Sunday, October 23, 2005

Get a better handle on Struts actions, with Spring

Struts Recipes co-author George Franciscus is back with another great Struts integration recipe -- this time for importing Struts applications into the Spring framework. Follow along as George shows you how to revamp Struts actions so they can be managed just like Spring beans. The result is a boosted web framework that easily reaps the benefits of Spring AOP

JSF is second to Struts. The rest are far behind

JSF may not be beating Struts but it is head and shoulders above everything else

30Gigs was created with the vision of having an �All-in-One� site in mind � catering more towards the webmaster and hardcore computer users. It is a free service that combines personal file storage, GD2 signatures, and anonymous e-mail service. The long term goal would be increasing the space to an eventual 50GB or 100GB. It is still in heavy beta mode. One feature that spammers love would be the ability to send e-mail from any address that you want

Get started with Geronimo

Apache Geronimo is a large open source project with an active development community and a growing user community, which a new user might find overwhelming. Even seasoned Java� 2 Platform, Enterprise Edition (J2EE) developers can sometimes find themselves lost amid the bustle of this burgeoning project. This guide gives you, the new Geronimo user, a single, easy-to-follow starting point for all your Geronimo needs. You'll also find answers to your Geronimo development questions, ranging from rock-bottom beginner-level topics to how to become a Geronimo committer. Strap yourself in, and take Geronimo for a spin."

Build a dynamic Derby application

This tutorial shows you how to build a dynamic Java analysis application that connects to Apache Derby. Explore the dynamic way the database stores new application logic, changing the logic of the database without touching the core client program. And learn about Java archive (JAR) signing and how to provide security for the application that uses hot-swappable .jar files

Build Your Own Social Apps?

Build Your Own Social Apps?

Is it the end for the current crop of web frameworks?

Spring MVC, Web Work, Cocoon, Tapestry et al provide us with great frameworks to build our web applications on, but are these frameworks the way forward or are they the last remnants of the old republic

YourKit Java Profiler 5.0 Released

CPU and memory profiling has never been easier, and smarter at the same time. YourKit has developed a revolutionary approach to profiling of applications on both development and production stages, bringing unparalleled benefits to professional Java developers, on all platforms: Windows, Linux, Solaris SPARC/Intel, Mac OS X.

Wednesday, October 05, 2005

Performance Analysis of J2EE Applications Using AOP Techniques

In a complex distributed computing environment like J2EE, it is very difficult to pinpoint the component that is causing a performance bottleneck. Applications can be profiled by including instrumentation code manually, but this could be cumbersome and time-consuming, and might impact the stability of the application itself. Aspect-Oriented Programming (AOP) technology can be elegantly and effectively applied for performance analysis, as illustrated by Davies et al.

Aspect-oriented programming allows the programmer to inject pieces of functionality into existing code. This can be done either during compile time (AspectJ) or during run time (Aspectwerkz). The functionality that is injected typically addresses cross-cutting concerns spread among existing code pieces. In AOP terminology, such functionality that can be injected into existing code is termed an advice. The point of execution in the existing code where the advice needs to be applied is termed a point-cut. The point-cut together with an advice is termed as an aspect. For more information on AOP, refer to Graham O'Regan's ONJava article "Introduction to Aspect-Oriented Programming."

In this article we demonstrate the use of AOP techniques through which J2EE applications can be easily instrumented without any modifications to application code. We have developed a very simple tool to achieve the above objective. Since the instrumentation has very low overhead, this tool can be deployed in the staging environments to identify problematic Java method calls and SQL statements.

We describe the architecture of the profiling tool and then the advices that were developed to instrument the application. This is followed by an illustration of how the instrumentation can be added to the necessary method calls through point-cuts, and finally, we show some of the results obtained through this tool.

Saturday, October 01, 2005

Whirlycott - Philip Jacob � Yahoo Tries to Kill

Screen scraping with Perl LG #108

Screen scraping is a relatively well-known idea, but for those who are not familiar with it, the term refers to the process of extracting data from a website. This may involve sending form information, navigating through the site, etc., but the part I'm most interested in is processing the HTML to extract the information I'm looking for

U.S. state finalizes plans to phase out Office - Computerworld

The commonwealth of Massachusetts has finalized a proposed move to an open format for office documents, a plan that involves phasing out versions of Microsoft Corp.'s Office productivity suite deployed in the state's executive branch agencies

CSS Techniques Roundup - 20 CSS Tips and Tricks

I never cease to be amazed at what problems can be solved with pure CSS. Here are 20 CSS techniques, tips and tricks that you may find handy

Questions and Answers from 2003 "iSeries and AS/400 Master Developer Seminar Series-SQL for iSeries Fundamentals by Paul Conte" Sessions

Ajaxian: AjaxAnywhere: Ajaxian JSP Components

AjaxAnywhere is designed to turn any set of existing JSP components into AJAX-aware components without complex JavaScript coding. In contrast to other solutions, AjaxAnywhere is not component-oriented. You will not find here yet another AutoComplete component. Simply separate your web page into multiple zones, and use AjaxAnywhere to refresh only those zones that needs to be updated.

Mark 'reload-capable' zones of a web page with AjaxAnywhere custom tags.
Instead of submitting a form in traditional way, do it by AjaxAnywhere javascript API.
During request processing on the server-side, determine the zones to refresh. (You can implement this logic either on the client-side via JavaScript or on the server-side, via AjaxAnywhere API.)
On the server-side AjaxAnywhere will generate an XML containing only the 'updated' HTML.
On the client-side AjaxAnywhere javascript will receive the XML, parse it and update the selected zones. "

Russell Beattie Notebook - AOL Going

When I wrote about AOL Rising a few weeks ago, it didnt dawn on me that what they were really doing is prepping themselves up for a sale. Reports are today that talks are under way with MSN, Google and who knows what the guys two floors down from me at Yahoo! are doing as well.
Google, it seems, would be the most obvious suitor to me. They need everything that AOL already has in order to continue to compete in the online media space. Yeah, they have their Search cash-cow at the moment, but thats an undefensible lead. The switching costs for someone to move from Google to Yahoo! Search are nil - I should know, Ive done it, I rarely use Google now and there was no real penalty involved in switching. Google is essentially an advertising company and needs to keep expanding its online media business, or get caught by competitors in the Search space and not have a backup. Snagging AOL would bring along some great assets that Google really needs, including the Netscape name (and campus down the street from Google in Mt. View), AIM, AOL Mail, AOL Mobile, multimedia assets, tons of content and tons of community services as well. Hell, what else is Google going to do with $4b in cash lying around? "

How To Run Programs From a USB Drive

IBM unveils new WebSphere product line

IBM unveils new WebSphere product line: "IBM unveiled its latest set of service-oriented architecture offerings yesterday, filling out its WebSphere product line with a lightweight, Java-based enterprise service bus (ESB) and a Business Process Execution Language (BPEL) engine. IBM also announced upgraded offerings for WebSphere Message Broker and its business modeling and monitoring tools.
New and upgraded offerings in the IBM SOA Foundation include:

-- The new, Java-based WebSphere Enterprise Service Bus.
-- The new WebSphere Integration Developer, an Eclipse-based tool for the development and integration of composite applications.
-- The new WebSphere Process Server, a BPEL engine that coordinates business processes with the new ESB, is built in to provide the messaging backbone.
-- The new WebSphere Everyplace Deployment, which monitors events in the application layer and sends alerts out to XML edge devices.
-- The upgraded WebSphere Message Broker.
-- The upgraded WebSphere Business Modeler, which allows business processes to be modeled prior to development.
-- The upgraded WebSphere Business Monitor, which provides a dashboard view of Web services performance."

IBM Pattern Modeling and Analysis Tool for Java Garbage Collector : Overview

IBM Pattern Modeling and Analysis Tool for Java Garbage Collector (PMAT) parses IBM verbose GC trace, analyzes Java heap usage, and recommends key configurations based on pattern modeling of Java heap usage.
When the JVM cannot allocate an object from the current heap because of lack of space, a memory allocation fault occurs, and the Garbage Collector is invoked. The first task of the Garbage Collector is to collect all the garbage that is in the heap. This process starts when any thread calls the Garbage Collector either indirectly as a result of allocation failure or directly by a specific call to System.gc(). The first step is to get all the locks needed by the garbage collection process. This step ensures that other threads are not suspended while they are holding critical locks. All other threads are then suspended. Garbage collection can then begin. It occurs in three phases: Mark, Sweep, and Compaction (optional).
Verbose GC is a command-line option that one can supply to the JVM at start-up time. The format is: -verbose:gc or -verbosegc. This option switches on a substantial trace of every garbage collection cycle. The format for the generated information is not designed and therefore varies among various platforms and releases.
This trace should allow one to see the gross heap usage in every garbage collection cycle. For example, one could monitor the output to see the changes in the free heap space and the total heap space. This information can be used to determine whether garbage collections are taking too long to run; whether too many garbage collections are occurring; and whether the JVM crashed during garbage collection. "

Effective Ajax slides and examples online

Your last line of Java? is running a survey asking when you think youll write your last line of Java code. The bulk of the answers are between 5 and 20 years from now. My answer was between 2-5 years, because I cant see Javas glacial pace of change keeping up with more interesting languages, like Ruby or Python. While Im certainly just one person staring into the void, I think Javas lifespan depends on the framework builders. Once they move on, Java should fade, albeit slowly.

Also, System Mobile is slowly moving from services to products, where the implementation language doesnt matter as much. (It might matter if we get purchased, however. ) When do you think youll sling your last line of Java? Do you think itll be to foresake code altogether to move into management or a new career?

The Six Dumbest Ideas in Computer Security

There's lots of innovation going on in security - we're inundated with a steady stream of new stuff and it all sounds like it works just great. Every couple of months I'm invited to a new computer security conference, or I'm asked to write a foreword for a new computer security book. And, thanks to the fact that it's a topic of public concern and a 'safe issue' for politicians, we can expect a flood of computer security-related legislation from lawmakers. So: computer security is definitely still a 'hot topic.' But why are we spending all this time and money and still having problems?

Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying 'trying to ignore reality.' Frequently those misguided attempts are sincere efforts by well-meaning people or companies who just don't fully understand the situation, but other times it's just a bunch of savvy entrepreneurs with a well-marketed piece of junk they're selling to make a fast buck. In either case, these dumb ideas are the fundamental reason(s) why all that money you spend on information security is going to be wasted, unless you somehow manage to avoid them.

For your convenience, I've listed the dumb ideas in descending order from the most-frequently-seen. If you can avoid falling into the the trap of the first three, you're among the few true computer security elite.

Top Ten Things You Can Do To Get Blogged

Our primary goal here at TechCrunch is to profile new web 2.0 companies. Finding and experiencing what new companies have to offer is exciting for us. It what gets us up in the morning. We are honestly deeply passionate about this stuff.
Usually, the passion, drive and intelligence of the creators is reflected in the company or product they create. And even if a product is very young and/or doesnt necessarily have a high chance for commercial success, there are usually features that carry our mutual thinking on web 2.0 further along. We try very hard to dig for those forward-thinking features and highlight them on this site. Doing one thing in a spectacular and inspiring fashion and nine things stupidly is far, far better than doing ten things well. Well is boring.

How We Find Companies to Profile

We find new companies primarily in three ways. First, we scour hundreds of blog and news feeds daily to see whats new. Second, we get a number of tips (often anonymously) about new stuff usually these are the most interesting new products. The third way is a direct request from the company itself.
We receive on average 5-10 email requests a day to be profiled. Usually well write about one of these, meaning if a company sends in an email request to be profiled, they have a 10-20% chance of getting up on the site.
This is not a hard rule but more of an observation. I believe that if more companies approached us differently, a much higher percentage would be blogged. Ive decided to humbly submit my advice on how to approach us in requesting a profile - I think this advice will work well with other bloggers as well Handling Java Web Application Input, Part 1

Inadequate data validation is the most common cause of security exploits suffered by web applications today. A staggering fact is the high number of applications exploited through weak validation. This is due to the simplicity of such an attack. No longer do attackers have to spend vast amounts of time researching ways to circumvent the security infrastructure of an application. An attacker can use freely available tools to scan for vulnerable websites. Using these findings, an attacker can use a web browser to ghost straight through firewall rule sets on port 80, altering the intended behavior of an application. This is true never more so than today. There are a multitude of technologies and frameworks available. Engineers are under increasing pressure to complete work on time, and hence place a heavy reliance on such tools. However, such technology may not adequately deal with user input to meet all cases, and as a result may introduce unintentional security vulnerabilities. Therefore, it is of paramount importance that secure coding practices are in place to close any possible doorway that permits such nefarious attacks to take place

Learning Linux for better Java

Everyday more and more companies are looking at Linux as a means to lower their operational cost. Adding to your Java skills-set with a better understanding of Linux is a very good idea. Here is a brand new series of tutorials to help you learn Linux fundamentals . These eight tutorials cover the Linux kernel, file and service sharing, system

Learn XQuery in 10 Minutes - by Dr. Michael Kay

This article is for all those people who really want to know what XQuery is, but don't have the time to find out. We all know the problem: so many exciting new technologies, so little time to research them. To be honest, I hope that you'll spend more than ten minutes on it but if you really have to leave that soon, I hope you'll learn something useful anyway

FindBugs Fact Sheet

FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons:
Difficult language features
Misunderstood API methods
Misunderstood invariants when code is modified during maintenance
Garden variety mistakes: typos, use of the wrong boolean operator
FindBugs uses static analysis to inspect Java bytecode for occurrences of bug patterns. We have found that FindBugs finds real errors in most Java software. Because its analysis is sometimes imprecise, FindBugs can report false warnings, which are warnings that do not indicate real errors. In practice, the rate of false warnings reported by FindBugs is generally less than 50%.

Tom Ball's Blog: JFind: a simple jar file locator

General tip: Finding the version of a JAR

When you're converting an existing Ant project to Maven, one of the first tedious task is to find out the version of the jars that you had been using. Of course you can try to open the JAR and look for the Manifest file but alas in most cases the version is not filled...