P2: A Lot of Pain, No Gain

19. May, 2008

If you’re an Eclipse user, you probably heard of p2. There seems to be two groups of people: Those who adore it and those who hate it. I’m in the latter group. Here are my reasons:

  1. Where do I get the installer? There is no explanation on the Getting Started page. Try this link.
  2. The 3.4M7 release doesn’t even start on Windows because it’s broken.
  3. The installer fails if the directory to install to doesn’t exist, yet. Hey, it will be fixed after the 3.4 release!
  4. When I tried a shared install, it crashed. That’s supposed to be fixed but I didn’t dare to try again.
  5. Not enough? Well, if any of the downloads times out, you have to delete the install directory and download everything again (Bug 231826).

So I’ve downloaded four (4) versions of P2, tried them and all of them failed before I could even start Eclipse.

Banana-ware: Harvested before ripe, delivered green and ripes on the customer’s computer.

Leave a Comment » | Software | Tagged: | Permalink
Posted by digulla

Generative Art from Neural Networks

15. May, 2008

One impressive piece of art on YouTube: “generative art from neural networks

Leave a Comment » | Software | Tagged: | Permalink
Posted by digulla

Link: “Karl Fogel explains how to herd cats”

11. May, 2008

See this post in Paul Harrison‘s blog.

It basically explains the biggest mistakes in leading an Open Source Software (OSS) project.

Leave a Comment » | Software | Tagged: | Permalink
Posted by digulla

The Source of Life

11. May, 2008

Remember Conway’s Game of Life?

This video from YouTube made follow a trail of pages until I ended up here. Don’t bother to follow the link if you’re still surfing with IE.

After playing with the page for some time, try this link. It will start Ghost Diagrams with a special set called Rule 110. According to this page, Rule 110 is actually “a cellular automaton known to be capable of universal computation.”

An image says more than a thousand words (if you can’t see it, you’re using the wrong browser):

What does this look like? Chaotic yet orderly. The order is not only because of the shape of the tiles. When you watch it grow, you see order and chaos grow, fight with each other. For me, it looks a bit like evolution. It has a memory (the part of the shape that doesn’t change), you can see parts grow up and break down, patterns emerge and vanish.

This mimics atoms and molecules which are also way to simple to “understand” what they do. They just arrange in patterns which make “sense” (for an atom). And after 14 billion years, the human who wonders how such simple rules could create something as wonderful as the spark of understanding.

Leave a Comment » | Software | Tagged: | Permalink
Posted by digulla

Complexity Budget

8. May, 2008

Are you a human? If not, then this is probably not for you.

If you are, then you have a “complexity budget“. I define it a little bit differently than the author of the article. My definition is that you can spend only so much on understanding something. Example. What does this little C program do?

_(__,___,____){___/__1&&___%__<___/__?_(__,1+
___,____+!(___/__%(___%__))):___<__*__?_(__,___+1,____):0;}main(){_(100,0,0);}

It prints the primes below 100. And it blows the complexity budget. C++ also often blows the complexity budget. A friend of mine once said: “To understand C++, you have to be a C++ compiler.”

Java once was a simple language but the wise guys with a sun-burn (from being exposed too long to the sun, get it?) decided to do something about it and came up with Generics. And since they weren’t sure that this would indeed make the language too complex, they added annotations on top of that. Excellent move!

But it didn’t work. There are still too many people who use and understand Java. So they came up with JSR 308 which allows you to use annotations in even more places to write code like this (from this article):

@NotEmpty List strings
        = new ArrayList();

If that doesn’t do it, nothing will.

On a positive side note, in Groovy, I can not only register an annotation processor (AP) in the compiler, I can even manipulate the AST from the AP, allowing to create code like this:

@GroovySQL(type=DemoType.class)
def load(long id) {
    return """select * from demo_table where id = ${id}""";
}

That doesn’t return a string but an object of type DemoType filled with the data from the database. Life can be so simple.

And to the guys from Sun: Thanks a lot! We really appreciate your help! 🙂

Links: Article by Michael Nygard about JSR 308

Leave a Comment » | Software | Tagged: , | Permalink
Posted by digulla

Automatically Hacking Computers

25. April, 2008

Imagine, you had access to the Windows Update servers. What could you do?

No, no write access. Just read access.

Not to the harddisk or the OS, just the normal patch download access via HTTP.

You could automatically hack any software that Microsoft patches (or anyone who supplies security patches for their software for that matter).

Confused?

Okay. Follow along on a little thought experiment. Security patches contain fixes for security bugs. Security bugs allow to do bad things with your computer like turning it into a spam zombie. Or make it steal your bank account data. Or allow someone you’ve never met to put illegal stuff on your computer like stolen music or pr0n.

The security patch fixes that. But there is a catch. The security fix is a little piece of program with instructions how to install it. Basically, it replaces a piece of program that is already on your computer.

How could someone possibly abuse this? Isn’t the security hole fixed after the patch?

Actually, for the kind of attack we’re talking about here, this is irrelevant. What is interesting is this: The patch is almost identical with the program that you already have. The difference is a few bytes which fix the security hole.

While it is usually very hard to find a security hole in a program (you’d have to analyze a whole lot of code), the security patch is actually a map to the hole. It tells you exactly what was broken and how it was fixed.

That allows for two kinds of attack: First, you can now easily write a program which can successfully attack all computers which don’t have the patch, yet. And you can check if the guys made a mistake with the fix. If they did, you now have a perfect recipe for disaster.

To make things worse, there is only a limited amount of ways to make a program break in such a way that you get a security hole. This means: It is possible to write a program which compares the original code and the patch and which comes up with a virus for the hole which has just been fixed (or not). Automatically.

This program could just sit there, watch the Windows Update servers, wait for a new patch to come up, create a virus from that and distribute it to already cracked websites.

Scientists from three different universities were able to show that it is actually possible to do this.

For you, this means two things: Firstly, whenever a security patch is available, you must install it immediately. Secondly, you must not visit any website until you have installed all available security patches. Otherwise, you’re risking to be infected by visiting an innocent website that someone has hacked. Remember, those are vulnerable to the same kind of attack: A cracker could have gained access to the computer of one of the administrators of the site with the attack described above and could have got a copy of the password with the help of a keylogger.

In a few years, we’ll have an immune system for the Internet.

Or we won’t have an Internet anymore.

Leave a Comment » | Software | Tagged: | Permalink
Posted by digulla

Creating a Visual XML Editor

23. April, 2008

A long time ago, I’ve complained about XML editors and that there is no decent XML editor out there which you can use as the basis for a nice visual editor for your custom XML format.

It seems my prayers have been heard.

Leave a Comment » | Software | Tagged: , | Permalink
Posted by digulla

Rewind for GDB

17. April, 2008

Every developer has used a debugger once in a while. And sometimes, you had this “stepped once too many” problem: You ran your code too far. Since there is no way to go back, your only option was to start all over again.

A guy called “teawater” has just published a patch for GDB which does just that: It allows to reverse the program execution. Kind of an undo for the CPU registers, stack and memory. Can’t wait to see this for Java!

Leave a Comment » | Software | Tagged: , | Permalink
Posted by digulla

IllegalStateException: The PluginDescriptor for the plugin … was not found

14. April, 2008

Ever saw this error?

java.lang.IllegalStateException: The PluginDescriptor for the plugin Plugin [org.apache.maven.plugins:maven-resources-plugin] was not found.
        at org.apache.maven.plugin.DefaultPluginManager.addPlugin(DefaultPluginManager.java:325)
        at org.apache.maven.plugin.DefaultPluginManager.verifyVersionedPlugin(DefaultPluginManager.java:212)
        at org.apache.maven.plugin.DefaultPluginManager.verifyPlugin(DefaultPluginManager.java:176)
        at org.apache.maven.lifecycle.DefaultLifecycleExecutor.verifyPlugin(DefaultLifecycleExecutor.java:1274)
        at org.apache.maven.lifecycle.DefaultLifecycleExecutor.getMojoDescriptor(DefaultLifecycleExecutor.java:1542)
        at org.apache.maven.lifecycle.DefaultLifecycleExecutor.bindLifecycleForPackaging(DefaultLifecycleExecutor.java:1033)
        at org.apache.maven.lifecycle.DefaultLifecycleExecutor.constructLifecycleMappings(DefaultLifecycleExecutor.java:997)
        at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoal(DefaultLifecycleExecutor.java:477)
        at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalAndHandleFailures(DefaultLifecycleExecutor.java:330)
        at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeTaskSegments(DefaultLifecycleExecutor.java:291)
        at org.apache.maven.lifecycle.DefaultLifecycleExecutor.execute(DefaultLifecycleExecutor.java:142)
        at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:336)
        at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:129)
        at org.apache.maven.cli.MavenCli.main(MavenCli.java:287)

When you see this, check:

  1. That the JAR file of the plug-in is okay and that it contains a file META-INF/maven/plugin.xml
  2. That the pom.xml of the plug-in exists and is valid.
  3. That all parent POMs exist and are valid.

Good luck. I’ve opened this issue to get a better error message.

4 Comments | Software | Tagged: | Permalink
Posted by digulla

Do Not Reply

25. March, 2008

Do not send mails to donotreply.com

Oh, you don’t?

Sure?

Really?

Well, just make sure that none of the many applications and servers you’re running doesn’t send mails with “ignore@donotreply.com” in the mail header as a hint to the recipient that they should not reply to this mail.

Because if you don’t do that, someone will get a lot of mail from your business and some of that mail (error messages, security information, etc) is of the type you don’t want to leak.

I especially like the post about the Department of Homeland Security. If people like that “protect” America, then I understand why the General Public puts so much emphasis on religion and faith.

And who is this General anyway? 😉

Leave a Comment » | Software | Tagged: | Permalink
Posted by digulla

« Previous Entries
Next Entries »