Tuesday, August 23, 2016

Signing NetBeans modules with a Time Stamping Authority (TSA)

Signing JAR files is a very good practice. And while a proper certificate is not worth the price and effort, self-signing is still a step in the right direction.

Ever since Java 5 jarsigner supported a Time Stamping Authority (TSA) with the --tsa and --tsacert parameters. A Time Stamping Authority is basically an online digital notary that certifies the point in time the jar was signed -- it is designed to prevent signing files after the certificate expired.

It turns out that while you can sign NetBeans modules using the FAQ steps, there is no support in the build harness for a TSA.

I found bug #243213 which also mentions NBM problems and I submitted a patch there.

So, if you want to also add a timestamp to your NBMs, apply this small patch on top of your NetBeans source repository and rebuild NetBeans.

Then, you just have to define in nbproject/project.properties another key with your TSA (I'm using StartSSL's here):

tsaurl=http://tsa.startssl.com/rfc3161


Wednesday, August 03, 2016

Forcing export of internal API in Java 9 with -XaddExports

I've long been a fan of NetBeans' module system and of OSGi so Java 9's modules are a big improvement to me.

Except modules are really good at enforcing API boundaries and stop allowing one to freely use any public class.

An error such as this is no fun:

Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.IllegalAccessError: superclass access check failed: class A$1 (in unnamed module @0x3fb6a447) cannot access class jdk.nashorn.internal.ir.visitor.NodeVisitor (in module jdk.scripting.nashorn) because module jdk.scripting.nashorn does not export jdk.nashorn.internal.ir.visitor to unnamed module @0x3fb6a447

I've assumed that this has to be tweaked at SecurityManager level and played with -Djava.security.manager and -Djava.security.policy and the very handy -Djava.security.debug.

Alas, that doesn't help. (Although I'm still convinced it should, unless there is a bug somewhere).

What one needs to use is the magical -XaddExports flag. This forces an export and allows the code to run:

java -XaddExports:jdk.scripting.nashorn/jdk.nashorn.internal.ir=ALL-UNNAMED -XaddExports:jdk.scripting.nashorn/jdk.nashorn.internal.parser=ALL-UNNAMED -XaddExports:jdk.scripting.nashorn/jdk.nashorn.internal.runtime.options=ALL-UNNAMED -XaddExports:jdk.scripting.nashorn/jdk.nashorn.internal.runtime=ALL-UNNAMED -XaddExports:jdk.scripting.nashorn/jdk.nashorn.internal.ir.visitor=ALL-UNNAMED A


Wednesday, July 06, 2016

String.trim is an optimization hack

Turns out java.lang.String.trim() has its own unique definition of "whitespace" in order to be able to reuse the same underlying char array.

This blog post from 2008 talks in a lot of detail: https://closingbraces.net/2008/11/11/javastringtrim/

Monday, April 04, 2016

BSD on Raspberry Pi 2

Raspberry Pi 2 is the version that finally seems a good purchase to me with its quad core processor and 1GB of memory. If you need WiFi, Pi 3 is even better since an external WiFi dongle consumes more power.

But I would prefer to use an official release of a known operating system instead of using custom forks like Raspbian.

FreeBSD provides an official image, but to them ARM is a tier 2 platform "not supported by the security officer and release engineering teams". So, no freebsd-update. The existing image is for CURRENT ie. bleeding edge. RELEASE would be nice.

OpenBSD has no plans to support it.

The winner is NetBSD: they have an official image since NetBSD 7!

So now NetBSD and this little Pi 2 will replace a much bigger and nosier machine for a dedicated task. I'm curious how it holds up!

Sunday, June 09, 2013

NetBeans - PalmOfMyHand - Dance Demo

I like making NetBeans dance:

NetBeans - PalmOfMyHand - Dance Demo from Emilian Bold on Vimeo.

The above video is a little something I've obsessed about this weekend. It all started from a song actually: Swedish House Mafia - One (Your Name). But I couldn't publish a video with that as a soundtrack so I've used this little Creative Commons gem instead.

It's basically a NetBeans module that plays an mp3 and syncs everything else to the beat.

There are a lot of NetBeans Platform and NetBeans IDE APIs touched in this simple demo. See if you can make a full list: Progress API, StatusLineElementProvider, Editor API, etc.

If people are curious I might write more about this. Turns out on Java one of the harder things is mp3 playback.

Tuesday, November 06, 2012

nbnotify.com is back up


I forgot to publish this, but it's been a month since I uploaded a new version of nbnotify.com, the OSX notification plugin.

Based on Bootstrap, this new site is as simple as it gets: all static, a stark contract to the old PHP Wordpress.

I brought the old site down in August because the Wordpress I had there was too insecure.

Right now this plugin is looking a bit old. After all, it needs the original Growl, not the new commercial Growl. Also, OSX Mountain Lion has its own notification API which I do not support yet.

Friday, June 29, 2012

Everything takes time

I read somewhere that as you get older you don't necessarily get slower, you just trade speed for quality. This sounds about right.

Here is my time with an UI regression in the new version of a large Swing app:

I start investigating the problem manually and look at the code to see what might be the cause.

I find a quick way to duplicate it.

I deduce from the code what might be the cause but I'm wrong, it could be that, but it isn't, because there is extra code to check for that condition.

I start probing with a BTrace script to see the Swing events.

I finally find the actual cause and I'm stupefied - it's a failure of an underlying system and not of the UI.

I make an unit test that fails for the regression. I also find a possible fix.

Since I'm a bit surprised by how that system worked, I go and check the problem in the previous version of the Swing app. The problem is not there! It is a regression indeed.

Now I'm really surprised - what changed?

I start debugging the unit test on the old version in order to figure out what behavior changed and I finally figure it out when I look at the diff between the versions.

This diff gives me a 2nd way to fix the code. I patch the new code but it fails subtly in another way -- it wasn't changed for nothing, after all.

I decide that the initial fix is the right one and I apply it.

I am finally done!

At this point my fix was a few lines of code and a large unit test.

But besides this I have various byproducts: the BTrace script, the 2nd fix that didn't work as well as my notes file with my remarks, various stacktraces from the BTrace script and the debugger and errors.

Investigating, writing little scripts, running in various configurations and on top of various versions then finally checking the final fix and wrapping up took a lot of time.