March 2003 Java News

Monday, March 31, 2003

Keith Long has posted Enterprise Gantt 0.4.5, a Gantt chart library (on its way to becoming a generic charting library ) based on the Model View Controller architecture. Version 0.4.5 can resize tasks using the mouse and edit them via the table. Enterprise Gantt is published under the Q public license.

Sun has released the finished specification of Java Specification Request (JSR) 139 Connected, Limited Device Configuration (CLDC) 1.1. The reference implementation and technology compatibility kit for this version do not seem to available yet, though.

The main goal of the CLDC Specification is to standardize a highly portable, minimumfootprint Java™ application development platform for resource-constrained, connected devices.

Cell phones, two-way pagers, personal digital assistants (PDAs), organizers, home appliances, low-end TV set-top boxes, and point of sale terminals are some, but not all, of the devices that might be supported by this specification.

The most important changes in version 1.1 appear to be:

Sun has posted the first public review draft of JSR 197, Generic Connection Framework Optional Package for J2SE, to the Java Community Process (JCP). "The Generic Connection Framework (GCF) Optional Package for J2SE will permit applications that rely on the GCF in J2ME to migrate to J2SE." Essentially, this means adding package from J2ME to the regular JDK. Comments are due by April 25.

IBM's released the finished specification, technology compatibility kit, and reference implementation of JSR-110, Java APIs for WSDL. According to the spec,

The Web Services Description Language [WSDL] is an XML-based language for describing Web services. WSDL allows developers to describe the inputs and outputs to an operation, the set of operations that make up a service, the transport and protocol information needed to access the service, and the endpoints via which the service is accessible.

Java™ APIs for WSDL [JWSDL] is an API for representing WSDL documents in Java. This document, together with the API JavaDocs, is the formal specification for Java Specification Request 110 (JSR-110).

Refreshingly, the reference implementation is open source, and you don't have to click through any license agreements to read the spec.

JSR-135, Mobile Media API, is now open for maintenance review. The proposed changes seem fairly minor, and mostly clarify a few unclear parts of the existing spec. Comments are due by April 28.

Luke Reeves has released the Java Financial Library 1.6, an open source (LGPL) Java class library that converts between currencies and retrieves stock information using data from Yahoo and Oanda. This is a bug fix release.

Sunday, March 30, 2003

I've returned from Software Development 2003 West, where a good time was had by all. Agile programming was a particularly hot topic this year. Java and C++ were about the same. Interest in XML seems to be tapering off. I think most programmers have learned what they need to know about it. We now return you to your regularly scheduled programming.

Anthony Eden has released FormProc 1.3, an open source Java library for handling and validating forms, including Web forms. Forms are represented as objects which manage a collection of form elements. Submitted data can be validated through several mechanisms including regular expressions, BSF-supported scripting languages, and custom Java classes.

Robert MacGrogan has released SourceJammer 2.0.2, a free source control and versioning system written in Java. SourceJammer "consists of a server-side component that maintains the files and version history, and handles check-in, check-out, etc. and other commands; and a client-side component that makes requests of the server and manages the files on the client-side file system." According to the author, "CVS can be cumbersome to install, maintain, and administer. I believe there is a niche for SourceJammer--a place for a free, simple, easy to understand and configure source control system for small to medium-sized projects. That's the market I have tried to aim for and I believe that SourceJammer makes for an excellent solution at this level." SourceJammer is published under the GPL.

Patrick Beard has released JNIDirect 1.0, a Mac OS X library that generates native methods for Java classes at runtime, linking against user specified Mac OS X frameworks. Ports to other platforms are in the works. JNIDirect is published under the LGPL.

EJBCA 2.0, an open source, Java 2 Enterprise Edition (J2EE) Certificate Authority, has been released. EJBCA can be used standalone or integrated into other J2EE application. It supports multiple levels of certificate authorities, individual enrollment and batch production of certificates, PKCS12 and PEM export, configurable certificate contents. revocation and certificate revocation lists, and more. Version 2.0 adds a Web GUI for administration, speed ups, soft configurable types of signing device, new access control on method invocation, an option to generate JKS or PEM keystores, a CertificatePolicies extension, a return PKCS7 with full path to browsers, new configurable certificate profiles, more alternative names, user profiles for administrators of different groups, improved serial number generation, and a new logging mechanism. EJBCA is published under the LGPL.

Jim Menard's posted version 0.7.5 of DataVision, an open source "database reporting tool similar to Crystal Reports". DataVision is written in Java and supports multiple databases including PostgreSQL, MySQL, and Oracle. This is a bug fix release that enhances compatibility with Java 1.4.

Saturday, March 29, 2003

IBM's Eclipse Project has released version 2.1 of the Eclipse open source Integrated Development Environment for Java. Java 1.3.1 or later is required. New and improved features in version 2.1 include:

Friday, March 28, 2003

I'm at Software Development 2003 West this week so updates are likely a little slow until I return home this weekend. In the meantime, I've posted the notes from the last two classes I'm teaching here:

Thursday, March 27, 2003

Sun has released version 1.1 of the Java Web Services Developer Pack (Java WSDP). This pack bundles together updates to its various component technologies. It includes:

It has been tested on Java 1.3.1 and later.

Tuesday, March 25, 2003

The Jakarta Apache Project has released version 4.1.24 of Tomcat, the servlet container for the Apache web server and the official reference implementation of the Java Servlet API and Java Server Pages (JSP). Version 4.1.24 closes off a denial of service attack which can occur when Tomcat is run with SSL as well as fixing various other bugs.

Saturday, March 22, 2003

Vodafone Group Services Limited has proposed Java Speciifcation Request (JSR) 209, Advanced Graphics and User Interface Optional Package for the J2ME™ Platform, to the Java Community Process. "The Advanced Graphics and User Interface (AGUI) Optional Package will migrate the core APIs for advanced graphics and user interface facilities from the J2SE platform to the J2ME platform. These facilities will include: Swing, Java 2D Graphics and Imaging, Image I/O, and Input Method Framework." Comments are due by March 31.

Watchmark Corporation has proposed JSR 210, OSS Service Quality Management API for J2EE, to the Java Community Process. This suggests "an API via the OSS through Java initiative that allows telecom management applications to be developed and integrated with Java-enabled Service Quality Management Systems." Comments are due by March 31.

Sun has submitted JSR 211, Content Handler API for J2ME to the Java Community Process. According to the proposal,

The purpose of this JSR is to define an optional package for an API and associated model permitting the invocation of J2ME Applications to handle actions on Uniform Resource Identifiers (URI) based on the MIME-type or scheme. For example, A MIDP MIDlet or a Personal Profile Xlet or main can be registered to handle a MIME type and appropriately display its content. The model will allow the application managment software of the device to control the execution of the applications to conserve resources and to enforce the security policy of the device and the Java runtime.

The functions required are registration, launch based on a URI, and retrieving of resource parameters when launched. Registration allows a packaged J2ME application, for example a MIDlet in a MIDlet suite, to be associated with a type and be invoked from any application to handle a URI. One application can use the URI and/or MIME-type to invoke another application. The interactions between the invoking and invoked applications should allow the applications to run sequentially passing parameters and returning results and perhaps regaining control after the handler exits. Each application executes in the appropriate runtime. In a simple example, a game developer could make available new levels as links on a web page. The linked resource's MIME type would be used on the device to start the game and pass the URI. This provides seamless integration possibilities between browsers and applications. The link could be presented to the user in a message, in a browser, or from another application and the device software would dispatch the matching application.

Registration attributes will be defined for application packaging to allow application installers and provisioning servers to correctly identify and register the application.

This optional package will permit enhanced integration of J2ME applications into a device?s application environment; browsers and native applications as well a Java language applications will be able to invoke Java applications which dynamically extend the media types and capabilities supported by the device's application environment.

Comments are due by March 31.

The Change Log for the Java APIs for XML based RPC, JSR-101 has been posted. According to the change log, "The main goal for JAX-RPC 1.1 is to add support for the WS-I BasicProfile 1.0." and "fixing some bugs/inconsistencies in the previous version of the specification and making some limited additions to the APIs as requested by users and implementors of JAX-RPC 1.0." Comments are due by April 21.

The Change Log for the SOAP with Attachments API for Java, 1.2, JSR-67 has been posted.

The goal of this maintenance release is to provide support for the proposed WS-I Basic Profile of SOAP 1.1. In addition we would like to take the opportunity to make a number of corrections and clarifications to the specification and JavaDocs.

The WS-I Basic Profile does not add any capabilities to the SOAP 1.1 document that it moderates. It does, however, promote the use of some SOAP 1.1 features even as it proscribes the use of others. The goal of this change log is to make it easier for applications to create and use messages that are WS-I conformant. This maintenance release is concerned with the following areas:

  1. The use of literal encoding
  2. Access to SOAP 1.1 features that are of increased prominence
  3. Easier conformance to WS-I recommendations

SOAP 1.2 support has been considered and set aside for the current maintenence cycle in order to reinforce the JCP's focus on WS-I support in J2EE 1.4

Comments are due by April 21.

The Eclipse Project has posted Release Candidate 3A of Eclipse 2.1, the open source integrated development environment for Java.

Friday, March 21, 2003

I'm back in New York for a couple of days after a successful trip to the XML & Web Services 2003 show in London. This was one of my best shows in a while. I had several really enthusiastic, interested audiences for my talks, which is always a big help.

Unfortunately neither the conference center nor the hotel had any reasonable Internet access, and outside the U.S., I can't even dial-up at less than $6.00 a minute on a hotel phone. I suppose I could have found an Internet cafe to at least check e-mail, but London normally offers much more interesting things to do with one's limited time. :-) I'm clearing out approximately 3000 e-mails and various news stories now. Sunday I leave again for Santa Clara and Software Development 2003 West. That show and hotel has much better Internet access, so I should be able to post at least occasionally. However, I'll be quite busy throughout the week, and probably won't maintain my usual schedule here.

Robert Lougher has released JamVM 1.0.0, an open source Java Virtual Machine written in C for PowerPC and X86. JamVM conforms to the JVM specification, second edition. It supports the full virtual machine specification including the Java Native Interface (JNI). JamVM is published under the GPL.

A beta of TriActive JDO 2.0 (TJDO) has been posted. TJDO is an open source implementation of Sun's Java Data Objects specification that is "designed to support transparent persistence using any JDBC-compliant database." Supported databases include Cloudscape, DB2, Firebird, MySQL, Oracle 8i, PostgreSQL, SAP DB, and MS SQL Server. Features include:

TJDO is published under the Apache License.

Sun's posted a beta of JavaHelp 2.0 on the Java Developer Connection (registration required). New features since JavaHelp 1.0 include enhancements to merging, multi topic printing, improved secondary window and popup usage, JFC ToolTip HelpSet support, HelpSet presentation controls and additional Navigators. A public review draft of the specification has also been posted.

The JavaPLT group at Rice University has posted a new build of DrJava, an integrated development environment (IDE) for Java that supports interactive evaluation of expressions. This release fixes numerous bugs and adds support for Mac OS X and Apple's Java 1.4.1. DrJava is published under the GPL and requires JDK 1.3 or later.

Jake MacMullin has released JJEdit 1.1, a $5 shareware Java Integrated Development Environment (IDE) for Mac OS X. Features include syntax coloring, auto-completion of Java class names, and JavaDoc and double-clickable .jar files creation. Version 1.1 supports Java 1.4.1 and adds new search features.

Etienne Gagnon has released version 1.0.8 of SableVM, a Java bytecode interpreter (that is, a virtual machine) written in portable C. "SableVM requires an ANSI/ISO C compiler (but preferably GCC) and a POSIX platform. It requires a strong memory model (sequential consistency) on multiprocessor systems. SableVM is currently known to run on the i*86 and alpha processors with GNU/Linux." Version 1.0.8 fixes some bugs. SableVM is published under the GNU Lesser General Public License (LGPL).

Robert Oloffson has posted version 0.28 of Java Memory Profiler (JMP). JMP uses the Java Virtual Machine Profiling Interface (JVMPI) interface to track objects and method times in a JVM . It uses a GTK+ interface to display statistics. The current instance count and the total amount of memory for each class is shown as is the total time spent in each method. This release implements various speed-ups. JMP is written in C for Linux. This is a bug fix release focusing mostly on the GUI. JMP is published under the GPL.

Gaudenz Alder has released version 2.1 of JGraph, an open source graph component for Swing that requires Java 1.3 or later. JGraph is accompanied by Graphpad, an open-source diagram editor for Swing that offers Automatic Layout, Printing, Zoom, and much more. It is available in English, German and French. JGraph is published under the LGPL.

Aleksander Slominski has released miniLogger 1.0.7, a small logger library based on a subset of the Java 1.4 logging API. miniLogger is published under an Apache license.

Jim Menard's posted version 0.7.4 of DataVision, an open source "database reporting tool similar to Crystal Reports". DataVision is written in Java and supports multiple databases including PostgreSQL, MySQL, and Oracle.

Michael Fuchs has posted version 0.4.0 of his DocBook Doclet that creates DocBook SGML and XML documents from JavaDoc. This release rewrites the tokenizer, parser, and transformation engine and supports deeply nested tables.

Friday, March 14, 2003

I'll be travelling for the rest of the month, so updates will be a tad slow here until April. I leave tonight for the XML & Web Services 2003 show in London next week where I'll be talking about DOM Level 3, XSLT 2, XQuery, and other bleeding edge topics. While in London, I'll also be visiting the Extreme Tuesday Club and talking about XOM at a joint meeting of UKUUG and XML UK. Advance registration is required for both events. I think it's members only for the XMLUK/UKUUG meeting, but you were planning on joining one of those anyway, weren't you?

The following week I'll be eight time zones away in Santa Clara for Software Development 2003 West where I'll be discussing various topics related to XML and Java throughout the week, including reprising my Hands On XSLT course first given at SD East in Boston last year. I don't have any user group events planned for this trip, but Wednesday night, March 26, I will be hosting a XOM Birds-of-a-Feather at the pool at the Westin Santa Clara. It's officially for show attendees only; but since I'm paying for the beer, I figure I can invite anyone I want. :-) Details will be posted on the xom-interest mailing list, or drop me a private e-mail if you want to come.

The Blackdown Project has a beta of their port of the the Java 3D API 1.3.1 to Linux. Blackdown's version of Java 3D is built on top of OpenGL so it can take advantage of 3D hardware acceleration. Java 1.4.1 is required.

Sebastiano Vigna's released version 2.5.2 of fastUtil, a collection of type-specific Java maps and sets with a small memory footprint and faster access and insertion. The classes implement their standard counterpart interfaces such as java.util.Map and can be plugged into existing code. Version 2.5.2 changes the package name to fastutil. fastUtil is published under the GPL.

Thursday, March 13, 2003

Sun's posted a maintenance review draft of JSR-52, A Standard Tag Library for JavaServer Pages. Comments are due by April 7.

The Software Development 2003 West conference taking place in Santa Clara in two weeks (March 24 to March 28) is looking for a few more volunteers to man doors, check badges, collect evaluation forms and the like. In return for sitting in front of a door for a day (and listening to the sessions in that room), you get free admission for a day of attending anything you want at the conference.

Nathan Fiedler's released version 2.14 of JSwat, a graphical, stand-alone Java debugger built on top of the Java Platform Debugger Architecture. Features include breakpoints, source code viewing, single-stepping, watching variables, viewing stack frames, and printing variables. Version 2.14 adds a few small interface improvements and bug fixes. JSwat is published under the GPL.

Jim Menard's posted version 0.7.3 of DataVision, an open source "database reporting tool similar to Crystal Reports". Version 0.7.3 evaluates formulas in hidden fields.. DataVision is written in Java and supports multiple databases including PostgreSQL, MySQL, and Oracle.

Wednesday, March 12, 2003

The Jakarta Apache Project has posted the first beta of the Commons FileUpload component. "FileUpload makes it easy to add robust, high-performance, file upload capability to your servlets and web applications. FileUpload parses HTTP requests that conform to RFC 1867, 'Form-based File Upload in HTML'. That is, if an HTTP request is submitted using the POST method, and with a content type of 'multipart/form-data', then FileUpload can parse that request, and make the results available in a manner easily used by the caller."

Nicholas Sushkin has released Javadoc Search 1.0.0, a Perl "CGI script for indexing and searching html files produced by javadoc tool. Javadoc-search allows fast and convenient regular expression search for class and class member names and for full method signatures that include argument types. Javadoc-search examines index html pages generated by javadoc and installed in the local webserver document tree and builds its own index for classes, class members, and class methods. Whenever a search query is submitted, javadoc-search quickly matches the query against the index and displays a list of matching links. Javadoc-search provides assorted search and match display options." Javadoc Search is published under the GPL.

Tuesday, March 11, 2003

PartNET has released Quartz 1.0.6, an open source "job scheduling system that can be integrated with, or used along side virtually any J2EE or J2SE application. Quartz can be used to create simple or complex schedules for executing tens, hundreds, or even tens-of-thousands of jobsÑwho's tasks are defined as standard Java components or EJBs."

Monday, March 10, 2003

Apple's released Macintosh Runtime for Java 1.4.1 (OS X 10.2.3 and later only). I'm downloading it through Software Update now. This is the first time in my memory Apple's been relatively up to date with Java compared to Solaris and Windows. Initial reports are that it's quite buggy though, especially with regards to Swing apps. However, it installs side by side with the older 1.3.1 virtual machineso you can still use that version if you prefer.

Sunday, March 9, 2003

Several correspondents have dug out their old copies of Java 1.0 source code to prove that Strings weren't mutable even then. Strings were mutable in some pre-1.0 betas, but there really doesn't seem to have ever been a release verison of Java that needed copyValueOf. I can only surmise that its continued presence in the API is an oversight. I've filed a bug report with Sun. We'll see what they say about it.

David A. Wheeler's released SLOCCount 2.22, a suite of programs for counting physical source lines of code (SLOC) in possibly large software systems (such as the Linux code base). SLOCCount can count most major languages including Java. SLOCCount runs on Linux, FreeBSD, and Windows with Cygwin. SLOCCount is published under the GPL.

Etienne Gagnon has released version 1.0.7 of SableVM, a Java bytecode interpreter (that is, a virtual machine) written in portable C. "SableVM requires an ANSI/ISO C compiler (but preferably GCC) and a POSIX platform. It requires a strong memory model (sequential consistency) on multiprocessor systems. SableVM is currently known to run on the i*86 and alpha processors with GNU/Linux." Version 1.0.7 can execute classes compiled using Jikes 1.18 and fixes assorted bugs. SableVM is published under the GNU Lesser General Public License (LGPL).

Sun has submitted Java Specification request 206 (JSR-206) Java API for XML Processing (JAXP) 1.3 to the Java Community Process. The main goal of this release is to bring JAXP up to spec with XML 1.1, Namespaces 1.1, DOM Level 3, and SAX 2.0.1. It also suggests:

Personally, I'd prefer the working group spend more time on more carefully specifying what the methods already in the javax.xml packages actually do before they worry about new features. A lot of the methods there are grossly underspecified. For instance, how does the identity transform behave when transforming a DOM Document object that has namespaced elements but no namespace declaration attributes? Does a SAXResult invoke startDocument() and endDocument() in its ContentHandler when the transform only produces a document fragment? Comments are due by March 17.

Saturday, March 8, 2003

Nicholas Sydenham has released JCards 3.5, "a free Java application designed to store and manage data in any format that the user defines. Instead of having multiple applications to manage passwords, music databases, shopping lists, etc, JCards allows the user to define a database that contains the fields they want and to customise it in many ways. This is all accomplished via an easy to use interface that requires no understanding of SQL or any other database jargon; in effect JCards is a front-end on to a flat-file database. JCards was initially developed to run on a Sharp Zaurus SL-5x00 PDA, but will also run on any PocketPC PDA that has a JVM installed." JCards is published under the GPL.

Friday, March 7, 2003

So far nobody's been able to explain why there are both valueOf and copyValueOf methods in the String class. The most common hypothesis (based on comments in the source code) is that at one point in time strings were mutable. However, that hasn't been true since at least Java 1.0.2. It may not have been true in Java 1.0, but nobody's memory or backup tapes (including mine) seem to go back that far in prehistory.

Sun has submitted Java Specification Request (JSR) 208 JavaTM Business Integration (JBI) to the Java Community Process (JCP). According to the submission,

Java Business Integration JSR (JBI) extends J2EE with business integration SPIs. These SPIs enable the creation of a Java business integration environment for specifications such as WSCI, BPEL4WS and the W3C Choreography Working Group.

The industry is currently on the path to define standards for business integration that form a new layer of standard metadata in the web services stack. While this work is not complete as yet, the general shape of this standard metadata can be seen in the WSCI and BPEL4WS proposals. The industry needs a standard in this space and we look to the recently chartered W3C Choreography Working Group to drive the convergence of these and other related efforts. The JBI SPIs will reflect the industry consensus that emerges from this work.

Comments are due by March 17.

BEA Systems has submitted JSR 207 Process Definition for Java to the Java Community Process. According to the submission,

The specification will define metadata, interfaces, and a runtime model that enable business processes to be easily and rapidly implemented using the Java language and deployed in J2EETM containers. Process Definition for Java will provide a functional foundation upon which J2EE programmers can implement business processes. This foundation will support tasks commonly encountered when programming business processes, for example parallel execution and asynchronous messaging, while leveraging the programming constructs of Java. As such, the foundation can also be used to build Java implementations of business process initiatives such as BPEL4WS, WSCI, and W3C Choreography.

Process Definition for Java will build on Java Language Metadata technology (JSR-175) to provide an easy to use syntax for describing a business process at the source code level for the J2EE platform. Metadata will bind data and tasks within the process definition to variables, classes, and tasks in the source code. The metadata will be amenable to manipulation by tools.

The specification is intended to provide a set of programming interfaces for advanced business process programming and access to data manipulated directly by the business process.

Comments are due by March 17.

Sun's posted the proposed final draft specification for the Java Servlet API 2.4 in the Java Community Process (JCP). Quoting more or less directly from the draft spec, changes since version 2.3 include:

It's not obvious what's changed since the previous draft.

PalmSource has posted the proposed final draft of JSR-75, PDA Optional Packages for the J2ME Platform, in the Java Community Process. This includes a File Connection Optional Package and a PIM Optional Package.

Friday, March 7, 2003

Sun's posted the second proposed final draft specification for the Java Servlet API 2.4 in the Java Community Process (JCP). Quoting more or less directly from the draft spec, changes since version 2.3 include:

Thursday, March 6, 2003

While teaching my CS 905 Intro to Java course for probably the 24th time last night, I noticed something that had managed to slip by me the previous 23 times. Can someone please explain to me why there are both of the following methods in java.lang.String?

 public static String valueOf(char data[])
 public static String copyValueOf(char data[])

(There are also subarray variants of each of these.) As near as I can tell without looking at the source code, they do exactly the same thing, create a copy of the data array and make a new string from that copy. Neither of these methods is deprecated. Both appear to have been in Java since at least 1.0.2. Why are there two methods instead of one? Thoughts to If anyone can explain this, I'll post the answer here tomorrow.

Sun's posted the public review draft of the Java Specification Request 127. Java Server Faces in the Java Community Process. Sun's also posted the third early access release of Java Server Faces on the Java Developer Connection (registration required). Quuoting from the web page,

JavaServer™ Faces technology simplifies building user interfaces for JavaServer applications. With the well-defined programming model that JavaServer Faces provides, developers of varying skill levels can quickly and easily build web applications by: assembling reusable UI components in a page, connecting these components to an application data source, and wiring client-generated events to server-side event handlers. With the power of JavaServer Faces technology, these web applications handle all of the complexity of managing the user interface on the server, allowing the application developer to focus on application code.

JavaServer Faces technology includes:

  • A set of APIs for: representing UI components and managing their state, handling events and input validation, defining page navigation, and supporting internationalization and accessibility.
  • A JavaServer Pages™ (JSP™) custom tag library for expressing a JavaServer Faces interface within a JSP page.

Comments are due by April 18.

Tanuki Software has released the Java Service Wrapper 3.0.0. The Wrapper makes it possible to install Java applications as Windows NT Services. "The scripts provided with the Wrapper also make it very easy to install those same Java Applications as daemon processes on UNIX systems. The Wrapper correctly handles user logouts under Windows, service dependencies, and the ability to run services which interact with the desktop."

Søren Bak has released Primitive Collections for Java 1.1, "a set of collection classes for primitive data types in Java. The goal is to provide an efficient alternative to the Java Collections Framework (JCF) when using primitive data types, such as int, boolean, or double." Version 1.1 completes "a branch of the map interface hierarchy and make the API interact better with client Java code." PCJ is published under the LGPL.

Version 1.6.4 of JUnitEE ,an open source extension to JUnit that allows standard test cases to be run from within a J2EE application server, has been released It is composed primarily of a servlet which outputs the test results as HTML. This release fixes various bugs.

Wednesday, March 5, 2003

Sun's released the Java Architecture for XML Binding 1.0 (JAXB) specification, reference implementation, API docs, and technology compatibility kit. JAXB compiles an XML schema into one or more Java classes. (First mistake: JAXB assume there's a schema. Second mistake: It assumes the schema is written in the W3C XML Schema Language.) JAXB can unmarshal schema-valid XML into Java objects; read, update and validate the Java objects against the schema, and write the result back out as XML. This API is unfortunately fundamentally flawed. The misconception that cripples it appears on the very first page:

An XML document need not follow any rules beyond the well-formedness criteria laid out in the XML 1.0 specification. To exchange documents in a meaningful way, however, requires that their structure and content be described and constrained so that the various parties involved will interpret them correctly and consistently. This can be accomplished through the use of a schema. A schema contains a set of rules that constrains the structure and content of a documentÕs components, i.e., its elements, attributes, and text. A schema also describes, at least informally and often implicitly, the intended conceptual meaning of a documentÕs components. A schema is, in other words, a specification of the syntax and semantics of a (potentially infinite) set of XML documents. A document is said to be valid with respect to a schema if, and only if, it satisfies the constraints specified in the schema.

Documents can in fact be exchanged meaningfully without schemas, and without correct and consistent interpretation. You may, after all, want to do something very different with a document than I want to do with it. You might want <month>January</month> to be a date and I might want it to be a string, a search key, or even a proper name. Your use and understanding of the data need not affect my use or unserstanding of the same data. Nor do documents need to be valid in order to be useful. For instance, the page you're reading now claims to be XHTML, but it's not valid according to the XHTML DTD. Did you notice? Do you care? JAXB's view of XML is far too limited. The mind set and preconceptions that led to JAXB were formed in the realm of compiled, binary systems that operate inside a single computer. The heterogenous, networked world of XML documents is far broader than that. JAXB is limited to the impoverished domain of single systems where everything agrees on what documents mean, how they're formed, and what should be done with them.

Sun has also released the Java Web Services Developer Pack 1.1 which includes the reference implementation for JAXB 1.0 as well as

Sun's posted a release candidate of the Java Advanced Imaging API 1.1.2 for Windows, Solaris, and Linux on the Java Developer Connection (registration required). This version of the API adds operations for "mosaicking", optimal color quantization, and thumbnail generation, improved exception handling, better memory management, and enhanced support for native acceleration of unsigned 16-bit operations. Java 1.3 or later is required.

Sun's posted the proposed final draft of the Java Specification Request 124. Java 2 Enterprise Edition (J2EE) Client Provisioning Specification in the Java Community Process. According to the introduction,

This specification defines an extension to the Java™ 2, Enterprise Edition (J2EE™) platform that is targeted at enabling J2EE™ application servers with facilities for building provisioning applications. The server running provisioning applications is known as a provisioning server. A provisioning server allows a variety of client devices to discover services and to have them delivered to the device.

This specification defines the programming API that developers use to write provisioning applications, and a packaging format to enable seamless addition of services that the provisioning server will provision.

Sun's also posted a beta of the J2EE Client Provisioning Reference Implementation on the Java Developer Connection (registration required). "J2EE™ Client Provisioning technology extends J2EE to enable the development of provisioning portals that manage and distribute applications and content to a variety of client devices. This early access implementation of the specification for J2EE Client Provisioning includes support for J2ME™ MIDP and J2SE™ devices. It allows developers to experiment with the technology, and includes a sample provisioning portal and detailed getting started and installation instructions."

Tuesday, March 4, 2003

The Apache Project has released version 1.5.2 of Ant, the popular XML based, open source build tool for Java. This is a bug fix release.

Monday, March 3, 2003

The Eclipse Project has posted the fifth milestone release of Eclipse 2.1, their open integrated development environment for Java. This is the first release candidate for Eclipse 2.1. It adds more refactorings, improved Ant and CVS support, plug-in export, find in file, and various user interface improvements.

Sunday, March 2, 2003

Sun's released a minor maintenance update to the Java Development Kit 1.4.1. Version 1.4.1_02 fixes about two dozen assorted bugs.

Slava Pestov's released jEdit 4.1, an open source programmer's editor written in Java. This is my editor of choice on Linux and Windows these days. This release mostly makes a number of improvements in the user interface and existing features. It also adds syntax highlighting for 15 new languages.

The Object Refinery has posted JFreeReport 0.8.1, an open source Java class library for generating reports that outputs PDF. This release adds suport for outputting reports as Excel, HTML, XHTML, Commma Separated Values (CSV), plain text and XML. Java 1.3 or later is required. JFreeReport is published under the GNU Lesser General Public Licence (LGPL).

Saturday, March 1, 2003

The war in Iraq seems even more inevitable today. The U.S. government now says it will attack, with or without a U.N. resolution, even if Baghdad disarms completely and is in full compliance with all U.N. resolutions, as long as Saddam Hussein is in power. There's been a lot of talk lately about likely war strategies, in the event of the seemingly inevitable conflict in Iraq. A lot of talking heads are discussing street fighting in Baghdad and possible chemical weapons attacks. I don't know anything about that. Maybe Saddam will. Maybe he won't.

There's also been talk of Iraqi-backed major terrorist strikes in the U.S. This I tend to doubt. In the past thirty years, Saddam has shown little taste for the sort of isolated actions terrorists can take, and a decided preference for large scale military engagements. The sort of personality that likes to run a government and control big armies through bureaucracy and fear isn't the sort of personality that likes to camp out in the mountains of Afghanistan and inspire a few crazed individuals to suicide. On the other hand, I do suspect that the war in Iraq and subsequent occupation will inspire far more maniacs like Osama bin Laden and Mohammed Atta to launch terrorist attacks on the U.S. in coming years, even if it's not Saddam'a personal cup of tea. But that's still some time away.

However, I have been thinking lately about something I do know about, which is the Internet, and it scares me a great deal. The inspections have proven that Saddam has few if any weapons of mass destruction. His military has been crippled by the Gulf War and its aftermath. He has effectively no chance to stop the U.S. in the field. He may be able to cause a lot fo casualties in Baghdad, but that won't save him in the end. Is there a way he can do massive damage to the U.S. anyway? And I'm scared because I think the answer is yes, he can.

What I'm worried about is a massive attack on the Internet. Iraq is one of the least wired countries on the planet. Such an attack would be effectively unidirectional. It would hurt the rest of the world, and not affect Iraq hardly at all. Is such an attack possible? Absolutely. There are holes all over the Internet in both the core protocols like BGP and the operating systems that run it like Linux and Windows. Until now, we've been lucky. Most of the attacks have been written by socially inept, pimple faced geeks and script kiddies who've mostly wanted to see what they could do without causing any real damage. Now imagine what a team of well-funded, intelligent military men who are actively trying to do damage could do. Imagine if Code Red or any opf the Outlook Express worms had deliberately erased, corrupted, or stole data. Imagine if the worms had been written by careful engineers instead of script kiddies so that they were a lot more virulent and effective? Imagine if these engineers had discovered security holes and attack vectors that had not been previously revealed and for which no patches were immediately available. Can you imagine the havoc?

I don't have any information whatsoever that Saddam is planning anything like this. It's pure speculation. Saddam's an old man in an unwired country, and such an attack may not even have occurred to him or his advisors; and if it did he may not have thought it worthwhile. But it wouldn't be hard. A few good programmers sitting in an apartment somewhere in Europe could easily pull it off, and given the current state of the Internet it would be very hard to defend against.

I hope I'm wrong, but I'm scared I'm right. Either way, better safe than sorry. It's time to get ready for the worst worms we've ever encountered. Please install all the latest security patches. Please make sure you've got safe, restorable backups going back at least a week. Crucial data should be backed up onto read-only media like CDs or even paper. Please put firewalls in place, and start filtering any suspicious traffic. If a system doesn't need to be connected to the network, don't connect it. Have backup plans in place for how your organization will run if the Internet goes down for a week, a month, or more. If I'm wrong and there's no cyber-attack in the upcoming war, then no big loss. You've just prepared a little better for the next script kiddie attack, which you probably should have done anyway. If I'm right, you may have saved your computers, your job, or even a life.

Older news:

January January, 2003 January, 2002 January, 2001 January, 2000 January, 1999 January, 1998
February February, 2003 February, 2002 February, 2001 February, 2000 February, 1999 February, 1998
March March, 2003 March, 2002 March, 2001 March, 2000 March, 1999 March, 1998
April April, 2003 April, 2002 April, 2001 April, 2000 April, 1999 April, 1998
May May, 2003 May, 2002 May, 2001 May, 2000 May, 1999 May, 1998
June June, 2003 June, 2002 June, 2001 June, 2000 June, 1999 June, 1998
July July, 2003 July, 2002 July, 2001 July, 2000 July, 1999 July, 1998
August August, 2003 August, 2002 August, 2001 August, 2000 August, 1999 August, 1998
September September, 2003 September, 2002 September, 2001 September, 2000 September, 1999 September, 1998
October October, 2003 October, 2002 October, 2001 October, 2000 October, 1999 October, 1998
November November, 2003 November, 2002 November, 2001 November, 2000 November, 1999 November, 1998
December December, 2003 December, 2002 December, 2001 December, 2000 December, 1999 December, 1998

[ Cafe au Lait | Books | Trade Shows | FAQ | Tutorial | User Groups ]

Copyright 2003 Elliotte Rusty Harold
Last Modified March 9, 2003