The Sun JDK 6 on my Debian 4.0 system contains the following executables in its bin directory:

[weiqi@gao: /usr/lib/jvm/java-6-sun-1.6.0.06/bin] $ ls
amd64         java      jhat        jstat         rmic         unpack200
appletviewer  javac     jinfo       jstatd        rmid         wsgen
apt           javadoc   jmap        keytool       rmiregistry  wsimport
extcheck      javah     jps         native2ascii  schemagen    xjc
idlj          javap     jrunscript  orbd          serialver
jar           jconsole  jsadebugd   pack200       servertool
jarsigner     jdb       jstack      policytool    tnameserv

Some of these tools, such as javac, java and javap I use every day. Others, such as appletviewer and jdb, not so often any more. There are some I never used.

Today's quiz has multiple questions:

Q: for (String exe : aboveList) {
        What does exe do?
        Have you ever had any occasions to use it?
    }

Responses[3]

Posted by Weiqi Gao on May 16, 2008 7:59:31 AM CDT #

(Via St. Louis Unix Users Group discuss mailing list.)

Bojan Zdrnja on SANS Internet Storm Center: Couple of days ago Swa posted a diary about a critical Debian/Ubuntu PRNG security vulnerability.

Today Matt wrote in to let us know that H D Moore posted a web page containing all SSH 1024, 2048 and 4096-bit RSA keys he brute forced.

It is obvious that this is highly critical—if you are running a Debian or Ubuntu system, and you are using keys for SSH authentication (ironically, that's something we've been recommending for a long time), and those keys were generated between September 2006 and May 13th 2008 then you are vulnerable. In other words, those secure systems can be very easily brute forced. What's even worse, H D Moore said that he will soon release a brute force tool that will allow an attacker easy access to any SSH account that uses public key authentication.

But this is not all—keep in mind that ANY cryptographic material created on vulnerable systems can be compromised. If you generated SSL keys on such Debian or Ubuntu systems, you will have to recreate the certificates and get them signed again. An attacker can even decrypt old SSH sessions now.

The Debian project guys released a tool that can detect weak keys (it is not 100% correct though as the blacklist in the tool can be incomplete). You can download the tool from http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.

The bottom line is: this is very, very, very serious and scary. Please check your systems and make sure that you are both patched, and that you regenerated any potentially weak cryptographic material.

I haven't verified the validity of the claim made here. It's from an official sounding place. And if true, it represents real, big, problems—the kind of situation where you just want to pass on the information to everybody you know.

I don't have any keys generated on Debian during the period cited above. Even if I do, I would be reluctant to download a program from the internet and let it scan my private keys.

Use your judgement.

Responses[2]

Posted by Weiqi Gao on May 15, 2008 7:45:29 AM CDT #

Code To Joy has ignited a debate on the topic of You Should Learn New Languages. The post is in response to a Gustavo Duarte post titled Language Dabbling Considered Wasteful, which was carried on InfoQ four days ago.

As always, I claim that both sides have their points. When I read Gustavo for the first time, I said to myself, "I couldn't agree more." And when I read Michael's response, I said to myself, "That's totally what I want to say—fifteen years ago."

Yes, I'm setting this up as the opinion of the young vs. that of the old.

Here's what I imagine is going on in the minds of the young and the old. (I don't mean to disparaging either the young or the old, we were all young once, and hopefully, we all grow old eventually. Here's how to tell if you are young—when you jump up from your seat shouting "What do you mean I'm too young?" you are young. And old—"I'll let the young ones have fun.")

Young: There are so many new languages out there. They all look wonderful. Each one has a special claim to an unfathomable feature (like objects, or closure, or unification, or curried functions, or actors or agents) that will solve the world's problems. Must learn new languages.
Old: I've learned a couple dozen programming languages over the years. I've come to appreciate the unique qualities each bring to the table. The last few languages I learned seems to be reorganizations of features of languages that I already know: Ruby is just like smalltalk, Scala is just like OCaml. I'm sure I can learn C# as well as anybody if I was unfortunate enough to be put on a C# project.

Young: Bruce Tate says Ruby will kick Java's ass. Martin Odersky says Scala combines the goodness of OO with the goodness of functional programming. Plus he's a professor in a university. Herb Sutter says the free lunch if over. Paul Graham says Lisp is the bestest languages on earth. Groovy is totally groovy. Larry Ellison says the world will embrace thin-client network computers. Must learn new stuff.
Old: Niklaus Wirth said to go with Pascal. Richard Stallman won't program in anything but Lisp. Brad J Cox said Objective-C is a much better OO language than C++. Bill Gates and Steve Ballmer bet their multi-billion dollar company on XML and SOAP. DBase, Clipper, SQLWindows, PowerBuilder were all very popular at some point. See where they are now. I'm glad I chose C++ and Java, which had put the food on my table for the last twenty years.

Young: Learning new and different syntaxes are fun. Look, in Python and Haskell you use layouts for block structures, cool! In Scheme, you use nothing but parentheses for syntax. (+ 1 2 3 4 5) saves a lot of keystrokes from 1 + 2 + 3 + 4 + 5, cool! In JavaScript, you can alter a class through its prototype chain, cool! ... Must learn!
Old: It was fun for a while. I've seen them all. I'll read some Perl if I want to have fun. And there's always the obfuscated program that compiles under seven compilers—Fortran, C, Pascal, ... Underneath them all, are the same little machines that make everything work.

Young: In five years, my desktop machine will have 20 cores. The only language that will allow me to take advantage of them all is Erlang. Even Steve Vinoski said so. Must learn.
Old: In five years, I'll be seven years away from retirement. They'll never come up with a way to easily decompose arbitrary desktop client algorithms into parallel tasks. Plus, the missile guidance system and the satellite ground station I write were pretty reliable, it was all done in C!

Young: Scala is the scalable language. Must learn
Old: Call me when I can do code completion, refactoring and debugging for it in my IDE.

Of all the language I learned on my own time, C++ and Java are among the most profitable. Both landed me new jobs. Scheme is the most intellectually rewarding. It allowed me to get through the SICP. Bash, Gawk, HTML/CSS are the most helpful. I use them to write little throw-away scripts and to write this blog everyday.

Groovy, Ruby, Scala, and lately Clojure are my learning for learning's sake languages. I'm sure I'm a better programmer because of my learning experience. But I haven't profited from them. None of the languages have become my go-to language. And I believe I'm at least one year away from being proficient in anyone of the languages, the achievement of which probably requires me to work on an actual project mainly developed in that language. With a full time job doing Java and C++, and a family to feed, I can't afford to commit more of my spare time.

As Michael said, "That's not momentum. That, my friends, is inertia."

Alas. That's also reality. You will understand.

Responses[6]

Posted by Weiqi Gao on May 13, 2008 12:32:26 PM CDT #

Like in past years, I'm following JavaOne from afar. All I have access to are the general sessions and attendee's blog reactions to specific sessions on JavaLobby, java.net, JavaBlogs, and StuffThatHappens. And on Tuesday's session, I heard Danny Coward talking about new features for Java 7,

which, BTW, is scheduled for Summer of 2009.

This, I suppose, is the same talk as the one I mentioned 509 days ago. However, the scope has clearly shrunk quite a bit.

Today's quiz is a rhetorical one:

Q: What is your favorite new Java language feature that did not make it into Java 7?

I'll start with mine:

• XML literal (I'm virtually alone on this one, but still...)
• Properties (can anyone tell if it's in or not?)
• Reified types for Java generics (Erase Erasure, as I've call it 475 days ago)

Responses[5]

Posted by Weiqi Gao on May 9, 2008 8:05:19 AM CDT #

Scott Bale's presentation about Guice at the St. Louis JUG tonight is well attended and lively.

You can tell Scott liked Guice. He enumerated all the things about Guice that he liked at the beginning of the talk: small, simple powerful, type safe, no xml, easy to use, etc. It's been my experience that people either really like Guice, or they don't care for it at all.

Scott did the brave thing—he did the presentation mostly in Eclipse, with only a few slides. So once again this is one of those "you have to be there to appreciate it" deals.

The presentation is based around a set of simple examples that covers the basic features of Guice. Content-wise, this presentation is similar to what you can find in Google Video. The interesting bits are the conversations with the audience members. Jeff Grigg, Kyle Cordes, Michael Easter, Rob Smith, Dean Farwell, Jeff Cunningham, et. al. were on hand to make the evening a thought provoking and entertaining one.

As for me, I was too tired from moving my daughter back home from school this afternoon and couldn't focus too well on the code on the screen. And I caught the mentioning of Modules, Injectors, Annotations, Scopes, Providers, SINGLETONs, and the binding DSL. Oh, and we did not bash Spring Framework. Honest.

But no worries, the slides and code samples will be posted on the website in a moment.

Responses[1]

Posted by Weiqi Gao on May 8, 2008 10:49:35 PM CDT #

I was asked a JavaFX Script question yesterday that I think other people may encounter, especially the Mac OS X folks who are trapped in a non-"64-bit-Intel-Leopard" (Core Duo, P5, P4, etc.) machine (who are therefore still without a Java 6 JDK).

Q: I downloaded the JavaFX Script compiler from http://openjfx.java.sun.com/ (which seems to be down at the moment).
So I have a openjfx-compiler directory with dist/bin/javafxc and dist/bin/javafx inside it.
I'm trying code sample 1 from http://java.sun.com/developer/technicalArticles/scripting/javafx/ria_1/.
It compiles with javafxc, but when I run it with javafx I get the following.

Note that I'm using Java 1.5.
Any idea why this doesn't work?

I seem to remember the same problem being asked on the mailing list a while back. So I went to the mailing list archive to find the answer. Since it took me quite a bit time to find the answer, I thought I'd post the link here.

Tom Ball (on openjfx-compiler mailing list):

You need to compile with "-target 1.5" on the Mac, at least until Apple 
ships Java 6.  The compiler generates Java 6 versioned class files by 
default, since we are extending the latest version of javac.

Tom

Patrick Wright wrote:
> Hi
> 
> I have sync'd with the trunk, built the compiler, and was able to
> compile Jim Weaver's simple test program at
> http://learnjavafx.typepad.com/weblog/2007/11/developing-your.html.
> Trying to run it I get the following:
> 
>> javafx CompiledHelloJavaFX
> Exception in thread "main" java.lang.UnsupportedClassVersionError: Bad
> version number in .class file
>         at java.lang.ClassLoader.defineClass1(Native Method)
>         at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
...

Responses[2]

Posted by Weiqi Gao on May 7, 2008 1:46:10 PM CDT #

Although I've vowed not to post about closures anymore, I can't help but post one more quiz. I know Friday is mostly over for many of my readers, but there are still a few time zones left.

Without downloading Microsoft Visual C# 2008 Express Edition and compiling the following C# source file, answer the following question:

Q: Will the following program

public delegate int IntToInt(int i);

public class Foo {
  public static IntToInt fib =
    n => n == 0 ? 0 :
         n == 1 ? 1 :
         fib(n - 1) + fib(n - 2);

  public static void Main() {
    System.Console.WriteLine(fib(6));
  }
}

compile? Run? If so, what will it print out?

Responses[1]

Posted by Weiqi Gao on May 2, 2008 10:14:58 PM CDT #

The evolution of the Java programming language has been managed carefully (maybe too carefully) to avoid incompatible language changes. However, binary compatibility was given more consideration than source compatibility. In the words of one of the Java Posses, your class will continue to work as long as you don't recompile your code.

Q: Which of the following Sun JDK/JSDK/J2SDK/JDK upgrades contain code breaking language/library changes? Give an example snippet.

• Beta ⇒ 1.0
• 1.0 ⇒ 1.1
• 1.1 ⇒ 1.2
• 1.2 ⇒ 1.3
• 1.3 ⇒ 1.4
• 1.4 ⇒ 1.5
• 1.5 ⇒ 1.6

Responses[9]

Posted by Weiqi Gao on May 2, 2008 7:29:20 AM CDT #

Brian Goetz on openjfx-compiler mailing list:

I've been spending some time the last few days writing an
IntelliJ plugin for JavaFX.  So far, I've got it to:

  - recognize .fx files as belonging to JavaFX and associate
    them with the plugin;
  - Add the "new JavaFX Class" action to the new menu;
  - Invoke the JavaFX compiler to compile JavaFX files into
    your project's classes directory, alongside Java files;
  - Capture compilation errors and route clickable diagnostics
    back to the "Compilation Errors" pane.

This is all pretty trivial, but its a good start.  Next is the
hard one:

    hooking up the compiler to the editor.

Thank god for sample code.  There's hardly any docs.

When I make more progress I'll package it and figure out where
to check it in.  Right now, I'm packaging the compiler JARs in 
the plugin, which is probably less than optimal, but avoids
the step of configuring where the FX SDK is.

Add a comment

Posted by Weiqi Gao on May 1, 2008 7:48:08 AM CDT #