during training or high cross winds or... This video reminds us that it still happen to the professionals.
While I'm not sure how this pilot found himself in this position. Experience tells me that it is all about the setup and approach on final which results in a well executed landing.
Working with software solutions it is the same... a well finished project is based on the approach. If you have early and often feedback, if you have tests which run often you will land safely. Iteration X is dependent on Iteration 0. Make sure you get Iteration 0 right! Then follow the check list!
While I'm not sure how this pilot found himself in this position. Experience tells me that it is all about the setup and approach on final which results in a well executed landing.
Working with software solutions it is the same... a well finished project is based on the approach. If you have early and often feedback, if you have tests which run often you will land safely. Iteration X is dependent on Iteration 0. Make sure you get Iteration 0 right! Then follow the check list!
Thursday, February 28, 2008
Paired Teachers (K-8)
Agile in the Classroom
Being involved in the community, I was at a school board meeting last night (for way too long, but that is another story). There was an interesting presentation. The school last year started a program referred to as "Teacher Leaders". It was a great presentation detailing the outcome of this program which is essentially highly skilled teachers which "pair" (my word not theirs) with other teachers on specific subjects to meet 2 objectives:
The results of the presentation were amazing and the whole room seem to get it. It was great that they brought empirical evidence to the table. They defined 4 levels of support for coaching a teacher on a new program, which are:
Agile Converts
Members of the board shared their reluctance in approving the program, which mirrored that of software stakeholders hedging on paired programming. One board member was significantly against it. Now she is a total convert and is looking to see how to expand the program. The reason... The quality of the result. It turns out that pairing produces higher quality.
Being involved in the community, I was at a school board meeting last night (for way too long, but that is another story). There was an interesting presentation. The school last year started a program referred to as "Teacher Leaders". It was a great presentation detailing the outcome of this program which is essentially highly skilled teachers which "pair" (my word not theirs) with other teachers on specific subjects to meet 2 objectives:
- Increase student learning
- Increase teacher teaching capability
The results of the presentation were amazing and the whole room seem to get it. It was great that they brought empirical evidence to the table. They defined 4 levels of support for coaching a teacher on a new program, which are:
- Theory
- Demonstration
- Practice
- Peered Coaching
Agile Converts
Members of the board shared their reluctance in approving the program, which mirrored that of software stakeholders hedging on paired programming. One board member was significantly against it. Now she is a total convert and is looking to see how to expand the program. The reason... The quality of the result. It turns out that pairing produces higher quality.
Monday, February 25, 2008
What is a calendar?
It is my intention to write a few posts on the need to focus IT on business solutions. I've got several posts in my head... All I need now is time. A situation today spurred me to post a comment on words and the meaning of words, which is critical for one person to understand another person in order to clearly provide a business solution.
It is 10pm... Do you know where your data is?
I have been a heavy user of google and it's products for some time. This is very interesting on its own since when Microsoft came out with Passport and HailStorm years ago... My response was... "heck NO!" you're not keeping all my data. It is interest, as they had some services but nothing significantly compelling to me. Yet, over the years google hasn't asked to store all my stuff... they didn't have a huge marketing campaign, yet some how they have all my data. I now use they're gmail, calendar, I use and share notebooks, I've used their payment capabilities, I blog on their site, I use their phone services through GrandCentral... they know everything about me. I came to this comparison and realization recently and well... I'm not sure if I am scared yet or not, but that is a subject for another post.
"What's in a name? That which we call a rose By any other name would smell as sweet." - Shakespeare
So on to the main point of this post. I have convinced several other partners to switch from yahoo group calendar to the google calendar. One of them was lost in how to get to this shared calendar so I proceeded to explain via email how the google calendar is used. This resulted in the following statement by me:
The essences of Chairness
If you ever read Plato, you know what I mean... The word chair means what you usually think it means. However as Plato puts it, what do you think of when someone says chair. Does it have 4 legs, or 3? Does it have a back to it? If you started picking it apart (remove a leg, etc.), at what point does it cease to be a chair? This isn't made to be too philosophical. The point is some times it is difficult for us to use an abstract term and worse, sometimes words are more abstract then we think they are. Where a chair could paint the same mental picture for 2 people, the concept of what is core to the essences of chairness is likely different.
The trouble with Users
Here in lies the trouble with users. There really isn't an issue with users. They mean what they said and they are paying the bills. However often they say calendar and they mean calendar of time and often a developer sees the bigger picture and sees the need for a calendar to represent a thread of interest. There are a number of issues at this point:
It is just interesting how often this situation happens. Often the issue is context. Where context provides the meaning or at least a deeper meaning. But sometimes not. In the example of the calendar, it is tough to say that context would provide greater meaning. This issue is further exacerbated with specific domains where context does matter.
Several years ago, I worked on a life science project working with a lab on transcription profiling. During this engagement a couple of us worked with several top Ph.D.s in the field to help automate the process. It was necessary to understand the word "Allele" and its domain. Although there are aspects about an Allele which were easy to agree upon. The other aspects were dependent on who you talked to and on which day... it didn't take long to realize that it was really a matter of context which provided its mean.
Clarity of Thought
If there is a point to this current blog it would be this: In order to write software... even flexible software (in this case meaning software which can understand context of the user), then it is first necessary to understand concretely what is meant, as well as what are the other contexts of meaning. This may mean more in depth investigation on the part of the BA or developer, but it will pay off in dividends!
This provides some context around the value of Agile development. Closer and frequent communication with the user increases the likelihood of understanding what the user meant. Regular feedback by the user provides the opportunity to discover word meaning differences. The greater the number of users involved increases the likelihood of discovering more contexts. Often this is the reason for a number of "discovered" stories along the Agile path of development.
-- Happy Coding!
It is 10pm... Do you know where your data is?
I have been a heavy user of google and it's products for some time. This is very interesting on its own since when Microsoft came out with Passport and HailStorm years ago... My response was... "heck NO!" you're not keeping all my data. It is interest, as they had some services but nothing significantly compelling to me. Yet, over the years google hasn't asked to store all my stuff... they didn't have a huge marketing campaign, yet some how they have all my data. I now use they're gmail, calendar, I use and share notebooks, I've used their payment capabilities, I blog on their site, I use their phone services through GrandCentral... they know everything about me. I came to this comparison and realization recently and well... I'm not sure if I am scared yet or not, but that is a subject for another post.
"What's in a name? That which we call a rose By any other name would smell as sweet." - Shakespeare
So on to the main point of this post. I have convinced several other partners to switch from yahoo group calendar to the google calendar. One of them was lost in how to get to this shared calendar so I proceeded to explain via email how the google calendar is used. This resulted in the following statement by me:
It is a little complicated to write about because there needs to be a distinction between a "calendar" of time and a "calendar" which represents a thread of interest through time :)It made me reflect on how many every day terms we use in English are so abstract.
The essences of Chairness
If you ever read Plato, you know what I mean... The word chair means what you usually think it means. However as Plato puts it, what do you think of when someone says chair. Does it have 4 legs, or 3? Does it have a back to it? If you started picking it apart (remove a leg, etc.), at what point does it cease to be a chair? This isn't made to be too philosophical. The point is some times it is difficult for us to use an abstract term and worse, sometimes words are more abstract then we think they are. Where a chair could paint the same mental picture for 2 people, the concept of what is core to the essences of chairness is likely different.
The trouble with Users
Here in lies the trouble with users. There really isn't an issue with users. They mean what they said and they are paying the bills. However often they say calendar and they mean calendar of time and often a developer sees the bigger picture and sees the need for a calendar to represent a thread of interest. There are a number of issues at this point:
- The user and developer understand the words of the domain to have different meanings.
- Even, as often is the case, the developer is astute enough to realize that their is a disconnect, words do not exist to delineate between the concepts. This leads to:
- Lengthy discussions where the user is dumbfounded, where both parties are asking themselves why doesn't he get it!
- Frustration
It is just interesting how often this situation happens. Often the issue is context. Where context provides the meaning or at least a deeper meaning. But sometimes not. In the example of the calendar, it is tough to say that context would provide greater meaning. This issue is further exacerbated with specific domains where context does matter.
Several years ago, I worked on a life science project working with a lab on transcription profiling. During this engagement a couple of us worked with several top Ph.D.s in the field to help automate the process. It was necessary to understand the word "Allele" and its domain. Although there are aspects about an Allele which were easy to agree upon. The other aspects were dependent on who you talked to and on which day... it didn't take long to realize that it was really a matter of context which provided its mean.
Clarity of Thought
If there is a point to this current blog it would be this: In order to write software... even flexible software (in this case meaning software which can understand context of the user), then it is first necessary to understand concretely what is meant, as well as what are the other contexts of meaning. This may mean more in depth investigation on the part of the BA or developer, but it will pay off in dividends!
This provides some context around the value of Agile development. Closer and frequent communication with the user increases the likelihood of understanding what the user meant. Regular feedback by the user provides the opportunity to discover word meaning differences. The greater the number of users involved increases the likelihood of discovering more contexts. Often this is the reason for a number of "discovered" stories along the Agile path of development.
-- Happy Coding!
Monday, February 11, 2008
2008 Technology Predictions
So after a month of reading a number of articles making there 2008 predictions, I feel compelled to share my predictions. I have the added advantage which comes to those who procrastinate... however there isn't much new over the last month.
- Larger portion of the Java community will move towards Java 5 /6, taking advantage of more of the language changes.
- Increased adoption of groovy users
- Spring framework increases in use... leaving in their dust SEAM and Guice.
- Spring MVC and Webflow becomes the new Struts (from a popularity standpoint)
- It will come down to WebFlow and JSF
- It will be interesting to see what grails does to this prediction
- Late 2008 will have a number of negative news feeds on SOA.
- This will be geared around failure of large initiatives.
- It may be 2009... depends on the economy
- Flex use increases
- MSFT will start the get the RIA facts in an effort to take over this space.
- Vista will continue to have trouble
- It will be interesting to see what MSFT does when the XP isn't available for purchase any more.
- with the OEM ending in June 2008, I expect that MSFT will extend it... after a period of pain :)
- JBoss and OSS in general will increase in use.
- The economy will be the driver for this.
Tuesday, February 5, 2008
Java 6 Web Service Security Alert
This isn't how I envisioned starting this new blog...
It appears that there is a fresh security warning from Sun regarding security issues with xml parsing in Java 6 (update 3 or earlier). It does not affect Java 5 or eariler.
Details from Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1
Details from SecLists:
http://seclists.org/bugtraq/2008/Feb/0007.html
It appears that there is a fresh security warning from Sun regarding security issues with xml parsing in Java 6 (update 3 or earlier). It does not affect Java 5 or eariler.
Details from Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1
Details from SecLists:
http://seclists.org/bugtraq/2008/Feb/0007.html
Subscribe to:
Posts (Atom)