All entries for June 2005
June 30, 2005
Nine ways to hack a web application
A useful round-up, and I now understand cross-site scripting in more depth than I did. I was in the overflow room and the sound sucked, but not as much as the non-digital camera pointed at the projection screen displaying the slides and code examples! The system we set up for the LWMS in 2000 is far superior.
Shale: the next Struts?
McLanahan and Geary made no attempt to answer this question (it might just as easily find a place in the next JSF), but stuck to providing examples of how Shale improves on JSF and Struts. Most interesting features: Spring-like web flows (called dialogs), Tapestry-like views which are very easily reusable (and which make it trivial to chain actions together, unlike in Struts), support for AJAX by including special handling for XmlHttpRequests (called remoting), integration with commons validation.
Real world experience in app scaling using JDO
International Truck already had a high-performance back office system based on Versant OODBMS ("to minimise our involvement with DBAs") when they realised the need to roll out a cut-down version to very low-spec service laptops. They implemented their own in-memory JDO database to avoid licensing issues and to be able to re-use all their back office code without change.
Spring and JSF: synergy or superfluous?
Much similarity, especially in the area of dependency injection (differences: Spring can do constructor injection, JSF can do EL injection). Rod Johnson emphasised the AOP nature of Spring, which surprised me as I've always thought its proxy based approach rather weak. The conclusion (no surprises): synergy, use JSF for its rich component set and wealth of tools, and Spring for a nice clean DAO layer.
Web framework smackdown
A fun session with representatives defending most of the main web frameworks (though not Struts), and lots of time for audience questions (quite a few of them from Struts developers wanting something better). Interesting to hear of Tapestry and Wicket next to each other, since Tapestry aims to minimise Java code and Wicket aims to minimise everything else. JSF was somewhat the odd one out for being a specification rather than an implementation.
Bottlenecks in MVC frameworks
There aren't any, was the conclusion of this comparitive test between several frameworks and a non-MVC (JSP-based) implementation. Interesting for their methodology and tips for using JMeter.
Jewels in the developer toolbox
Convinced me that I should spend more time looking for tools because there are some great ideas out there. Funniest tool: the paper napkin look-and-feel for Swing, intended for use in unfinished apps to give the tester/boss appropriate expectations.
June 29, 2005
Scott McNealy's keynote
Sun have just bought SeeBeyond, and by coincidence JBI was the most popular session yesterday (our ID badges have RFID so they can measure this). But Scott spent most of his talk (which overran, as it always does) showing examples of Java being used for social change and exhorting us, the developer community, to work for this – writing open source apps for health, education etc. He forsees a time when there will be JCP-like bodies for such things. Interesting.
Amazon web services
Most users (80%) use the REST WS interface not the SOAP one. You can get access to basically everything in Amazon, and Alexa and DMOZ stuff too. There's a whole community of developers and integrators based on AWS now.
POJO web development with Wicket
Wicket is (yet another) web framework with an unusual take: it's highly componentised, and the components are POJOs. This results in a programming style much like Swing. The binding from the web layer to the model is certainly much cleaner than anything else I've seen, with no XML layer and minimal intrusion in the HTML. Looks like fun, but it's hard to imagine the range of ready-made components ever catching up with JSF.
Rich clients with JSF
How to write AJAX components for JSF. It turns out to be very simple, plugging in direct-to-DOM renderkits instead of the HTML ones, and using a very standard JS library on the client to go fetch updates, solving the problem of having to write your own JS for every component (which is probably what all the people rushing out AJAX components for JSF at the moment are doing). Neat.
Java platform clustering
An overview of past and present approaches to providing clustering services at the JVM level. A new API based on JSR-121 is proposed, using the concepts of isolates and aggregates to provide support for clustering in a controllable and non-intrusive way.
Workflow, BPM and Java
This presentation from Tom Baeyens of JBoss hardly mentioned workflow and BPM, but instead presented their new framework on which workflow/BPM applications can be built, which they call Graph Oriented Programming. Amusingly this is virtually identical to the dataflow graphs I proposed in my PhD thesis, with the interesting addition of a hierarchical token system to allow persistence of graph states. Of course at the time it never occurred to me that my ideas could be applied to business modelling.
Service Data Objects SDO 2.0
SDOs are an abstraction above datasource-specific protocols like JDO, JNDI etc, useful for integration scenarios where objects need to be passed around between services where different protocols are in use. The original stanard included stuff like change logging, 2.0 is just a richer set of operations and helpers.
Six ways to meet OutOfMemoryError
Lots of useful details about debugging garbage collection – I now understand what the PermGenSpace error that we've been seeing occasionally since moving to Java 5 means!
June 28, 2005
A bit of a light year for announcements. IBM have licensed Java for another 11 years and will support all their products on all the Solaris platforms. That's really IBM's announcement than being a Java one ISTM. Jonathan Schwartz did illustrate Sun's business model with respect to Java clearly (for once) though: "go where the volume is". With 3 billion Java-enabled devices sold last year they seem to be succeeding. (And all blu-ray DVD players will be Java driven too.) He also announced the next thing to be open-sourced, Sun's next generation enterprise app container. Should be very interesting, but not due until later this year. And promised more open sourcing to come: "there's one price that works for everyone: free".
Graham Hamilton revealed more of what's to come in the next two versions of Java. (Lots more usability, mostly through annotations, and tool support.) Sun have finally realised that version names like "J2SE 5.0" are inherently confusing (is it 2 or 5?) so the next version of J2EE will be called Java EE 5 and the next version of the standard edition Java SE 6.
Mark Hapner revealed that first versions of Java EE 5 should be out next year. Main focuses: POJOs (hallelujah), dependency/resource injection using annotations, JDO-like persistence mechanism, lots more support for web services.
There was also a session on Service Oriented Architectures (SOA), but it wasn't technical, just waffle. The vibe outside afterwards was that other people thought so too.
Java Business Integration
The new JBI spec, just released, is an architecture for enterprise service bus type systems based on WSDL 2.0 to abstract away messaging details. Looks useful for integration projects. Convinced me that there may actually be something useful in SOA. There's a lot of froth around it at the moment (even though it's not a new term – been known to computing science since at least the 70s). But I begin to see what it may be useful for and JBI has a nice API to do it.
EJB3 has changed a lot since last year, having undergone a massive reduction in the number of annotations it uses – down to 2, essentially the container will be made to do most of the work. Deployment descriptors will not be eliminated after all, but will be completely optional. An upgrade path from EJB2.1 has been defined and looks convincing. The persistence engine will be pluggable (I see the hand of the 6 JDO vendors on the expert group in this) and will support JDO2-style attach/detach.
Experiences with the 1.5 language features
Some useful snippets. I think I now understand what covariant return types are for. Why the conditional operator is dangerous with generics and why wildcards are essential for API designers.
June 27, 2005
Some good new stuff coming in Netbeans, much of it focussed around existing strengths such as GUI design (the new GUI building engine looks excellent), cross-device development (setting breakpoints in a mobile phone is cool) and out-of-the-box usability. Netbeans does seem to be kind of the most agile IDE; they're already talking about integration with Looking Glass, the 3D desktop.
In general, the priorities with Netbeans coincide with those for Java generally, around ease of use (supporting higher level constructs and working with a variety of platforms) and dynamic languages. Early leak: the Dolphin release of the JVM (2008) may include byte code to support dynamic languages, which will be the first byte code in there that isn't used by Java itself.
The fireside chat featured a real fireplace, though it wasn't lit (no surprise, since it was on stage in one of the conference halls and the flue only went up to the top of the stage set). It's purely an audience Q&A session with the top people who shape the JVM, platforms and APIs. No overall theme, therefore, but interesting to hear the kinds of questions asked. Much interest in support for phone/PDA devices. Worst regret in 10 years of development of Java: AWT. Deprecated APIs will never be removed from the platform. JDO will not be deprecated (though since all the big JDO vendors are involved in EJB3, it may not develop much further after the EJB3 compatibility revision). Annotations will be developed further, but otherwise no major new language features planned for the next two releases – witness how long it took to standardise generics (over 5 years). Mantra of Sun Java developers is like the Hippocratic Oath: "do no harm".
June 14, 2005
The Academic Data Store, a new database which I'm bringing into being, is starting to take shape. We've nearly finished designing it and next week we install the software that will drive it, and start sucking in data from many sources.
It's hard to be interested in databases, especially when they don't hold much data of their own, and a large part of why we're building the ADS is to make all the connections between datbases and other databases easier to manage – a purely administrative benefit. But the user-facing things ADS will make possible are increasingly looking quite interesting:
tasks + data = checklist
We're introducing the concept of a task, which is essentially just some text which describes some data. Together with the data from a variety of different databases (ID card issuing, academic enrolment status, the sports centre, maybe the library), this will make us able to provide a checklist of all the administrative things new students need to do and actually display which ones have been done. With the new web signon system in service, it will be easier than ever to hop from one web system to another to complete the tasks.
lectures + module registrations = personal timetable
With module lecture data from the timetabling office and student module registrations from OMR, we'll be able to produce personalised timetables for students which just show the lectures they need to go to, something which hasn't hitherto been possible.
modules + arbitrary groups + events = seminar groups
With data from OMR defining what students are taking a module, and the ability to define arbitrary sub-groups (and 'supergroups', a group plus hangers-on) of those students, it will be easy for staff to define groups of students for seminar groups. Once defined, these can be used in mass mailing, for controlling access to SiteBuilder pages etc. Generalising the concept of a lecture into an event with a start and end time, times for seminar group meetings can be defined and automatically mass-mailed out to the participants.
events + tasks = deadlines
Using the task concept and event concept together, you can define a task to be presented to students with a start and end time. The timing could be applied so that a SiteBuilder page becomes accessible only for a defined period, perhaps with another event publishing the solutions page immediately afterwards, and a reminder event happening a certain amount of time before the end of the first event, triggering a mass mail reminder that the deadline is approaching. Students who miss the first 5 minutes of the lecture will have no excuse now.
It's all getting awfully joined-up. And this is just an initial bunch of ideas, that we hope to have built on top of ADS by xmas or so. Further ideas for joined-upness are welcomed.