April 2003 Java News

Wednesday, April 30, 2003

IOPSIS Software's Java Specification Request (JSR 213) Micro WSCI Framework and JSR-214 Micro BPSS for J2ME Devices were voted down in the Java Community Process (JCP). This is probably a wise decision in my opinion. These JSRs had a lot of overlap with other JSRs, and what didn't overlap was either too early or didn't belong in J2ME in the first place.

Sun has submitted JSR-215, a proposal to update the Java Community Process, to the Java Community Process. Quoting from the JSR,

This JSR aims to define a new version of the Java Community Process and to address a group of specific process issues that have been observed by the the Program Office and the Executive Committees of the JCP since the completion of JSRs 99 and 171. These pragmatic changes are designed to address some of the day-to-day issues of Spec Leads and Expert Groups through relatively minor, easy to implement changes to the process.

None of these changes require any changes to the participation agreements (the JSPA or IEPA). The community is still in a transition phase to the new JSPA 2 from JSR 99, so it is not an appropriate time to consider making changes to the process that require changing these agreements further.

This JSR will not consider any issues that are difficult to implement or that require changes to the JSPA. This is a list of the specific issues that this JSR will consider:

1) Some JSRs may need to span Editions and therefore span the ECs. This JSR will consider defining when that is possible, and how that works.
2) JSRs should be more transparent to the community, and it should be easier to tell when a JSR is working and when it is dormant. This JSR will consider requiring Spec Leads to provide a status report to the PMO on a regular basis, which would be posted to the web site for community member viewing.
3) There is value to the Spec Leads to have two classes of Expert Group members - active members and observers. This JSR will consider ways to enable observer memberships to Expert Groups.
4) This JSR would also consider giving Executive Committee members the right to assign a member as an observer to the expert group for any JSR that is assigned to the EC on which they serve.
5) There is a mistake in the process document with regards to super-majority voting. This JSR would change the process from requiring super majority ballots to J2SE umbrella JSRs that propose language changes to requiring super majority ballots on any JSRs that propose language changes.
6) In order to promote more feedback at the review periods, this JSR will consider changing Community Review to Early Draft Review and making it open to the public. Also, this JSR will consider removing the Community Review Ballot and replacing it with a ballot after the second public review, called Public Review Ballot.
7) This JSR will consider setting minimum requirements for TCKs.
8) This JSR will also consider requiring spec leads to deliver a TCK Coverage Document that will enable EC members to judge the sufficiency of a TCK.
9) This JSR will consider moving the disclosure of TCK and other business terms to a point earlier in the process.

Sun has submitted four JSRs to the JCP to upgrade various Java 2 Micro Edition (J2ME) specs to take advantage of Java 1.4. JSR-216, Personal Profile version 1.1 for the J2ME™ Platform, and JSR-217, Personal Basis Profile version 1.1 for the J2ME Platform update the existing 1.0 versions of those specs to support Java 1.4. Quoting from JSR-216,

Personal Profile provides a J2ME environment for those devices with a need for a high degree of Internet connectivity and web fidelity. Version 1.0 of Personal Profile (JSR-62) served as the next generation of the PersonalJava™ environment; as such, it provided a path for applications written to the PersonalJava Application Environment Specification to migrate to J2ME. Additionally, Personal Profile 1.0 was derived from the J2SE 1.3.1 API specification. Applications written to the java.* APIs in this specification would therefore run on J2SE 1.3.1.

This JSR proposes to update the Personal Profile specification to reflect the J2SE 1.4 APIs and to provide underlying support for the Advanced Graphics and UI Optional Package (JSR-209). The result, Personal Profile version 1.1, will be backward-compatible to its 1.0 counterpart.

Note that while new APIs may be adopted from J2SE 1.4, no new, non-J2SE APIs are planned for definition in this JSR.

JSR 217 has almost identical language.

JSR-218, J2ME™ Connected Device Configuration (CDC) 1.1 and JSR-219, J2ME™ Foundation Profile 1.1 provide "updates (based on J2SE™, v1.4.1) to the existing core, non-graphical Java™ APIs for small electronic devices."

Comments are due by May 12.

Nokia has posted the first public draft for JSR-180, SIP API for J2ME, to the Java Community Process. This is a Session Initiation Protocol (SIP) API for J2ME clients that enables SIP applications to be executed in memory limited devices, especially cell phones. SIP is used to establish and manage IP sessions for instant messaging, presence and gaming services.

Tuesday, April 29, 2003

Nathan Fiedler's released version 2.16 of JSwat, a graphical, stand-alone Java debugger built on top of the Java Platform Debugger Architecture. Features include breakpoints, source code viewing, single-stepping, watching variables, viewing stack frames, and printing variables. Version 2.16 makes various user interface improvements and fixes a couple of bugs. JSwat is published under the GPL.

Bill Horsman's posted Proxool 0.7.2, an open source JDBC driver that provides a connection pool wrapper around another JDBC driver.

Monday, April 28, 2003

Sun's posted an early access release of version 1.3.1 of the JavaMail API, an SMTP, POP, and IMAP framework for Java, on the Java Developers Connection. (registration required). Version 1.3.1 fixes over 20 bugs and adds support for DIGEST-MD5 authentication in the SMTP provider.

Along with the announcement of this release, the JavaMail team also said, "The next API release of JavaMail (JavaMail 1.4, at least a year from now) will NOT support JDK 1.1 and will likely require at least J2SE 1.4. If you think you will have a need to use JavaMail on releases older than J2SE 1.4, starting about a year from now, please let us know."

SSHTools.com has posted J2SSH 0.1.3, a Java implementation that "provides a fully featured SSH2 implementation specifically designed for cross platform development. Higher level components representing both the standard SSH client and SSH servers are provided which implement the protocol specification for user sessions and port forwarding." Supported features include public key and password authentication the SFTP protocol. This beta "is primarily intended to ease the configuration of the API and resolve a number of long outstanding minor issues allowing J2SSH to conform more rigidly to the SSH2 protocol specification. Additionally, and by popular demand the logging of debug information has now been switched off by default." J2SSH is published under the LGPL.

Websina has released Bugzero 2.4.1, a $999 payware Web-based bug tracking system that supports multiple projects, group-based access, automatic bug assignment, file attachment, email notification, and metric reports. Bug Zero is written in Java and can run on top of various backend databases including MySQL. This release adds an e-mail filter based on the Received header and fixes one or two bugs.

Sunday, April 27, 2003

The XtremeJ Corp has released the XtremeJ Management Console 1.0, a Java Management Extensions (JMX) management console based on the Eclipse open source Integrated Development Environment. There's a free-beer standard Edition and a $795 Professional Edition: The standard edition can view MBean metadata, get and set MBean attributes, invoke MBean operations, create and unregister MBeans and rceive MBean notifications. The Professional Edition adds the ability to review and re-invoke past MBean invocations in the invocation log, query MBeans that match the specified criteria within a given scope, create and manage timer MBeans, dynamically and remotely deploy MBeans to the JMX agent, manage cascading agents and discovery services, receive MBean notifications and invoke custom handlers, contribute custom actions to the context menu, and add custom views and property editors

Julien Ponge has released IzPack 3.0.8, an open source tool for building cross-platform installers in Java. It's published under the GPL. Version 3.0.8 improves operating system selection accuracy, updates the Russian langpack, patches directory creation, and adds native look and feels for installers.

Jaim 0.5 is a Java library that implements the AOL TOC Instant Messaging protocol. Version 0.5 improves keep-alive handling. Jaim is published under the GPL.

Saturday, April 26, 2003

Tooting my own horn, I just noticed that Ten Reasons we need Java 3 was the number one article on OnJava for 2002.

Hewlett-Packard and Sun have posted the first public draft of Java Specification Request 188 (JSR-188), CC/PP Processing , to the Java Community Process (JCP). Comments are due by June 5.

Nokia and Siemens have posted the first public draft of Java Specification Request 195 (JSR-195), Information Module Profile, a J2ME profile for networked devices that do not have graphical display capabilities.

Sun and Siemens AG have posted a maintenance release of the Wireless Messaging API 1.1 specification.

The messaging API is based on the Generic Connection Framework (GCF), which is defined in the Connected Limited Device Configuration (CLDC) 1.0 specification. The package javax.microedition.io defines the framework and supports input/output and networking functionality in J2ME profiles. It provides a coherent way to access and organize data in a resource-constrained environment.

The design of the messaging functionality is similar to the datagram functionality that is used for UDP in the Generic Connection Framework. Like the datagram functionality, messaging provides the notion of opening a connection based on a string address and that the connection can be opened in either client or server mode. However, there are differences between messages and datagrams, so messaging interfaces do not inherit from datagram. It might also be confusing to use the same interfaces for messages and datagrams.

The interfaces for the messaging API have been defined in the javax.wireless.messaging package.

Friday, April 25, 2003

IBM has posted the change log for the maintenance release of Implementing Enterprise Web Services 1.1 in the Java Community Process (JCP). According to the introduction, "This specification defines the Web Services for J2EE architecture. This is a service architecture that leverages the J2EE component architecture to provide a client and server programming model which is portable and interoperable across application servers, provides a scalable secure environment, and yet is familiar to J2EE developers." New features for the next release include support for anonymous types and xsd:any.

The Object Refinery has posted version 0.9.8 of JFreeChart, an open source library based on Java2D. JFreeChart can produce pie charts, line charts, various kinds of bar charts, XY plots and scatter plots, time series, high/low/open/close charts, candle stick charts, and combination charts. Version 0.9.8 renames the packages from com.jrefinery.* to org.jfree.* and adds a TimePeriodValuesCollection class. JFreeChart is published under the LGPL.

Version 3.2.3 of GCC, the GNU Compiler Collection, has been released. GCC contains frontends for C, C++, Objective C, Chill, Fortran, and Java as well as libraries for these languages. This is a bug fix release.

Thursday, April 24, 2003

I've updated the notes for Week 10, I/O, of my Intro to Java Programming Course. The main purpose of this update was to fix a number of examples that were originally written six or seven years ago before I really knew what I was doing, and consequently demonstrated really bad programming practices.

Enterprise Object Broker 1.0 is an "open source application server cherry picks the best from J2EE (Servlets) and completely ignores the arguable worst (EJB)." It is a JavaBean server that transparently distributes Java objects via their interfaces using .Net style remoting for Java. Enterprise Object Broker is published under the Apache License.

Stefan Palme has released HBCI4Java 2.0, an open source Java class library for the HBCI home banking interface that supports 2.01, 2.1, 2.2, and HBCIplus (with PIN/TAN support). HBCI4Java is published under the GPL. The main web page is in German, but the Sourceforge page is in English.

BBDSoft has released jvider 1.3,a $69 payware Java Visual Interface Designer. It uses the GridBagLayout for layout rather than absolute positioning.

Gentleware has released Poseidon for UML 1.6.1 a Unified Modeling Language CASE tool based on the open source ArgoUML. Poseidon for UML integrates with NetBeans/Forte/SUN One Studio, and features generation and import of Java code. There's a free beer community edition and a payware professional edition that adds plug-in support. The professional edition seems to cost either $199 or $699 depending on which links you click. Either way, EU residents get to pay a little more since they get the same numbers but in Euros. Update: The $699 price is for the professional edition which bundles some plug-ins. $199 is for the standard edition, and you can pick whether you want to pay in Euros or dollars. (Dollars are cheaper.)

Websina has released Bugzero 2.4, a $999 payware Web-based bug tracking system that supports multiple projects, group-based access, automatic bug assignment, file attachment, email notification, and metric reports. Bug Zero is written in Java and can run on top of various backend databases including MySQL. Version 2.4 enhances bug submission over e-mail.

JCraft, Inc has posted JSch 0.1.4, a pure Java implementation of SSH2 that supports port forwarding, X11 forwarding, file transfer, etc. JSch is released under a BSD license. This is a bug fix release.

Wednesday, April 23, 2003

debugtools.com has released version 2.10.3 of JDebugTool, a standalone graphical Java debugger built on top of the Java Platform Debugger Architecture (JPDA). Version 2.10.3 "implements Hot Swapping classes directly in the Source Window according to the context of the cursor in the source code" JDebugTool is $99 payware.

Tuesday, April 22, 2003

The first beta of Cayenne 1.0, an open source object-relational persistence framework written in Java, has been posted. "Cayenne provides management of persistent Java objects mapped to relational databases, single method call queries and updates (including atomic updates of all modified objects), seamless integration of multiple databases into a single virtual data source. Cayenne is distributed with CayenneModeler - a complete GUI mapping tool that supports reverse-engineering of RDBMS schema, working with database mappings and generation of Java source code for the persistent objects." Cayenne is published under the very liberal Apache license.

ServletTesting 0.9 is an open source "unit testing framework for servlets that provides dummy implementations of the javax.servlet classes, making it easy to create a stand-alone unit test for a servlet. No HTTP request/response is used." ServletTesting is published under the LGPL.

The Object Refinery has posted version 0.9.7 of JFreeChart, an open source library based on Java2D. JFreeChart can produce pie charts, line charts, various kinds of bar charts, XY plots and scatter plots, time series, high/low/open/close charts, candle stick charts, and combination charts. Version 0.9.7 adds dual Pareto charts and support for Java object serialization. JFreeChart is published under the LGPL.

Monday, April 21, 2003

Nokia has submitted Java Specification Request (JSR) 212, Server API for Mobile Services: Messaging - SAMS: Messaging to the Java Community Process (JCP).

This JSR will define a standard, portable and protocol agnostic messaging API for SMS and MMS, which enables composing, sending and receiving short messages and multimedia messages. Multimedia message is a message containing text, images and sound. Short messages primarily contain text only, but they can also be used as a bearer for binary data. Both message types are mainly aimed to be sent from a mobile terminal to a mobile terminal. However, there is an increasing need to be able to send these messages also from J2SE/J2EE applications. Content creation tools for images and sound are out of scope. Multimedia messaging service is one of the primary services mainly targeting the third generation mobile system (3G), but applicable also for GSM. SMS was already introduced for GSM networks. Both synchronous and asynchronous message processing will be supported where applicable.

This specification will define a high-level messaging API, which is independent of the underlying network protocols, data formats and technologies for communicating with SMS and MMS servers. The run-time architecture will also enable easy plug-in of implementations for existing and future SMS and MMS protocols, data formats and technologies. It will be possible to specify at the run-time which SMS or MMS implementation driver is used. It may also be possible in the future to add support for other messaging standards than SMS and MMS.

Comments are due by April 28.

IOPSIS Software has submitted JSR-213 Micro WSCI Framework for J2ME to the JCP. According to the proposal:

Micro WSCI is a framework that will reside on the J2ME Device, and will act as a lightweight co-ordinator for choregraphed Web services.

Enabling the J2ME Device client for choreographed Web services will empower true P2P collaborations and interactions for complex processes, initiated by the client.

The key features of the Micro WSCI Framework will be:

  • Lightweight XML based pull parser and writer
  • Lightweight persistence mechanism for long running transactions
  • Lightweight observer

That note about a "Lightweight XML based pull parser" worrries me. Far too often lightweight is a code word for "does not correctly implement the XML specification." It's also not clear why they think they need a new parser instead of sitting on top of the pre-existing SAX or perhaps StAX. There's really no reason for every separate spec to invent its own parser. Comments are due by April 28.

IOPSIS Software has also submitted JSR-214 Micro BPSS for J2ME Devices to the JCP. According to the proposal, "This JSR is to provide a standard set of APIs for representing and manipulating Collaboration Profile and Agreement information described by ebXML CPPA (Collaboration Protocol Profile/Agreement)documents on J2ME Devices. These APIs will define a way to construct and manipulate various profile information corresponding to the CPP/A. The profile information can be derived from a CPP document or constructed through the API provided or constructed by accessing a ebXML Registriy/Repository using JAXR. The APIs would also enable J2ME Device users to create a base profile by taking information from a Business Process Specification document." Comments are due by April 28.

Sun's posted the third proposed final draft specification for the Java Servlet API 2.4 in the Java Community Process (JCP). Quoting more or less directly from the draft spec, changes since version 2.3 include:

Changes since the previous draft are fairly technical and detailed. The HttpSession.logout method was defeerred till 2.5, and multuthreading recommendations are somewhat less strict.

Sunday, April 20, 2003

I finally got around to converting my Java course notes to XML. I would have written them in XML originally except, well, XML hadn't been invented yet. :-) I should have made the change over years ago, legacy systems are a bitch. Anyway, all the HTML files are now autogenerated from XML sources. There may still be a few glitches in the software and stylesheets that do this, so please let me know if you spot anything that doesn't look right. Going forward, this should make it much easier for me to update and revise them.

Michael Fuchs has posted version 0.4.1 of his DocBook Doclet that creates DocBook SGML and XML documents from JavaDoc. This release adds the new properties docbook.param.table.frame, show.synopsis,show.table.param, show.table.throws, show.table.meta, show.table.see, and show.table.serialfield to control the generated output as well as fixing various bugs.

Saturday, April 19, 2003

Sun's posted the third proposed final draft of the JavaServer Pages 2.0 Specification in the Java Community Process. There appear to be quite a few significant changes since the last draft.

Nokia's posted the final proposed draft specification for Java Specification Request (JSR) 179, Location API for J2ME. The purpose of this API is to allow cell phone applets to figure out where you are at any given time. The privacy implications of this are significant, and the expert group does not appear to be addressing them to any significant extent. They simply note that "Some methods in this API are defined to throw a SecurityException if the caller does not have the permissions needed to perform the action. This MUST be enforced by an appropriate security framework in the platform." There's no serious effort here to protect users privacy in any realistic way. They're just solving the technical problem without considering the social implications. They even provide sample code to constantly track the user's movements. What such services should do is absolutely refuse to provide any information about the user's location unless the user specifically tells the phone to release such information. Furthermore, that release should be for a single report only. Explicit user permission should be required for each and every transmission of location information.

Sun's posted the public review draft specification of Java Specification Request (JSR) 185, Java Technology for the Wireless Industry (JTWI), to the Java Community Process (JCP). Quoting from the spec,

The goal of the JTWI specification is to improve the compatibility, interoperability and completeness of J2ME technology implementations in mobile phones. This specification raises the bar of functionality for high-volume devices while minimizing API fragmentation thereby broadening the already substantial base of applications that have been developed for mobile phones.

This specification achieves these goals in three ways. First, it specifies a common set of essential APIs. In some cases, these APIs provide uniform access to services that were once only available through device specific APIs, or not at all. Second, it mandates elements of the component specifications. Third, some elements of the component specifications have been clarified within this specification.

The mandatory specifications incorporated into JTWI are:

In addition, the Mobile Media API Emulator (MMAPI) 1.1 (JSR-135) is conditionally required. Comments are due by May 15.

Sun's posted the public review draft specification of the Java Management Extension (JMX) Remote API 1.0 in the Java Community Process (JCP). Comments are due by April 24.

SuperWaba 3.5 is an open source Java virtual machine for handheld operating systems including PalmOS and Windows CE devices, and is fully emulated under JDK and browser. SuperWaba is published under the LGPL.

Friday, April 18, 2003

Ervacon has released XNam 1.0, a €250 payware Java Naming and Directory Interface service provider. XNam "reads its information from XML files and is accessible through the JNDI interface. As such, XNam allows developers to define objects in XML and access them in their code using JNDI.... XNam is mainly targeted at the development environment, where it serves as a light weight replacement for other JNDI service providers."

Thursday, April 17, 2003

The Jakarta Apache Project has released Validator 1.0.2, an open source class library for verifying (or disproving) that data satisfies certain rules.

The Object Refinery has posted JFreeReport 0.8.2, an open source Java class library for generating reports that outputs PDF. This release fixes numerous bugs and memory leaks. JFreeReport is published under the GNU Lesser General Public Licence (LGPL).

Wednesday, April 16, 2003

The NetBeans Project has posted the first beta of Tegal, version 3.5 of their namesake Integrated Development Environment (IDE) for Java 3.5. This release focuses on performance improvements, especially in user interface responsiveness. java 1.3 or later and gnu tar are required.

Aachen Process Control Engineering has released Remote Tea 1.0.2, an open source Java implementation of Sun's ONC/RPC protocol that supports both servers and clients. It also provides a portmapper and a precompiler for converting .x files into Java classes. Remote Tea is published uner the LGPL.

The JBoss Project has released JBoss 3.0.7, an open source Enterprise JavaBeans application server implemented in pure Java. This is a bug fix release, no new features. JBoss provides JBossServer, the basic EJB container and JMX infrastructure, JBossMQ for JMS messaging, JBossMail for mail, JBossTX for JTA/JTS transactions, JBossSX for JAAS based security, JBossCX for JCA connectivity, and JBossCMP for CMP persistence. It integrates with Tomcat Servlet/JSP container and Jetty Web server/servlet container, and enables you to mix and match these components through JMX by replacing any component you wish with a JMX-compliant implementation for the same APIs.

Sun's posted an early access version of the Java Management Extensions (JMX) Remote API on the Java Developer Connection (JDC) (Free registration required). "The JMX Remote API standardizes a solution for exporting JMX API instrumentation to remote applications."

Sun's posted the third proposed final draft specification for JSR-151 Java 2 Enterprise Edition (J2EE) 1.4 in the Java Community Process. The primary focus of J2EE 1.4 is support for web services. Addditions include the JAX-RPC, SAAJ, and JAXR APIs. Enterprise JavaBeans have been extended to support implementation of web services via stateless session beans. Other new APIs include the J2EE Management and J2EE Deployment APIs

Tuesday, April 15, 2003

Andrew Sorensen and Andrew Brown have released jMusic 1.4, an open source Java class library for generating and manipulating music intended for computer assisted composition. It provides a music data structure based on note/sound events. jMusic can read and write MIDI files, audio files, and its own .jm files. jMusic is published under the GPL.

Teodor Danciu's posted version 0.4.65 of JasperReports, an open source Java library for generating reports from XML templates and customizable data sources (including JDBC). The output can be displayed on the screen, printed, or written to XML or PDF files. Version 0.4.6 makes a number of small improvements.

The Big Faceless Organization has released the Big Faceless PDF Library 1.2.9, a $400 payware (more if you want support) Java class library for creating PDF documents. The $1000 Extended Edition adds the AcroForms support, digital signatures, and the ability to import and edit and existing PDF documents.

Monday, April 14, 2003

SSHTools.com has posted J2SSH 0.1.2, a Java implementation that "provides a fully featured SSH2 implementation specifically designed for cross platform development. Higher level components representing both the standard SSH client and SSH servers are provided which implement the protocol specification for user sessions and port forwarding." Supported features include public key and password authentication the SFTP protocol. This is a bug fix release. J2SSH is published under the LGPL.

Websina has released Bugzero 2.3.2, a $999 payware Web-based bug tracking system that supports multiple projects, group-based access, automatic bug assignment, file attachment, email notification, and metric reports. Bug Zero is written in Java and can run on top of various backend databases including MySQL.

Sunday, April 13, 2003

Topher ZiCornell has posted the Xephyrus Data Structures Tag Library 0.3. Xephyrus enables you to create and manipulate the contents of common Java data structures such as maps and lists from within Java Server Pages (JSP) using tags. 0.3 gives the container tags a file attribute allowing defaults to be loaded from a file. this is mostly a bug fix and code cleanup release. Xephyrus is published under a BSD license.

Saturday, April 12, 2003

 ej-technologies GmbH has released version 2.2.1 of JProfiler, a $548 payware profiler based on the Java virtual machine profiling interface (JVMPI that can report on CPU usage, memory size, threads, and "VM telemetry" (whatever that is). Version 2.2 added support for profiling Java Web Start applications, a class-resolved real-time allocations monitor, offline profiling for scripted profiling runs, a profiling API for programmatically controlling JProfiler at run time, IDE integrations for IntelliJ IDEA and Borland JBuilder 8, and new application server integration wizards for Websphere 5 and Sun ONE Application Server 7. Upgrades from previous versions are free. Version 2.2.1 adds support for IBM 1.4.0 and Bea JRockit.

IronGrid has released IronEye SQL, a $195 payware JDBC performance analysis tool that allows developers to view a graph of all SQL statements that pass through the JDBC driver.

IronGrid has also released IronEye Cache, a drop-in JDBC cache that "provides patent-pending 'Point-n-Click' caching, and works with any application using JDBC, any database, and requires no code changes. Using a console that shows all of the SQL flowing between an application and a database, instantly select and enable caching on any SQL statement with the click of a button and with no modification to the source code of an application. To ensure the integrity of an application's data, IronEye Cache is a write-through caching solution, immediately committing data to the database when an update occurs." IronEye Cache is $695 payware ($495 through June 15.)

Integration New Media has released Moka Xtra, (nee Java Xtra), a $499 payware Macromedia Director plug-in that allows Lingo to control Java objects.

Michael Krause has posted, JinSitu 0.3, an open source "interactive introspection environment for Java and Jython." The JScrapbook evaluates Jython code and lets you explore object trees. "As you navigate Java classes and methods, the corresponding javadoc is displayed."

Friday, April 11, 2003

Nathan Fiedler's released version 2.15 of JSwat, a graphical, stand-alone Java debugger built on top of the Java Platform Debugger Architecture. Features include breakpoints, source code viewing, single-stepping, watching variables, viewing stack frames, and printing variables. Version 2.15 provides new keyboard mnemonics for all menus and the command input field, adds a new goto-line menu item, shortens method descriptors, includes an option to display static final fields, and fixes various bugs. JSwat is published under the GPL.

Jim Menard's posted version 0.7.7 of DataVision, an open source "database reporting tool similar to Crystal Reports". DataVision is written in Java and supports multiple databases including PostgreSQL, MySQL, and Oracle. This is a bug fix release.

Thursday, April 10, 2003

I've posted version 1.0d11 of XOM, my tree-based API for processing XML with Java. XOM strives for maximum simplicity and absolute correctness. The new feature in this release is an ANT build file. This should make it much easier to compile XOM from source. ANT is not included though. You'll have to download and install it separately.

There are no API-level changes in this release. All code that ran before should still run. This release does a few assorted bugs reported by users. Not surprisingly these all appeared in the Builder and Serializer classes, which out of all the classes in XOM are the least well-covered by unit tests. I've expanded the unit tests to catch these and related bugs. The unit tests all pass, assuming you use a non-buggy SAX2 parser. However, if you run the JUnit GUI from the ANT build file, some confusing class loader issues cause the more-buggy Crimson to be loaded instead of the less-buggy Xerces. This breaks four unit tests. Everything should pass if you run the tests directly instead of from ANT. (That is, type "java -Xmx96m junit.swingui.TestRunner nu.xom.tests.XOMTests" instead of "ant testui".) If anyone can explain to me how I might fix this, I'd appreciate it.

Robert Oloffson has posted version 0.29 of Java Memory Profiler (JMP). JMP uses the Java Virtual Machine Profiling Interface (JVMPI) interface to track objects and method times in a JVM . It uses a GTK+ interface to display statistics. The current instance count and the total amount of memory for each class is shown as is the total time spent in each method. This release implements various speed-ups. JMP is written in C for Linux. This is a bug fix release. JMP is published under the GPL.

Wednesday, April 9, 2003

Fox News has reported that the U.S.'s possibly successful assassination attempt on Saddam Hussein this past Monday may have been enabled by bad crypto. Whether the US-UK simply broke Iraq's Racal Jaguar V system (purchased from the UK in the 1980s) or whether the vendor deliberately crippled it before the initial sale is not yet known. Then again, maybe not. There are also reports that Saddam was visually observed entering the site that was bombed by human spies. Which story is true (if either) and which is deliberate misinformation, I simply don't know.

The Apache Project has released version 1.5.3 of Ant, the popular XML based, open source build tool for Java. This is mostly a bug fix release.

Apple has released Macintosh Runtime for Java 2.2.6 for Mac OS 9 to fix some bugs that prevent Oracle 11i client applications from talking to Oracle application servers over HTTPS. They recommend you not update unless you're exxperiencing this specific problem.

Tuesday, April 8, 2003

The Apache Jakarta Project has released POI 1.10, an open source Java library for "manipulating various file formats based upon Microsoft's OLE 2 Compound Document format. OLE 2 Compound Document Format based files include most Microsoft Office files such as XLS and DOC."

Monday, April 7, 2003

The Jakarta Apache Project has released Commons Logging 1.0.3. This "is an ultra-thin bridge between different logging libraries. Commons components may use the Logging API to remove compile-time and run-time dependencies on any particular logging package, and contributors may write Log implementations for the library of their choice." 1.0.3 "is primarily a maintenance and code cleanup release with minimal new features."

Steve Roy has released Screenable Menu Bar 1.0, "a small set of classes which adds the logistics needed to make menu bars conform to the Mac OS screen menu bar requirements without sacrificing the usual way of presenting menu bars on other platforms. On Mac OS and Mac OS X, the menu bar sits at the top of the screen, contrary to other platforms that locate a distinct menu bar in each frame. This difference in UI design makes it challenging to write code that gracefully handles all platforms, and the classes in Screenable Menu Bar improve on the existing AWT and Swing classes to fill the gap." Java 1.1 or later is required. Both the AWT and Swing are supported.

Mark Hale's posted version 0.901 of JSci, a class library containing many useful mathematical and scientific functions such as complex arithmetic. New features in this release include

Sunday, April 6, 2003

Nick Sydenham has released JCards 3.6, "a free Java application designed to store and manage data in any format that the user defines. Instead of having multiple applications to manage passwords, music databases, shopping lists, etc, JCards allows the user to define a database that contains the fields they want and to customise it in many ways. This is all accomplished via an easy to use interface that requires no understanding of SQL or any other database jargon; in effect JCards is a front-end on to a flat-file database." JCards is published under the GPL.

Version 0.8.4 the Abbot GUI testing framework has been released. New features in this release include:

Michael B. Allen's posted jCIFS 0.7.5, an SMB client library written in pure Java. It supports Unicode, named pipes, batching, multiplexing I/O of threaded callers, encrypted authentication, full transactions, domain/workgroup/host/share/file enumeration, NetBIOS sockets and name services, the smb:// URL protocol handler, RAP calls, and more. The API is similar to java.io.File. Version 0.7.5 refines the NTLM HTTP authentication code and fixes a few bugs. jCIFS is published under the LGPL.

Julien Ponge has released IzPack 3.0.7, an open source tool for building cross-platform installers in Java. It's published under the GPL. Version 3.0.7 adds a Slovakian translation and updates the Japanese, Russian, and Dutch translations. It also enables uninstallers to run scripts.

Jim Menard's posted version 0.7.6 of DataVision, an open source "database reporting tool similar to Crystal Reports". DataVision is written in Java and supports multiple databases including PostgreSQL, MySQL, and Oracle. This is a bug fix release.

Saturday, April 5, 2003

Yesterday's sessions from the Computers, Freedom, and Privacy conference have been posted in WMA and MP3 formats. In my opinion, the ones most worth listening to are the morning sessions:

It's a shame the "Presentation of Stupid Security Awards" isn't online. It was absolutely hilarious.

Akamai appears to have decided to censor Al-Jazeera's English site by cancelling the mirroring contract they had signed. The site is back up after being hacked by persons unknown who, like Akamai, don't believe free speech should extend beyond the U.S. corporate media such as CNN and Fox News. However, it doesn't seem to have anything more than headlines at the moment.

Friday, April 4, 2003

Yesterday's sessions from the Computers, Freedom, and Privacy conference have been posted in WMA and MP3 formats. In my opinion, the ones most worth listening to are the morning sessions:

Notes from the Friday sessions at the CFP conference follow. I'm not sure if I should be posting these in chronological order or archaeological order (most recent on top) like I usually do.

The first session is Auto ID: Tracking Everywhere. According to Katherine Albrecht, the government is gearing up to track grocery purchases (through those frequent shopper discount cards) and just about everything else. Radio frequency ID tags will expand this and make it more accurate. Shopper card records are being linked to video records from the security cameras. IBM is developing heat sensors to watch shoppers. GPS trackers are used in Albertson's shopping carts already to track shoppers through the store. Benetton and Gillette are the early movers among consumer products manufacturers. Europe may embed these in bank notes. These may also be embedded in envelopes to track mail, FedEx parcels, and so forth to track peoples' mail.

She also suggests that the MIT Auto-ID Center is "blowing smoke" about working with privacy groups. She thinks they have not actually done so. Marc Rotenberg of EPIC is their "greatest fear." They are deeply worried that someone might mobilize latent consumer disgust with this technology into actual opposition. This center and its public policy subcommittee is working to spin the issues and minimize and coopt opposition, not how to actually address the real issues.

Richard M. Smith predicts that EZPass may eventually be bundled with license plates to allow them to be read by computers and track where people drive. Verichip now wants to put RFID chips in people. (They've already been putting chips in pets for years.)

Mark Roberti says the Prada store in New York is using this stuff. Gillette is not yet using these in consumer products except for some test runs with Wal-Mart that have a three-inch range.

Thursday, April 3, 2003

Notes from the afternoon sessions at the CFP conference follow. I'm not sure if I should be posting these in chronological order or archaeological order (most recent on top) like I usually do.

The first afternoon plenary is "Data Retention in Europe and America." According to speakers from Ireland, Italy, and the UK, the situation in Europe has gotten a lot worse since 9/11. Governments are introducing very bad new laws, and violating the privacy protection laws they already had. Many are blaming the U.S. for forcing the issue. (Yesterday, someone noted that the U.S. government refused to allow European planes to land in the United States unless they provided passenger manifests. Today it appears that such provision may violate European Union law, but the airlines are doing it anyway.) There also appears to be a little bit of governments on all sides colluding to blame each other for "forcing" them to do what they really wanted to do.

At the lunch breakout session (Very annoyingly, the wireless network doesn't reach here so I can't google on what people are talking about as they're talking or post in real time) on "Trusted Computing" Joe Pato from Hewlett Packard gave an interesting intro to the Trusted Computer Platform Architecture (TCPA for short). So far it doesn't sound too bad. It's pure opt-in, and opt-in is not permanent. It allows for pseudonymous identities.

David Rosenthal of the Stanford Library wants to allow purchasers of journals and articles to store and keep indefinitely their own copies, rather than renting access to the publisher's site. In his words, "Lots of copies keep us safe." A central site (where centralization can be either geographic or organizational) can be taken down by government or other censors, natural disaster, manmade disaster, or publisher bankruptcy. Decentralization helps keep the copies available over periods of centuries. Digital rights management prevents this, and in practice makes data disappear over time.

Earlier, Pato said that trust is defined as means being able to rely that the computer will do what you expect it to do. Now, Mike Godwin of the Electronic Frontier Foundation points out that trusted computing is actually about someone else trusting you, not you trusting your computer. Theodore Tso points out that this will severely limit open source software since it can't participate in the universe of trusted documents. It does nothing to prevent things like the SQL slammer worm or the various e-mail viruses. Princeton's Andrew Appel then noted that TCPA will severely restrict the auditability of software by security researchers, thus removing help finding bugs and incentive to fix them. Then that a hacker could break into a central server that uses TCPA to protect its content such as Sony, and use Sony's trust to both install viruses onto client systems and prevent their removal by normal antivirus software.

In Q & A, Mike Godwin notes that the DMCA makes it illegal to break the TCPA system. Joe Pato notes that if Linux can take over on the desktop before TCPA can pick up steam (as Larry Ellison, among others, appears to think it will) then a lot of the open source fears for this technology will evaporate because they require Microsoft to be able to leverage a monopoly position in order to lock us into Word and Windows. Another interesting point, though I forget who brought it up: the Office EULA apparently prohibits users from running Office on any operating system other than Windows. So much for Wine. However, I say to that what I say to all those stores that put up signs saying "We reserve the right to inspect customer bags." You can put up a sign (or write language in an EULA) saying you can fly like Superman. That doesn't make it true.

I'm getting really, really sick of the wake-on-sleep problem with this PowerBook. I'd say 80% or more of the time I have to force reboot followed by a full fsck to either wake up or even just startup after a shutdown. This does not normally happen when I'm at home, only when I'm on the road and shutting down and starting up and sleeping and waking and plugging in the power cord and unplugging it and attaching and deattaching external monitors (though I'm not doing that last one at this show since I'm not speaking here) frequently.

Sun has posted the first beta of Java 1.4.2 (Java 2 Software Development Kit 1.4.2) for Linux, Windows, and Solaris. Important changes and new features include:

Yesterday's sessions from the Computers, Freedom, and Privacy conference have been posted in WMA and MP3 formats. In my opinion, the ones most worth listening to are the morning sessions:

This morning began with a session on "Internet Architecture & Free Speech" in which Microsoft representative Paula H. Ford argued for government regulation and against monopoly abuse (and she even managed to keep a straight face while doing this!) while the cable company representative Mike Schooler argued against government regulation. Among other reasons he cited against regulation was to allow the cable ISP to insert additional pop-up ads in the data stream, so that when you're surfing amazon.com your cable ISP can sell a pop-up to Barnes & Noble. (He apparently believes ISPs should be allowed to do this.)

In the second session, Dinah PoKempner of Human Rights Watch is giving case histories of several Internet Dissidents, writers who've been jailed and in some cases tortured for things they've said online in countries that include China, Vietnam, and Tunisia.

Bobson Wong, executive director of the Digital Freedom Network, is discussing the use of the Internet among human rights activists, particularly in less wired countries. Among other notes, he's complaining about the state of the user interface and ease of use issues for crucial Internet software, especially PGP.

A little later (I'm moving out of chronological order here) Patrick Ball, Science and Human Rights Program AAAS, is discussing some ways to improve the user experience with cryptography to avoid Ellison's law--"The userbase for strong cryptography declines by half with every additional keystroke or mouseclick required to make it work."-- (FYI, I'm typing and uploading this in real time, so I'm not fact checking each detail like which Ellison, Larry or Harlan or someone else defined the law, or whether Mr. Ball is still at the AAAS. If I find a mistake like this, I'll fix it as soon as I notice. OK. I found that. This law belongs to cryptographer Carl Ellison. Harlan Ellison's law is that "The two most common elements in the universe are hydrogen and stupidity.") Ball is also concerned not just about cryptography but about backup. Apparently in many countries the theft of computers from human rights activists by the government (he calls them the "bad guys") is a real problem. They need safe, off-site, encrypted backup. It also has to be very easy-to-use and very automatic. It is not for techies or system administrators. It must be designed for end users who in this case happen to be human rights activists.

Benetech has begun writing some open source software to do this called Martus. (Martus is the Greek word for witness.) The Martus system will:

  1. Use built-in encryption to safeguard data;
  2. Enable text-based bulletins about violations to be created quickly;
  3. Securely back up this information and replicate it in multiple locations to protect against loss;
  4. Provide consumers of human rights information with access to the non-confidential portions of bulletins; and
  5. Provide software in an Open Source format, encouraging easy code review to foster an atmosphere of trust and collaboration.

It's currently in beta. Martus is written in Java, but only appears to be supported on Windows.

Elisa Munoz, executive director of Crimes of War, a book/video/website project to document and educate journalists about what the Geneva Convention says is and is not legal in war. Currently, they're running a 24-hour hotline to answer journalists' questions about what is and is not legal in war. Apparently bombing hospitals is illegal as are fake surrender, soldiers wearing civilian clothes, arming of children, blowing up of vital highways, targeting of television and other media outlets, targeting of electrical facilities that are necessary for the delivery of clean water. Also confusingly, not all illegal actions necessarily rise to the level of war crimes. To no great surprise, both sides in the current Iraq conflict seem to be violating multiple elements of the Geneva Convention.

My battery is starting to run low I may have to move for a minute and find an outlet. OK. Found one, though I had to sneak upstairs to the balcony to do it. By the time I got up here, the next session on Internet filters ("The Great Firewall of China - Internet Filtering and Free Expression") had started.

The Balcony
in the ballroom at the New Yorker Hotel

Apparently router based filtering blocks entire IP addresses in order to block just one page. China uses this. Saudi Arabia uses proxy based filtering that can work at the URL level. Australia uses semi-voluntary client side software which less than 1% of users install. Consequently the rather authoritarian government in power down under is considering making it mandatory. However, the Australian government is rather annoyed at some of the culturally-influenced decisions made by the U.S. Bible Belt based vendors of most of their filtering software. South Korea is mandating the use of PICS. Spain is requiring web sites to register with the government or pay large fines. The Spanish representative, Arturo Quirantes, blames this purely on the governments trying to gather more revenue. All the filters are leaky, but Saudi Arabia's is probably the least leaky.

U.S. ISPs are dropping web sites that are seen as opposing the U.S. position in the war, ranging from Al Jazeera to Yellow Times to Rage Against the Machine. The Al Jazeera English site domain name may have been hacked from within Verisign. That hadn't occurred to me before, but given the extensive ties between Verisign and the defense community, that really wouldn't surprise me.

Wednesday, April 2, 2003

I'm spending the next few days at the Computers, Freedom, and Privacy 2003 conference in New York. We do have wireless access here at the show so I'll be reporting on interesting things as they happen.

I don't type fast enough to transcribe even the most important points as they're spoken though. Fortunately the conference has promised to post MP3s of all the sessions as soon as possible. The first recordings should be on the conference web site by this evening.

Bruce Schneier gave the opening keynote. It was his usual argument for rational thought on matters of security, which is familiar to anyone who's read his Counterpane newsletter on a regular basis. What wasn't brought up until the Q&A period, and which Ira Glasser is now addressing as I type this, is that often "security" measures like giving your ID at the airport have nothing to do with security. They have other purposes such as preventing travellers from reselling tickets, and are only rationalized through security arguments.

Bruce Schneier's
keynote at CFP 2003

One issue Schneier raised was the plan to allow inaccurate information in the National Crime Information Center (NCIC) database. He's asked people to sign this petition to the Office of Management and Budget.

10:34: Historian Ed Tenner is now talking about pre-computer-age government management of information about their subjects, especially in Germany and Spain. This I haven't heard before. Apparently the real innovation may not have been computers but file cards and cheap paper.

11:00: At the opening of a panel, Peter Swire pointed out how the government gets to do things to immigrants it can't do to citizens. Restrictions on immigrants is often used as a stalking horse for future restrictions of rights of everyone. According to ACLU executive director Anthony Romero over 1200 immigrants have been secretly detained by the government. Several speakers have noted how racism plays into these calculations, both now and historically.

In the same panel, Jim Dempsey is noting that most legislation like the Patriot Act don't actually improve security. Glasser and Schneier also emphasized that the vast majority of such liberty destructive legislation does not actually improve security. In some cases, it actually harms security. For instance, as Glasser suggested, making it easier to arrest and convict the wrong people means it's more likely that the right people (i.e. the criminals) will still be on the streets committing crimes.

1:30: George Radwanski, the Privacy Commissioner of Canada, appears to be reading a prepared speech. So far, he hasn't said anything very interesting. e.g. The U.S. and Canada have close bonds. All Canadians were deeply affected by the events of September 11, etc. Standard political statements that don't really say anything.

My favorite T-shirt from the conference:

War is peace
Freedom is slavery
Bush is president

Naturally, while I'm at this conference I'm thinking about security, including the security of the PowerBook I'm typing on right now and the wireless network I'm using to upload this file. I'm uploading through raw ftp using BBEdit, which means my password goes out in the clear. Programs like this one really need to at least make secure ftp an option.

I also need to change my password on IBiblio. I like to do that after every trip where I've used lord knows what hotel Internet systems, airport wireless networks, speaker room LANs, and more. Unfortunately, when I tried to change my password yesterday (at home, using ssh) the passwords I wanted to use were all rejected by an aggressive password checking program. Consequently I'm still using the same, possibly compromised password I have been for the last couple of months. The program that is designed to improve security by preventing bad passwords is in fact making the system weaker. The fundamental flaw is the binary fallacy, asking the question whether a password is bad or good, not whether it's better or worse than what I'm using now.

Tuesday, April 1, 2003

The Eclipse Project has released version 1.1.1 of the AspectJ Development Tools for the Eclipse IDE. These support AspectJ 1.1rc1 and Eclipse 2.1.

JScroll 1.0.2 is an open source Swing component that provides a virtual desktop with dynamic scroll bars, dynamic menus, and dynamic button shortcuts.

Topher ZiCornell has posted the Xephyrus Data Structures Tag Library 0.2. Xephyrus enables you to create and manipulate the contents of common Java data structures such as maps and lists from within Java Server Pages (JSP) using tags. This is published under a BSD license.

Lorenzo Bettini has released GNU Source-highlight 1.7, a GPL'd tool for reading Java, C/C++, Prolog, Perl, PHP3, Flex, ChangeLog, and Python code and translating them into syntax highlighted HTML and XHTML. Binaries are available for Unix, and it should compile on Windows with the appropriate libraries. Version 1.7 can now highlight Ruby source code and improves compatibility with non-Gnu makes.

Steve Roy has posted the fourth beta of the Macintosh Runtime for Java (MRJ) Adapter 1.0. This endeavors to provide a "unified API for easy integration of Mac OS specific functionality within your cross-platform Java application" including "menu items provided by the OS, file types and application bindings, opening of files and applications, as well as some interapplication messages. In a broader sense, MRJ Adapter is an API for managing all these things in your application in a way that will work with all platforms and that ensures that your app doesn't look like a second class citizen on the Mac." The MRJ Adapter is published under the LGPL.

Nils Meier has released InstantJ 1.6, a library that can compile and execute Java code or evaluate expressions written in Java on the fly. This is useful when expressions are either assembled programmatically at runtime, read from descriptors, or received from user-input. Version 1.6 adds support for the reuse of CompiledClasses in compilation of new ones or evaluation of Expressions. InstantJ is published under the LGPL.

Peter Graves has released version 0.18.1 of j, an open source, multiwindow programmer's editor written in pure Java. It can syntax color Java, C, C++, XML, HTML, CSS, JavaScript, Lisp, Perl, PHP, Python, Tcl/Tk, Verilog, and VHDL code. Features include automatic indentation, directory buffers, regular expressions, multifile find and replace, autosave and crash recovery, undo/redo, FTP/HTTP support, customizable keyboard mappings and themes. Version 0.18.1 fixes various bugs. j is published under the GPL.

Gefion Software has released LiteWebServer 3.0.2, a modular Web server and Java servlet container based on Tomcat 4.1.24, but "tweaked and extended for easier installation and management." It consists of a set of separately installable modules. The base module provides HTTP/1.1 and the Java Servlet API. Others modules provide JSP support.

MyFaces 0.3.0 is an open source implementation of Java Server Faces that tries to avoid the use of servlet sessions or cookies for saving the client state.

Genie 1.0 is a Java framework for Java Server Page based web applications based on the Model-View-Controller architecture. Its JSP tag library provides services for configuration and session handling, request dispatching, parameter conversion, and validation and error handling. Genie is published under the BSD license.

Older news:

January January, 2003 January, 2002 January, 2001 January, 2000 January, 1999 January, 1998
February February, 2003 February, 2002 February, 2001 February, 2000 February, 1999 February, 1998
March March, 2003 March, 2002 March, 2001 March, 2000 March, 1999 March, 1998
April April, 2003 April, 2002 April, 2001 April, 2000 April, 1999 April, 1998
May May, 2003 May, 2002 May, 2001 May, 2000 May, 1999 May, 1998
June June, 2003 June, 2002 June, 2001 June, 2000 June, 1999 June, 1998
July July, 2003 July, 2002 July, 2001 July, 2000 July, 1999 July, 1998
August August, 2003 August, 2002 August, 2001 August, 2000 August, 1999 August, 1998
September September, 2003 September, 2002 September, 2001 September, 2000 September, 1999 September, 1998
October October, 2003 October, 2002 October, 2001 October, 2000 October, 1999 October, 1998
November November, 2003 November, 2002 November, 2001 November, 2000 November, 1999 November, 1998
December December, 2003 December, 2002 December, 2001 December, 2000 December, 1999 December, 1998

[ Cafe au Lait | Books | Trade Shows | FAQ | Tutorial | User Groups ]

Copyright 2003 Elliotte Rusty Harold
Last Modified April 4, 2003