When Maven Crashes Eclipse

8. August, 2011

If your Eclipse IDE suddenly crashes with an error in java.util.zip.ZipFile.getEntry() chances are that you’re hit by this bug: Crash in ZipEntry when some other process changes the ZIP File at the same time

Workarounds:

  1. Close Eclipse when you build your projects with Maven from the command line
  2. Disable automatic refresh (Preferences -> General -> Workspace -> Refresh using native hooks or polling)

 

1 Comment | Software | Tagged: , , | Permalink
Posted by digulla

Some Software You Should Know When You Work on DSLs

8. August, 2011

DSLs is all the rage but it seems the technology is actually useful 🙂 So here is some stuff that you’d probably want to know about:

Intentsoft created a workbench which can capture business information in the way the business wants.

JetBrains did something similar called Meta Programming System or MPS.

Want to know more about your own code base? Try MoDisco or Moose.

Lastly, using LL parsers is usually a big pain. Syntax Definition Formalism or SDF is another approach to define a syntax which avoids many of the problems of context-free grammars.

Leave a Comment » | Software | Tagged: , , , , , , | Permalink
Posted by digulla

Patently Unpatentable: Selecting Keyboard Layouts

4. August, 2011

Attaching USB keyboards to a computer is still a nasty business because you have to select the correct layout for it.

My solution: Add a special command to the keyboard which allows to download the layout (you get the key code and a symbol per key).

Since that is probably too simple (proof: the PC industry didn’t implement it years ago), here is a better solution: If the computer has a webcam, the user plugs the keyboard into a free USB port. This makes the driver activate the camera. The user can then show the keyboard to the PC. A simple OCR software will determine which key is where and load the appropriate layout. The quality of the OCR can be improved by analyzing the layout files and comparing them to the image.

If no layout can be found, the OCR can be used to find a very similar layout and then the few remaining keys can be assigned.

If there is no webcam, users can make a photo with their mobile phone or digital camera and use that.

Cool, eh? And best of all: This can’t be patented anymore.

Worst of all: Someone might already have a patent on this.

Leave a Comment » | Software | Tagged: , , , , | Permalink
Posted by digulla

Tools To Analyze Java hs_err Files

28. July, 2011

Java crash dumps contain lots of valuable information but one thing is missing: The versions of the libraries installed.

I’ve started a new project on github to gather this info from a hs_err_pid file: Java-hs_err_pid-List-Library-Versions

Currently, only Debian is supported.

 

 

Leave a Comment » | Software | Tagged: , , , | Permalink
Posted by digulla

Who is Responsible For Data Theft?

22. July, 2011

Would you like to see your name, address, birth date and email on a public bill board? On the main street? What if the bill board is behind a big sign “don’t read this”?

If that worries you, why do you give your data to web sites of big companies? Many of them, even the big ones, show very little interest in keeping your contact detains secure. Many sites are still vulnerable to cross site scripting or SQL injections.

If anyone puts your life or privacy at risk, they are liable – except when web sites are involved. Even if they violate common sense and even the most basic rules of security, the worst that can happen is that they have to apologize. Pollute some fish? To Jail! Lose 300 million customer records? Oops, sorry about that.

Paul Venezia asked an interesting question: Should companies be accountable for the security risks they take? He says:

In the United States, at least, very specific laws govern patient information and how it is stored, accessed, and disseminated. HIPAA regulations were put into place to ensure that sensitive patient information isn’t distributed to just anyone — that is, only to the people who need that information. They also prevent health care providers from discussing any type of patient information with anyone else. They were explicitly designed to protect patients, and each patient must sign a waiver to authorize the release of that information to another person or party. Yet we have no regulations on the storage, access, and dissemination of sensitive user information on public websites — none. Thus, there’s almost no business case for providing any form of high-level security for customer accounts.

Interesting thought. I have two comments:

1. Not individual developers should be liable but the company which runs the site. It should be in their best interest to keep their data secure.

2. Today, it’s too complex to create secure web sites. Yesterday, I used renderSnake to create some HTML. If you supply a string value for output, the default is not to escape HTML special characters like <, > and &.

Creating a login component for a web site is pretty complex business and there is a no reasonable tutorial or template component which you could use that gets most security issues right like:

  1. Transmitting the password via HTTPS (encrypted) instead of using plain text (which anyone in the same LAN can read)
  2. Encrypting the password before it’s stored in the database
  3. Storing the password with a salt to make it harder to attack it with rainbow tables
  4. Escaping special characters in user names and password to prevent cross site scripting or SQL injection.
  5. Avoiding security questions like “Name of your cat?” More than 50 people know the name of my cat! The name might even be on the web somewhere (possibly next to a photo on Flickr) How secure is that?
These are the basic rules to make your web site safe against identity theft. It would be simple to create a law saying “if you violate the rules named once per year by a committee of experts, you’re liable for a hefty fine”. If that would happen, I’d support it.

Leave a Comment » | Software | Tagged: , , , | Permalink
Posted by digulla

Secure File Transfers with FTAPI

15. July, 2011

If you need to distribute files in your project, the problems are always the same:

  • How do I make sure a file is transferred at all?
  • Or just once?
  • That the whole file is transferred (and not only part of it)?
  • That no one can temper with the content while it is being transferred?
  • How can I get a received receipt?
  • How about encryption to prevent uninvited visitors from looking at the data?
  • Too big for mails?

Some people use FTP. FTP is a protocol designed for humans. It’s completely, utterly unsuitable for this task. If a software developer suggest this “solution”, it’s a red flag for incompetence.

SSH based protocols are better but they also don’t solve all the problems.

Enter FTAPI, the “rock solid data transfer” framework.

Leave a Comment » | Software | Tagged: , | Permalink
Posted by digulla

Taming Java GC

14. July, 2011

Taming the Java garbage collector (GC) is still one of the most mysterious areas of the Java VM. Aleksey Ragozin has published an excellent series of articles about the topic. Here are my favorites:

1 Comment | Software | Tagged: , , , , , | Permalink
Posted by digulla

Smart Thoughts About Logging

13. July, 2011

Archanaa Panda wrote a good piece on logging and how to avoid some of the many pitfalls: High Performance And Smarter Logging

While the article is about log4j, most of it (except for the “if (log.isDebugEnabled)” part) still applies even if you’ve already moved to slf4j. I especially like that she enumerates all the various goals that you try to achieve with logging.

 

 

Leave a Comment » | Software | Tagged: , | Permalink
Posted by digulla

New Website for Maven Tools For Eclipse (MT4E)

13. July, 2011

My Maven Tools for Eclipse (MT4E) project has now a wiki page: http://wiki.eclipse.org/Maven_Tools_4_Eclipse

And I’ve started to convert the tools from Python to Groovy.

 

 

Leave a Comment » | Software | Tagged: , , , , | Permalink
Posted by digulla

« Previous Entries
Next Entries »