'Java' Articles

Save time runnning FindBugs by excluding SQL checks

FindBugs is a great tool to help you find tricky problems with your Java code, as well as to learn more about Java best practices. Unfortunately, for a large codebase, FindBugs can be extremely slow, often taking several minutes to run. In the last few years, the Java projects I’ve worked on haven’t made use of SQL databases, and I recently discovered that FindBugs’ checks against SQL injection make up a major portion of the overall runtime for the tool. Try creating a findbugs-exclude.xml file, and putting the following in it:

<?xml version="1.0" encoding="UTF-8"?>
<FindBugsFilter>
  <!-- We don't use SQL or JDBC, so remove these very expensive bug detectors. -->
  <Match>
    <Bug code="SQL,ODR" />
  </Match>
  <Match>
    <Bug pattern="DMI_CONSTANT_DB_PASSWORD,DMI_EMPTY_DB_PASSWORD" />
  </Match>
</FindBugsFilter>

In my experience, this shaved a whole minute off a multi-minute FindBugs run, with no downside since we don’t use any SQL or JDBC. Of course, if you do use those technologies, these scans are probably still worth the time!

Posts I haven't written

, , , , , , ,

I haven’t been updating this blog too much recently. I never meant for this blog to run on a schedule, but I did intend to post more frequently than this. My original idea was that the blog would serve two major purposes. First, it is a place for me to announce new projects or updates to software and websites I’ve already released. It’s done that quite well, though I haven’t had much to announce recently. My job has been taking the majority of my development time, and most of the projects I’ve been working on at home are either private or haven’t been released in the form I’d like to because my employer hasn’t approved them for release yet.

The second major purpose for my blog is as a place for me to record the solution to problems I run across while developing software, so that others won’t have to spend hours Googling or using trial and error to come to the same conclusion. I didn’t intend to rehash things that were easily found or that had already been discussed - only to post when I felt it was something that added value to the internet that hadn’t been there before. So a lot of the blog posts are not really a narrative or running commentary - they’re not meant to be subscribed to, but found individually. It’s for this reason that my most popular posts tend to include the exact text of error messages. This type of post has suffered both because I haven’t been doing as much development, because I can’t discuss a lot of what I’ve learned due to the nature of the projects I’m working on, and because I’ve been learning new stuff (like Ruby on Rails) and haven’t done enough to have solved problems others haven’t already posted solutions for.

The third reason I have this blog is to occasionally talk about my thoughts on different technical topics, from web development to video games. Again, I don’t like to make a post unless I think I’m adding something new, and most of the topics I’ve wanted to talk about have already been covered. I had a lot of draft posts sitting around about web development, web standards, and the evolution of browsers, but then I discovered Alex Russell’s blog and it turns out he’s already said most of what I wanted to say, and better than I could. Other stuff, like my impressions of Windows Vista, critique of stackoverflow.com and suggestions for the Xbox Live Arcade lineup, have been covered to my satisfaction in plenty of places. Maybe some of them will end up posted, but probably not.

Another part of the reason I haven’t posted much is the sheer weight of unfinished posts I have. Right now I have 64 drafts and only 52 real posts! So I’m going to attempt to clear things out by writing a little about what I haven’t posted. A lot of this stuff wasn’t posted because it fell under that third point above, but some of it I was just too lazy to flesh out into real posts. Some of it’s just random stuff. So here’s what’s been happening in the last year:

I got on the bandwagon and picked up iPhone 3Gs for myself and my wife. Everything good you’ve heard about the iPhone is true. Also, almost everything bad you’ve heard about them is true. I really like the device, the UI, and the web browsing, and now that the NDA over the SDK is gone, I might even try to write an app if I get an idea.

I built a new computer in March of ‘07 to replace the machine I had built for college. The new machine is set up as a developer machine primarily, with the additional goal of being as quiet as possible. I can’t say I’m entirely happy with it, since I’ve had some trouble with the hardware and overheating issues mean I have to run the fans above “totally silent” mode. It does its job well enough but I might just buy a Dell next time. The huge CPU heatsink I used is awesome, though.

I’ve been running Windows Vista x64 since my new machine came online. While I think it’s a disappointing release given the 5-year gap between it and Windows XP, I generally like it. It’s certainly better than Windows XP and I wouldn’t go back. I’ve hit some trouble related to using x64, but overall it’s pleasant.

Before that, I was getting pretty sick of the aging Windows XP, so I bought a Mac Mini and ran it, using OS X 10.4, on a second screen next to my XP machine, joined via Synergy. I liked it a lot, but never moved much of my work over there. After getting set up with Windows Vista, the difference between OS X and Windows wasn’t so great, and I unplugged the Mac so I could have both screens for Windows. I moved the Mini up to my TV and used it with Front Row as a media center. Then the Xbox 360 got the ability to play DivX videos, so I stopped using it for that and brought it back downstairs. I was using it for browser testing, but then Apple released a Windows version of Safari. Now it mostly stays off, except when I want to use Handbrake (which won’t work on Vista x64). I still like it, and I really miss having an OS with a real command line, especially now that I’m doing Rails stuff and spelunking through a lot of badly-documented libraries. I’m not sure I’ll ever make the switch though. That said, my trusty old Thinkpad finally died last week, and if I can’t revive it I might look towards the rumored lower-priced MacBooks that should come out soon.

I got two awesome cats named Ozette and Skagit. A lot of my time at home just involves relaxing and petting the cats these days.

After years of using Thunderbird, I switched to GMail as my main mail client so I could use it from the web and use IMAP on my iPhone. I set it up to read all my old POP mailboxes, and I use Google Chrome’s application mode (I used to use Mozilla Prism) to make it look like a standalone app on my desktop. It’s an OK mail reader, especially since I get a lot less email to my personal accounts these days. The main annoyance is spam - I used to use POPFile to filter spam, and it was perfect, with almost no false positives. In contrast, I get maybe 50 pieces of spam leaking through on GMail a week.

Spam has not been limited to my inbox: my support forums are basically nothing but spam and people complaining about stuff I’ve given them for free. It takes a lot of maintenance, and I’m thinking of either trying to transition them to something less attractive to spammers, or just shutting them down entirely.

Back when IE7 was in beta I wrote a handful of bug repro’s for problems I found with it. Recently I’ve been running across all kinds of crazy things in both Firefox and IE, so I’ve been cataloguing them with little examples. Most of them have been fixed with the latest release of each browser, but I figure they’re still useful if anybody’s seeing those problems happen.

I went to Southeast Asia for two and a half weeks. We toured Vietnam, Cambodia and Thailand. It was incredible.

I finally got so sick of CSS that I decided to write a processor that would take an “evolved” CSS syntax that supported named constants, nested selectors, arithmetic, mixins, and such and spit out real CSS. I had it all sketched out and was ready to start implementing when I found SASS, from the same guy who awesome-ified HTML with HAML. SASS is feature-by-feature the exact same thing I wanted to do (except for the whitespace-significant thing, but I can deal). I love it.

I’ve been pretty disillusioned with ASP.NET as a web platform - the web forms are too inflexible and unfriendly to clean markup and unobtrusive JavaScript, and C# feels too rigid and verbose for what I’m doing. LINQ and the other 3.5 features help a lot, but my host is stuck on 2.0. I still haven’t found any templating system that trumps Web Forms, which is why I’m still stuck on Windows hosting for the most part - a lot of my sites are built on ASP.NET for nothing more than the templating. While I’m keeping my eye on ASP.NET MVC, I’m more interested in cross-platform web technologies that give me a bit more choice in hosting.

To that effect, I’ve started a personal project on Ruby on Rails, mostly to learn the platform. So far I’ve really been liking it - having a functional, dynamic language is great, and the structure Rails gives you really helps to quickly get things running. Hopefully I’ll be able to show what I’m making at some point, assuming it works to my satisfaction.

I actually went through a big comparison of different web platforms and different languages, trying to gauge what would be the best for me to develop for. I’m not sure I’ll ever publish my full results, but Ruby on Rails was obviously up there, and Django / Python looked good too.

Speaking of languages, before I discovered jQuery I didn’t really do much JavaScript if I could avoid it. Now I’m writing tons of JavaScript to produce some really nice interactive web apps. I have never been as impressed with a library or platform as I have been with jQuery.

I’ve actually been using Eclipse a lot lately, both for Aptana and for straight Java development, and while it’s slower and buggier than Visual Studio, a free copy of Eclipse plus all the free plugins make it much more compelling than the Visual Studio Express products I use for C# work. Stuff like the outline view, refactoring support, quick fix mode, and real unit testing and source control plugins make all the difference.

I think that’s about all I wanted to get off my chest for now. Hopefully I’ll have a chance to flesh some of that out into full posts sometime, but at least I won’t have so many unwritten drafts staring at me every time I log in to Wordpress.

Eclipse NoClassDefFoundError near installFont on startup

At work and at home I use Eclipse as my IDE of choice for Java development, along with Eclipse-in-disguise Aptana for web development. I’ve never had a problem with Eclipse on Windows or on my Mac, but on my Linux machine (and many of my co-workers’ machines) Eclipse tends to crash rather violently. I suspect that it isn’t Eclipse at all, but the primitive P4WSAD Perforce plugin. I don’t use Perforce at home, so that might be the difference. Anyway, what happens is that in the middle of doing something Eclipse will run out of PermGen memory, throw up some errors, and die in the least pleasant way possible. When you try to start it back up, you get something like this:

 !SUBENTRY 1 org.eclipse.team.core 4 0 2007-08-20 16:58:25.979
 !MESSAGE Could not instantiate provider com.perforce.team.core.PerforceTeamProvider for project SampleProject.
 Exception in thread "Thread-1" java.lang.NoClassDefFoundError
         at org.eclipse.ui.internal.themes.ThemeElementHelper.installFont(ThemeElementHelper.java:101)
         at org.eclipse.ui.internal.themes.ThemeElementHelper.populateRegistry(ThemeElementHelper.java:57)
         at org.eclipse.ui.internal.Workbench$28.runWithException(Workbench.java:1426)
         at org.eclipse.ui.internal.StartupThreading$StartupRunnable.run(StartupThreading.java:31)
         at org.eclipse.swt.widgets.RunnableLock.run(RunnableLock.java:35)
         at org.eclipse.swt.widgets.Synchronizer.runAsyncMessages(Synchronizer.java:123)
         at org.eclipse.swt.widgets.Display.runAsyncMessages(Display.java:3296)
         at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:2974)
         at org.eclipse.ui.internal.Workbench.runUI(Workbench.java:2309)
         at org.eclipse.ui.internal.Workbench.access$4(Workbench.java:2219)
         at org.eclipse.ui.internal.Workbench$4.run(Workbench.java:466)
         at org.eclipse.core.databinding.observable.Realm.runWithDefault(Realm.java:289)
         at org.eclipse.ui.internal.Workbench.createAndRunWorkbench(Workbench.java:461)
         at org.eclipse.ui.PlatformUI.createAndRunWorkbench(PlatformUI.java:149)
         at org.eclipse.ui.internal.ide.application.IDEApplication.start(IDEApplication.java:106)
         at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:153)
         at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:106)
         at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:76)
         at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:363)
         at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:176)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:585)
         at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:504)
         at org.eclipse.equinox.launcher.Main.basicRun(Main.java:443)
         at org.eclipse.equinox.launcher.Main.run(Main.java:1169)

Further digging reveals that the culprit is definitely the Perforce plugin. To fix it, you need to go to where Eclipse is installed, and move the plugins/com.perforce.* files away. Then start Eclipse, which will start but complain about the missing plugin. Then shut down Eclipse, move the plugins back, and start up again. You’ll need to reconfigure any Perforce windows you had open, but at least Eclipse will start.

This seems to be caused by Eclipse crashing after running out of PermGen memory. To prevent future crashes, edit eclipse.ini in your Eclipse install directory. It should look something like this:

-showsplash
org.eclipse.platform
--launcher.XXMaxPermSize
256m
-vmargs
-Xms40m
-Xmx512m
 -XX:MaxPermSize=256m
-Dosgi.bundlefile.limit=100

The -XX:MaxPermSize is especially important for preventing Eclipse crashes. The other option, –launcher.XXMaxPermSize only works in Windows.

JavaOne 2007

I had the opportunity to go to the JavaOne conference two weeks ago, in San Francisco. It was quite an experience for me as I had never been to a technical conference before, let alone one of that size. I’m not exactly a Java enthusiast, but I am a Java developer. I spend most of my day writing Java code, so going to all the presentations about making better Java code, as well as interacting with Java developers from all over the world, was really educational.

I noticed a few things from the conference that I wanted to write down before I forgot. The first is that even in Java-land, scripting languages are hot. Lots of people were talking about JRuby, Groovy, JavaScript, JavaFX Script, and more. JRuby in particular was getting a lot of excitement from everyone who’s been hearing for the last couple years about how cool Ruby on Rails is. I’ve seen a lot of Rails demonstrations and they’ve failed to impress me but the Ruby language itself is very appealing, especially to someone like myself who mainly scripts in Perl or JavaScript. I’ve definitely been convinced to use Ruby for my next personal web app project, and the combination JRuby’s speed and native access to Java code will make me feel a lot better about it.

There were a lot of talks about static analysis tools, and FindBugs in particular. I’ve been using FindBugs on my Java code (and FxCop for my .NET code) for quite a while, but a few of the presentations gave me a much better idea of how powerful static code analysis can be. One of the best ideas is using special annotations that more clearly document the intended behavior of your code. Not only does this serve as additional documentation, it helps you design your classes better and helps out your code analysis tools. One of the first things I did when I got back was grab the latest FindBugs release and start sprinkling those magic annotations all over my code, and from now on I’ll be writing them in whenever I write new code.

I also got more in-depth exposure to the REST philosophy, which I had heard a lot about but not really thought about too much. I really like the idea, but until the tools get to the point where I can write up some sort of service description and generate client code like I can do with WSDL, I’m going to hang back a bit. Maybe WADL will catch on. I also got a better explanation of OpenID than I had gotten previously, and I’m really impressed. I like that it’s so simple, and that it can still integrate with technologies like CardSpace in a way that adds value to both sides. I searched for an open implementation of an OpenID provider that uses CardSpace, but it doesn’t look like any exist yet.

Another, less explicit theme at the conference was that the Java community has noticed the great design of C# and the .NET framework and are trying to fit some of that back into Java. I’ve always felt that C# was “Java done right”, and the number of JSRs (Java Specification Requests) that I saw for C#/.NET features is a testament to that. JavaSE 5 already added annotations (attributes), generics, foreach, enums, variable length arguments lists, and autoboxing, all features from C# 1.0 or 2.0. The stuff that’s being discussed for JavaSE 7 and beyond includes “superpackages” that look a lot like assemblies, continuations, a “using” statement, generics that don’t use type erasure, indexers, and switching on strings. I think this is great - C# made a lot of great improvements that were no doubt based at least in part on experience with Java, so it’s natural for Java to get back some of that. I didn’t see much talk of any of the C# 3.0 features like LINQ, object and list initializers, extension methods, etc. I did see some talk about incorporating lambda expressions, though, which would be pretty nice.

Despite the fact that the Java language has some catching up to do, one glaring advantage of Java over .NET became apparent to me while I was there. I’m not talking about the platform-independence advantage, though that is certainly there - I don’t think I could imagine building a large, scalable distributed service with Windows machines. No, what I’m talking about is the community. That’s not to put down the large and active .NET community, it’s just that the Java community is huge. And especially through open source, there’s just a lot more going on. I feel like a large part of this is that Sun and other Java leaders have been willing to incorporate the community’s best products into the standard toolset. Products like ant, Eclipse, Spring, JUnit, and even JRuby are accepted tools. Meanwhile on the .NET side, you’re basically taking whatever Microsoft gives you. And while that can usually be good, Microsoft runs the risk of ignoring the direction people are actually heading in.

In the end, I left the conference with much the same opinion of Java that I had in the beginning. Java is a tool, and a good tool, but not a particularly exciting tool. It does have some exciting features (I love JMX), and after my week in the Moscone Center, I feel like I can be more competent at creating Java-based software. Maybe I just haven’t worked on the right Java projects. I hope as my experience with the platform grows, I’ll be able to contribute more, either through this blog or through open-source projects. And who knows, maybe one day I’ll really feel like a Java Guy.