Archive for January, 2009

Jano25

Christian Decker

0

Migrating to JRockit

I’ve been bothered with the now famous PermGen Space error while developing a web application on a local jetty instance quite often, and I was hoping that the problem wouldn’t prove to be that serious once deployed on a tomcat server, but quite the opposite is the case.

The problem happens when the JVM runs out of permanent generation heap space, which most of the time is due to classloaders not being correctly garbage collected. Permanent generation heap space is an optimization that the Sun JVM contains to speed up object creation, but the default size is too small if classes are loaded and unloaded often during runtime, which is exactly the mechanism most application servers load applications.

So the first, quick and dirty, solution would be to enlarge the permanent generation heap space: -XX:MaxPermSize=256m Sadly, this still doesn’t get rid of the problem. Another solution is to use a completely different JVM altogether: JRockit.

JRockit, a proprietary Java Virtual Machine (JVM) from BEA Systems, became part of Oracle Fusion Middleware in 2008.

Many JRE class files distributed with BEA JRockit exactly replicate those distributed by Sun. JRockit overrides class files which relate closely to the JVM, therefore retaining API compatibility while enhancing the performance of the JVM.

[from Wikipedia]

I wasn’t thrilled having to change JVM because it isn’t available in the openSuse repositories at all, and I wasn’t quite sure how hard it would be to make the switch. As I found out, it’s incredibly easy.

Getting the package

Getting your hands on the JRockit installation package isn’t all that easy, because BEA became part of Oracle and everything is still in transition. The download location is http://edelivery.oracle.com/, where you’ll be greated by a wizard to select the products to download.

JRockit can be found under BEA Products and then BEA WebLogic Media Pack, scrolling down you’ll find the zip package you need depending on your operating system.

Installation

Installation is straight forward, just unzip the archive and then execute the contained installer: 

$ unzip B46961-01.zip
Archive:  B46961-01.zip
  inflating: jrockit-R27.5.0-jdk1.6.0_03-linux-x64.bin
$chmod +x jrockit-R27.5.0-jdk1.6.0_03-linux-x64.bin
$sudo ./jrockit-R27.5.0-jdk1.6.0_03-linux-x64.bin

Now all you have to do is follow the instructions of the installer. When asked for a location to install JRockit into, I used /opt/jrockit but every location will do just fine.

The next step is optional, but if you use update-alternatives I strongly suggest you to do it. We’ll add jrockit java and the the jrockit compiler (javac) as alternatives: 

update-alternatives --install /usr/bin/java java /opt/jrockit/bin/java 300
update-alternatives --install /usr/bin/javac javac /opt/jrockit/bin/javac 300
So when doing an update-alternives we see the jrocki VM: 
$ update-alternatives --config java

There are 2 programs which provide `java'.

  Selection    Command
-----------------------------------------------
 +    1        /usr/lib64/jvm/jre-1.6.0.u7-sun/bin/java
*     2        /opt/jrockit/bin/java

Enter to keep the default[*], or type selection number:
so now we can easily switch between the Sun VM and the JRockit VM. That’s it. Now just check to see if we really have the JRockit VM and we’re ready to code: 
$ java -version
java version "1.6.0_03"
Java(TM) SE Runtime Environment (build 1.6.0_03-b05)
BEA JRockit(R) (build R27.5.0-110_o-99226-1.6.0_03-20080528-1505-linux-ia32, compiled mode)

Did you like this? Share it:

Jano11

Christian Decker

10

Are my sites up? I don’t think so

When lifehacker featured the new servce aremysitesup.com I headed right over to check it out, but this is was greeted me: aremysitesup Oh what irony :D
Did you like this? Share it:

Jano08

Christian Decker

2

Would OAuth have prevented the latest attack on Twitter?

The now so famous attack on celebrities Twitter accounts, among which figure Barack Obama and Britney Spears is being discussed all over the Internet, and as always everybody knows better. One idea is to ask twitter to implement the OAuth stack.

While I’m a huge fan of OAuth, and think it’s a good idea to (finally) add it to OAuth, because giving my twitter password to everybody feels very unsafe, we have to see that the lack of OAuth has nothing to do with this last, most publicized attack on them.

Well first of all, what is it the OAuth does? As oauth.net puts it:

Everyday new website offer services which tie together functionality from other sites. A photo lab printing your online photos, a social network using your address book to look for friends, and APIs to build your own desktop application version of a popular site. These are all great services – what is not so great about some of the implementations available today is their request for your username and password to the other site. When you agree to share your secret credentials, not only you expose your password to someone else (yes, that same password you also use for online banking), you also give them full access to do as they wish. They can do anything they wanted – even change your password and lock you out.
So how would that help Twitter? It would certainly have prevented the dozens of scam sites that were set up with some bogus service just to get hold on your credentials, because that is exactly the scope of OAuth. On the other hand it would not have helped with phishing that duplicates the Twitter site itself (because you’d still be giving them your credentials to sign in) and even less help it would have been in the latest attack, because
The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can’t remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We’ll put them back only when they’re safe and secure.
So while OAuth is certainly a good idea, it is not the solution to all security problems at twitter.

Did you like this? Share it:

Jano06

Christian Decker

10

Trying IntenseDebate (cont’d)

Earlier, while discussing IntenseDebate, I made a small mistake. IntenseDebate feeds the comments it gathers right back into your Blog and puts them in a noscript-tag which in fact is indexed by search engines. Thus comments from IntenseDebate have one drawback less :D
Did you like this? Share it:

Jano06

Christian Decker

2

Trying IntenseDebate

I’ve been looking for a good way to manage the comments on my blog, and encourage new users to comment, for a long time, but haven’t found anything. IntenseDebate promises to revive commenting, so I decided to give it a try. Especially features like identity management, OpenID integration and Threaded commenting are nice. On the downside however all comments are loaded dynamically via JavaScript which means that they are not indexed by search engines and commenters will not be credited with backlinks from their comments, which is bad for pagerank. Many blogs however use the no-follow tag to tell search engines not to consider the links in comments for ranking, therefore this point is not so important.

Another point that certainly made it easy to try IntenseDebate out is that comments can be imported and exported from and to the blog, and if I’ve had enough, I can just pull my comments out of ID again. If only more companies would allow me to :-)

Did you like this? Share it:

« Older Entries