marklai.com

Pre-order your copy of Effective Java (2nd Edition).

Joshua Bloch presented these items at JavaOne 2008 TS-6623, More Effective Java:

• Generics (Item 28)
• Enum types (Items 31–34, 77)
• Lazy initialization (Item 71)

What’s New in Ajax - Ben Galbraith, Dion Almaer

New frameworks, plug-ins, UI toolkits. Browser can become a bottleneck (single thread only) but is virtually multi-threaded using Google Gears, message communication with browser.

Cloud computing services: Amazon EC2, Google App Engine, Aptana Cloud - takes care of hosting infrastructure freeing developers to focus on applications.

• Prototype - Lightweight Ajax/JavaScript helpers
• GWT - hate JavaScript? Use Java
• jQuery - new DOM-centric JavaScript helper (start with a page and add to it)
• dojo - soup-to-nuts Ajax/JavaScript platform

LinkedIn Communication Architecture - Ruslan Belkin, Sean Dawson

100% Java, Spring glue for entire architecture. Parallel collection using java.util.concurrent to improve performance. Asynchronous communication with JMS.

Enterprise Undo - Andrew Dinn, Jonathan Halliday

JTA and EJB 3.0 annotation based ACID transaction management are insufficient for extended transactions.

Use Business Activity Framework.

e.g.

@BACompensatedBy (”cancelHotelRoom”)

public int bookHotelRoom(int roomNumber)

public boolean cancelHotelRoom(int reservation number)

Detecting and Defending Against Security Vulnerabilities for Web 2.0 - Ray Lai

Use tools to detect. No one tool will catch all; need to use them all.

Use defensive coding and testing tools.

Addressing Tomorrow’s Security Requirements in Enterprise Applications - Ben Alex

• Simple web application security
• Single Sign On and Federated Identity
• Method authorization

Use Spring Security 2

Tips

• Use a proven security framework; don’t roll your own
• Start simply, and add complexity incrementally
• Consider user registration requirements
• Plan for federated identity, particularly involving OpenID
• For in-house applications, consider NTLM and CAS
• Employ Captcha techniques to mitigate DoS attacks
• Favor method authorization over web authorization
• Annotations-based authorization metadata is quick and easy
• Very carefully consider any domain object instance security
• Prefer Basic authentication for RESTful, HTTPS interactions
• Leverage WSS for transport-independent SOAP

Top 10 Patterns for Scaling Out Java Technology Based Applications - Cameron Purdy

#10 Understand the problem

#9 Define the requirements

#8 Architecture trumps technology

#7 Understand the basics

#6 Visualize the network

#5 Visualize the design

#4a Plan for overload

#4b Partition for scalability

#3a Plan for failure

#3b Replicate for availability

#2 Tier where it makes sense

#1 Simplify

It’s still a balancing act. Reliability, durability, scalability, latency…

Advanced Web Application Security - Jeremiah Grossman, Joe Walker

Practical advice: the best we can do is slow down the bad guys from getting into our websites.

CSRF - Cross Site Request Forgery

• Forcing users to log off and checking referrer headers help.
• The only complete solution is to include an authentication token in the body of EVERY request.

JavaScript hijacking

• JavaScript lets you re-define almost anything
• JSON must be used properly - especially wrap data with {…} and wrap keys in ”

XSS - Cross-site Scripting

• At risk any time user submitted content that could contain scripts is allowed
• Filter content both on the way in and on the way out

Web worms

• Grows faster than email worms
• If site isn’t 100% secure against CSRF & XSS, users can attack their “friends” with scripts
• Samy hacked MySpace profile to add friends and update profile with worm. 1 million users infected in one day.

Programming with Functional Objects in Scala - Martin Odersky

Scala is the Java programming language of the future. It’s interoperable with Java environment, and “is just another Java library”.

What is it? It’s a scripting language, a composition language, an object-oriented language, a functional language. What amazed me is the ability to implement new control structures. Now that’s a “dynamic” language.

Compared to Java:

Patterns for Integrating Java and JavaScript Technology: Tales from the Front Lines - David Caldwell

JSR 223 & Rhino

Patterns from most to least JavaScript code

• JavaScript with Java as necessary
• JavaScript with parts in Java
• Java with parts in JavaScript
• Java with JavaScript as desired

Seems somewhat useful to me, but messy. If you ever get lost doing HTML/JavaScript/Java in a JSP, well… I don’t know what to say. Change career to fashion modeling or something.

Pimp My Build: 10 Ways to Make Your Build Rock - Conor MacNeill, Matt Quail

1. Use Imports
2. Use macros and presets
3. Don’t build stuff you don’t need
4. Spice up your build
5. Don’t be afraid to write tasks
6. Use scripts
7. Use conditional tasks (using ant-contrib tasks)
8. Don’t do one-off analysis
9. Document your build
10. Maven best practice tips

Maven best practice tips

• Use a remote repository proxy - Archiva
• Create a local repository for private artifacts - your own and missing 3rd party artifacts
• Local repository for public artifacts
• You need to manage your build infrastructure

Spice up your build

• Add a splash image
• Add some sound - blame train toot when the build fails

Amazon Code Ninja Puzzles

New puzzle for each day they were at the JavaOne Pavilion. Since I’m bringing these home, here are some hints.

Puzzle #2: “x % y” What happens when y is a negative number?

Puzzle #3: Bits ‘&’ binary.

#2 is not much of a hint. Actually not a hint at all. I just felt like I needed to know it for solving the puzzle; it didn’t help. 

The Script Bowl: A Rapid Fire Comparison of Scripting Languages - Guillaume Laforge, Charles Nutter; Jorge Ortiz, Raghavan Srinivas, Frank Wierzbicki

Contenders: Groovy, JRuby, Jython, Scala

Rounds:

1. Rich Client Application
2. Web application
3. Open (free format)

Impressive how little code is needed in each of these.

Hands-on Struts 2 - Ian Roughley

Similar on the outside with Struts 1; all changes under the hood. Threading model is the biggest change.

Dependency injection to access business services, e.g. Guice or Spring.

Debugging Data Race - Cliff Click

More of a theoretical talk. Talk easier to follow than slides.

Bad news: Available tools suck and even require PhD to use. What we do today with visual inspection and logging/printing is state of the art.

Good news: java.util.concurrent helps. “volatile” keyword fixes double check locking

Creating a Compelling User Experience - Ben Galbraith

Sex sells. It works in advertising, and it works in software. It’s all about managing user expectations. Aesthetically pleasing software is perceived as easier to use, even when it’s not. One theory is that users like how it looks and are thinking more creatively in its use.

Applications for the Masses by the Masses: Why Engineers Are an Endangered Species - Todd Fast

Social networking software with large user base of high school & college users. Facebook as a platform. Widgets on blogs.

????

I don’t know about this. I could add a bunch of widgets to my blog, but that’s not the same as creating a new and useful application.

I realized my day numbers may be off since I’m counting the Java University as day one. Consider this a 1 based indexing.

The conference kicked off with Sun’s general session “Java + You”. Some intro and demo on devices, including Amazon’s Kindle; impressive JavaFX applications that crashes, but still exciting nonetheless; Neil Young’s music archive project running on Java & PS3.

On to the technical sessions.

Overview of the JavaFX Script Programming Language - Christopher Oliver

Language features:

• Integrated with Java
• Object-Oriented
• Closures
• First-class Functions
• Multiple Inheritance
• Imperative and Declarative Syntax
• Statically Typed with Type-inference
• Time is a first class type
• Key frame animation

Too bad it followed immediately after Sun’s JavaFX demo, which made examples in this session look really really boring. 3D HD video rendering vs a spinning box…

More “Effective Java” - Joshua Bloch

Lots of people went to this. A bit of a fiasco with line control. There were people everywhere and the coordinators tried to do a snake line. Only problem is, we didn’t know that. The quote of the day would be “They are not lined up properly. I’m not going to let them in.”

Back to topic: Effective Java 2nd Edition is out. New stuff:

• Chapter 5: Generics
• Chapter 6: Enums and Annotations
• Java 5 language features
• Concurrency (renamed from Threads) for java.util.concurrent
• Existing items updated to reflect current best practices
• 57 items in first edition; 78 in second edition

Spring Framework 2.5: New and Notable - Rod Johnson

Lots of new stuff. Strong preference for using annotation based dependency injection. Here’s one slide on pros and cons of using annotation-based DI.

Pros:

• Annotations can reduce or eliminate external configuration
• More concise mechanism because you specify what would be injected, with the location of the annotation providing where

Cons:

• Annotations are per-type not per-instance
• Doesn’t work for legacy code with existing classes without annotations
• Need to recompile Java code to modify configuration
• Not well suited for externalizing simple types

That’s 2-4. Obviously not equally weighed points.

Defective Java Code: Turning WTF Code into a Learning Experience - William Pugh

Some examples taken from The Daily WTF.

• Don’t synchronize on String constants; they get interned. Use new Object(). A rare case of appropriate use in instantiating an Object object.
• DateFormat not synchronized. This tip would’ve been handy 2-3 years go. Create a new instance of DateFormat (fast) each time or use ThreadLocal.
• War on equals() implementation: instanceof vs getClass()
• FindBugs

Let’s Resync: What’s New for Concurrency on the Java Platform, Standard - Brian Goetz

Moore’s law still in effect, only it shifted from CPU clock rate to number of CPU cores. —> Many more programmers are becoming concurrent programmers whether they want to or not.

Parallelization technique: divide-and-conquer, much like the merge sort algorithm.

Java Fork/Join framework to the rescue.

• Create a limited number of worker threads
• Each worker thread maintains a private double-ended work queue (deque)
• When forking, worker pushes new task at the head of its deque
• When waiting or idle, worker pops a task off the head of its deque and executes it (instead of sleeping)
• If worker’s deque is empty, steals an element off the tail of the deque of another randomly chosen worker

Code Ninja

The folks at Amazon’s booth dubbed me a Code Ninja for solving their coding puzzle.  I’m bringing the puzzle back home.  Here’s one hint:  it has to do with adding numbers.

Monday is the Java University, or the free Community One which is a mix of vendor presentations, I believe. (Update: Saw the aftermath. Looks like it’s mostly white board booths, with some partying.)

Morning course: Designing and Implementing Secure Java Technology Web Services

• Presented by John Ranta
• 6 days course packed into 2.5 hours
• Brief description of Java technologies for web services & platforms
• Brief description of web services processing and the bigger-than-military-use list of acronyms
• Crammed/skipped the section on securing Java web services security using message-layer security (there’s an acronym for this: WTF)
• Demo on Netbeans and the packaged Glassfish V2 to quickly create a web service project and web service client project
• Concluded with a presentation of Metro Web Services Stack (Tango + JAX-WS + JAXB) by Jiandong Guo & Marek Potociar

Afternoon course: Web 2.0: Leveraging the Project jMaki and Google Web Toolkits for Rapid Website Development

jMaki

• jMaki presented by Evan Troyka
• convention over configuration in building Web 2.0 applications quickly
• extracts javascript details; project went further to extract lots of widgets to a common interface
• drag-n-drop GUI builder

Google Web Toolkits

• Google Web Toolkit presented by David Geary
• Author of many books: Graphic Java 2 Swing, Core Java Server Faces, Advanced JavaServer Pages, GWT Solutions - see the theme here?
• Memeber of JSTL and JSF 1.0/2.0 Expert Groups, 2nd Struts committer, inventor of Struts Template Library, wrote questions for Sun’s Web Dev. Cert. Exam, President of Clarity Training, Inc.
• GWT enables Ajax web application development in pure Java using familiar idioms from AWT, SWT and Swing
• GWT compiles Java to JavaScript for most browser flavors and automatically detects the correct JavaScript library to use for the client. Don’t trust Java –> JavaScript “compilation”? It’s just like compiling Java source into Java byte code. Trust Google!
• Drag and drop not yet supported, but can be implemented using AbsolutePanel, FocusPanel and MouseListener
• GWT Solutions book site

Off to JavaOne! It’ll be a fun & busy week.