December 5, 2016
If you are using maven you may have been flabbergasted by an error like this
[ERROR] Non-resolvable parent POM: Failure to find at.test:test:pom:23 in https://repo.maven.apache.org/maven2 was cached in the local repository, resolution will not be reattempted until the update interval of central has elapsed or updates are forced and 'parent.relativePath' points at wrong local POM @ line 9, column 10
I had this error and was wondering why it was occurring? I had the parent artifact in my local repository. It was not missing. Maven did know this, because the log said
[DEBUG] Verifying availability of /home/stefon/.repository/at/test/test/23/test-23.pom from [central (http://repo.maven.apache.org/maven2, releases)]
So if I have the parent POM file in my repository and maven knows about it? Why are we getting an error?
As the file is not available on central, Maven will (correctly in my opinion) fail the build as the build would be non-reproducible.
So, what do we do if it is not possible to publish our parent pom artifact?
there is a CLI option that you can enabled in Maven 3.1.1 that tells Maven “I know what I am doing and don’t make that check this time” i.e. –legacy-local-repository
In other words:
mvn clean install --legacy-local-repository
Just remember: This is a hack and may break at any moment with a new maven version! There is an blog article where you can find other solutions for your problem
November 30, 2016
Java 8 is released since 2014. If you are working in an enterprise oriented company, chances are you are only now getting experience with usage of Java 8. You may ask yourself what this warning is telling you.
VM warning: ignoring option MaxPermSize=128M; support was removed in 8.0
Why is PermGen gone? An article of infoq.com tells you something of the reasoning behind this change.
November 22, 2016
If you are working behind a proxy and have to access git repositories on the internet via ssh (e.g. github), then you sooner or later (probably sooner) find out that this will not work out of the box. This is because you need to proxy your ssh connection. This summary on stackoverflow explains how to do this in a short but comprehensible manner.
November 10, 2016
The Rowhammer exploit is at least known since 2014 but only in the last months it seems that this exploit may be found out in the wild.
Row hammer (also written as rowhammer) is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly altering the contents of nearby memory rows that were not addressed in the original memory access. This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times.
Memory protection, as a way of preventing processes from accessing memory that has not been assigned to each of them, is one of the concepts behind most modern operating systems. By using memory protection in combination with other security-related mechanisms such as protection rings, it is possible to achieve privilege separation between processes, in which programs and computer systems in general are divided into parts limited to the specific privileges they require to perform a particular task. Using privilege separation can also reduce the extent of potential damage caused by computer security attacks by restricting their effects to specific parts of the system. [wikipedia]
In other words: Switching to another operating system or patching it may not solve the problem, because the root of the problem lies in the memory chips every which computer contain. An article on wired.com describes it like this
Both of those new attacks use a technique Google researchers first demonstrated last March called “Rowhammer.” The trick works by running a program on the target computer, which repeatedly overwrites a certain row of transistors in its DRAM flash memory, “hammering” it until a rare glitch occurs: Electric charge leaks from the hammered row of transistors into an adjacent row. The leaked charge then causes a certain bit in that adjacent row of the computer’s memory to flip from one to zero or vice versa. That bit flip gives you access to a privileged level of the computer’s operating system.
lwn.net is reporting that linux kernel developers are trying to mitigate the exploit.
An intriguing alternative turned up on the linux-kernel list, though its nature wasn’t immediately clear. Pavel Machek asked a question that raised some eyebrows: “I’d like to get an interrupt every million cache misses… to do a printk() or something like that.” Developers naturally wondered what he was up to. The answer turns out to be an in-kernel Rowhammer defense.
September 27, 2016
Infoq.com has a nice little intro and tutorial to reactive programming in Java with the RxJava library.
- Reactive programming is a specification for dealing with asynchronous streams of data
- Reactive provides tools for transforming and combining streams and for managing flow-control
- Marble diagrams provide an interactive canvas for visualizing reactive constructs
- Resembles Java Streams API but the resemblance is purely superficial
- Attach to hot streams to attenuate and process asynchronous data feeds
Also you should checkout the RxMarbles website which interactivly visualizes the reactive functions.
September 8, 2016
Mozilla has an interesting project called flyweb. If you want to know what it is about and why you should have a look at it watch this video.
This specification aims to allow web applications to connect with and communicate to each other over local-area transport protocols. In particular, this specification aims to bring the web’s client/server application model to inter-device communication. The web’s application architecture enables an application running on a server to dynamically and incrementally send application state and logic to an intermittently connected client. This model enables a powerful multi-homed application architecture.
July 12, 2016
Matthew Garrett blogged about how the review system on amazon can be exploited by companies via free or discounted products.
It’s hard to avoid the conclusion that Amazon’s review model is broken, but it’s not obvious how to fix it. When search ranking is tied to reviews, companies have a strong incentive to do whatever it takes to obtain positive reviews. What we’re left with for now is having to laboriously click through a number of products to see whether their rankings come from thoughtful and detailed reviews or are just a mass of 5 star one liners.
The whole blog article contains a lot of interesting details.