Maven: Parent POM in repo, but Non-resolvable error

December 5, 2016

If you are using maven you may have been flabbergasted by an error like this

[ERROR] Non-resolvable parent POM: Failure to find at.test:test:pom:23 in https://repo.maven.apache.org/maven2 was cached in the local repository, resolution will not be reattempted until the update interval of central has elapsed or updates are forced and 'parent.relativePath' points at wrong local POM @ line 9, column 10

I had this error and was wondering why it was occurring? I had the parent artifact in my local repository. It was not missing. Maven did know this, because the log said

[DEBUG] Verifying availability of /home/stefon/.repository/at/test/test/23/test-23.pom from [central (http://repo.maven.apache.org/maven2, releases)] 

So if I have the parent POM file in my repository and maven knows about it? Why are we getting an error?

As the file is not available on central, Maven will (correctly in my opinion) fail the build as the build would be non-reproducible.
(Mailarchive Maven-Users)

So, what do we do if it is not possible to publish our parent pom artifact?

there is a CLI option that you can enabled in Maven 3.1.1 that tells Maven “I know what I am doing and don’t make that check this time” i.e.  –legacy-local-repository

In other words:

 mvn clean install --legacy-local-repository

Just remember: This is a hack and may break at any moment with a new maven version! There is an blog article where you can find other solutions for your problem

Where Has the Java PermGen in Java8 Gone?

November 30, 2016

Java 8 is released since 2014. If you are working in an enterprise oriented company, chances are you are only now getting experience with usage of Java 8. You may ask yourself what this warning is telling you.

VM warning: ignoring option MaxPermSize=128M; support was removed in 8.0

Why is PermGen gone? An article of infoq.com tells you something of the reasoning behind this change.

Attention riseup.net users! Your data and communucation may not be safe anymore…

November 24, 2016

Popular provider of web tools for activists and anarchists and backbone of much infrastructure for internet freedom, Riseup.net has almost certainly been issued a gag order by the US government.
[…]
My read is that Riseup is complying with the gag order while fighting the surveillance demanded in court. Riseup is made up of long-time anarchist activists who would feel obliged to go to prison rather than collaborate in snitching out others. However there is a small chance someone could crack from threats of decades in prison. Additionally there’s a much more substantive chance that regardless of their optimism Riseup may soon be forced to close everything down.
Riseup’s Canary Has Died – C4SS

Long story short: There exists a high possibility that the riseup servers and their infrastructure is compromised. The given links also suggests some actions to be taken to recover from the loss of riseup as a trustworthy source for communication services…

(If you want a description and summary in german of what this is all about, you can look there).

Howto access git via ssh behind a corporate proxy

November 22, 2016

If you are working behind a proxy and have to access git repositories on the internet via ssh (e.g. github), then you sooner or later (probably sooner) find out that this will not work out of the box. This is because you need to proxy your ssh connection. This summary on stackoverflow explains how to do this in a short but comprehensible manner.

 

In search of your soul mate?

November 15, 2016

Lots and lots of songs and movies tell us: There is one person in the world who is your soul mate. A person who understands you and completes you. If you happen to believe this or want to make fun of this theory (read: criticize this thinking) , I have something written/drawn and something sung for you.

On what if? Randall Munroe answers the question “What if everyone actually had only one soul mate, a random person somewhere in the world?” in a funny and witty way.

[…] The odds of running into your soul mate are incredibly small. The number of strangers we make eye contact with each day is hard to estimate. It can vary from almost none (shut-ins or people in small towns) to many thousands (a police officer in Times Square). Let’s suppose you lock eyes with an average of a few dozen new strangers each day. (I’m pretty introverted, so for me that’s definitely a generous estimate.) If 10% of them are close to your age, that’s around 50,000 people in a lifetime. Given that you have 500,000,000 potential soul mates, it means you’ll only find true love in one lifetime out of ten thousand. […]

Also there is the song “If I Didn’t Have You” from Tim Minchin which perfectly sums up this topic.

Hardware based exploit: Rowhammer

November 10, 2016

The Rowhammer exploit is at least known since 2014 but only in the last months it seems that this exploit may be found out in the wild.

Row hammer (also written as rowhammer) is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly altering the contents of nearby memory rows that were not addressed in the original memory access. This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times.
[…]
Memory protection, as a way of preventing processes from accessing memory that has not been assigned to each of them, is one of the concepts behind most modern operating systems. By using memory protection in combination with other security-related mechanisms such as protection rings, it is possible to achieve privilege separation between processes, in which programs and computer systems in general are divided into parts limited to the specific privileges they require to perform a particular task. Using privilege separation can also reduce the extent of potential damage caused by computer security attacks by restricting their effects to specific parts of the system. [wikipedia]

In other words: Switching to another operating system or patching it may not solve the problem, because the root of the problem lies in the memory chips every which computer contain. An article on wired.com describes it like this

Both of those new attacks use a technique Google researchers first demonstrated last March called “Rowhammer.” The trick works by running a program on the target computer, which repeatedly overwrites a certain row of transistors in its DRAM flash memory, “hammering” it until a rare glitch occurs: Electric charge leaks from the hammered row of transistors into an adjacent row. The leaked charge then causes a certain bit in that adjacent row of the computer’s memory to flip from one to zero or vice versa. That bit flip gives you access to a privileged level of the computer’s operating system.

lwn.net is reporting that linux kernel developers are trying to mitigate the exploit.

An intriguing alternative turned up on the linux-kernel list, though its nature wasn’t immediately clear. Pavel Machek asked a question that raised some eyebrows: “I’d like to get an interrupt every million cache misses… to do a printk() or something like that.” Developers naturally wondered what he was up to. The answer turns out to be an in-kernel Rowhammer defense.

Intro to Reactive Programming in Java

September 27, 2016

Infoq.com has  a nice little intro and tutorial to reactive programming in Java with the RxJava library.

Key takeaways

  • Reactive programming is a specification for dealing with asynchronous streams of data
  • Reactive provides tools for transforming and combining streams and for managing flow-control
  • Marble diagrams provide an interactive canvas for visualizing reactive constructs
  • Resembles Java Streams API but the resemblance is purely superficial
  • Attach to hot streams to attenuate and process asynchronous data feeds

Also you should checkout the RxMarbles website which interactivly visualizes the reactive functions.

Mozilla Flyweb: How to get rid of custom apps to communicate with IOT devices…

September 8, 2016

Mozilla has an interesting project called flyweb. If you want to know what it is about and why you should have a look at it watch this video.

https://air.mozilla.org/friday-plenary-flyweb/video/

This specification aims to allow web applications to connect with and communicate to each other over local-area transport protocols. In particular, this specification aims to bring the web’s client/server application model to inter-device communication. The web’s application architecture enables an application running on a server to dynamically and incrementally send application state and logic to an intermittently connected client. This model enables a powerful multi-homed application architecture.

Git Staging: Video about what it is, how it is used and why we need it

August 29, 2016

Amazon Reviews and how they can be exploited by companies

July 12, 2016

Matthew Garrett blogged about how the review system on amazon can be exploited by companies via free or discounted products.

It’s hard to avoid the conclusion that Amazon’s review model is broken, but it’s not obvious how to fix it. When search ranking is tied to reviews, companies have a strong incentive to do whatever it takes to obtain positive reviews. What we’re left with for now is having to laboriously click through a number of products to see whether their rankings come from thoughtful and detailed reviews or are just a mass of 5 star one liners.

The whole blog article contains a lot of interesting details.