Category Archives: general

EHCache and Quartz phone home during startup

Posted on by
11

One might call EHCache (the Java caching library everybody loves) ET-Cache, since it keeps phoning home during startup. While probably just implemented as a usability feature, I find it quite nefarious, especially since Quartz (the job queuing library everybody loves) does *exactly* the same.

The culprit lies in net.sf.ehcache.util.UpdateChecker and org.quartz.util.UpdateChecker.

Information sent to Terracotta HQ include:

  • a client ID taken from your local IP
  • os.name
  • java.vm.name
  • java.version
  • os.arch
  • QuartzVersion
  • EhCache version
  • something about source
  • uptime-secs
  • patch level from Quartz/EhCache

Needless to say, this is something that should not be enabled by default, and only with a big opt-in questionnaire… This also sparks the question if the cache doesn’t send *more* information home than just the update information? It is after all a product designed to send information across the network—what is one extra node more in the grand scheme of things? Has anybody audited the code for nefarious code?

In any case: to disable phoning home everybody should start their applications with the following command line parameters:

  • -Dnet.sf.ehcache.skipUpdateCheck=true
  • -Dorg.terracotta.quartz.skipUpdateCheck=true

Or you can configure it in your ehcache.xml according to the user manual. Quartz is similarly configurable in the quartz.properties.

According to Alex Miller, a former Terracotta employee, it is not evil and a price we need to pay to use open source software.

I disagree strongly: this undermines the premise of trustworthy open source. The download page doesn’t mention the phoning home, neither does the announcement of ehcache 2.2 (last july), it is summarily mentioned in the configuration part of the manual, which you typically don’t read when you just upgrade your dependency to the latest version and see that everything still works as usual. The same goes for Quartz: it was apparently added in quartz 1.7.3, but no mention of this in the release notes. Neither of the possibility to disable phoning home which was added in quartz 1.8.

In my opinion, this is unacceptable behavior for any open source product, which severely undermines the trust we spent building in the last couple of years making open source a viable alternative to closed software.

SHAME ON YOU TERRACOTTA!

Best #songsincode

Posted on by
4

From the Friday twitter meme #songsincode:

  • @AlexJReid .corvette { width:1; height:1; color: red; }
  • @dashorst: let love=rule();
  • @codepo8: .clowns{float:left;} .jokers{float:right;} #me_you{position:fixed;margin:0 auto;width:100%}
  • @sweatje: $i->shoot(new Sheriff) && !$i->shoot(new Deputy)
  • @northerncharm stop(); time=hammer;
  • @codepo8 if(reaper.fear){dont()}else{cowbell.add()}
  • @codepo8: me={locations:['corner','spotlight'],religion:404}

Eclipse 3.4 with openjdk 6 on OS X 32-bit CoreDuo

Posted on by
4

With the invaluable help of David Green, I was able to run Eclipse on openjdk 6 on my first gen MacBook Pro (you know, those left behind by Apple, running on a 32 bit CoreDuo processor… good to know that Apple supports the early adapters).

With this script that I adapted from David’s blog I was able to start Eclipse 3.4 (Version: 3.4.2
Build id: M20090211-1700) with Landon Fullers openjdk 6 build:

export JAVA_HOME=/Developer/Java/openjdk6-b16-24_apr_2009-r1
export PATH=$JAVA_HOME/bin:$PATH

java -server -Djava.library.path=$HOME/bin/jnilib -Dswt.library.path=$HOME/bin/jnilib -Xms128m -Xmx768m \
    -XX:MaxPermSize=192m -Dosgi.requiredJavaVersion=1.5 -Dorg.eclipse.swt.internal.carbon.smallFonts \
    -cp /Applications/eclipse/Eclipse.app/Contents/MacOS/../../../plugins/org.eclipse.equinox.launcher_1.0.101.R34x_v20081125.jar \
    org.eclipse.equinox.launcher.Main -os macosx -ws carbon -arch x86 -showsplash \
    -launcher /Applications/eclipse/Eclipse.app/Contents/MacOS/eclipse -name Eclipse \
    --launcher.library /Applications/eclipse/Eclipse.app/Contents/MacOS/../../../plugins/org.eclipse.equinox.launcher.carbon.macosx_1.0.101.R34x_v20080731 \
    -startup /Applications/eclipse/Eclipse.app/Contents/MacOS/../../../plugins/org.eclipse.equinox.launcher_1.0.101.R34x_v20081125.jar \
    -launcher /Applications/eclipse/Eclipse.app/Contents/MacOS/eclipse \
    -keyring $HOME.eclipse_keyring -consoleLog -showlocation -vm $JAVA_HOME

The script misses the shebang, since my hosting provider thinks that I’m trying to execute some serverside exploit…
You’ll have to extract a couple of shared libraries that are packaged in your Eclipse distribution:

jar xfv /Applications/eclipse/plugins/org.eclipse.swt.carbon.macosx_3.4.1.v3452b.jar
jar xfv /Applications/eclipse/plugins/org.eclipse.core.filesystem.macosx_*.jar os/macosx/liblocalfile_1_0_0.jnilib

You’ll have to rename all those libraries to give them a *.dylib extension.

Finally I had to point /System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home to the openjdk 6 directory:

sudo mv /System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home /System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home.old
sudo ln -s LOCATION_OF_OPENJDK /System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home

The sorry state of subversion support in Eclipse

Posted on by
35

Eclipse is a great IDE, but the state of subversion support is appalling. Both subclipse and subversive are buggy as hell, and I’d rather not touch either of them with a 10 feet pole.

Installing subversive is a futile exercise in “find all the update sites and correct plugin selection”. Subversive also is unable to keep the target/classes directory out of the synchronize view, which makes committing changes rather challenging.

Installing subclipse is much better than installing subversive: just add subclipse’s update site and install all plugins. No hunting for external sites, and no chance of installing the wrong stuff (I’m on OS X, so the win32 HL binaries are of no use to me). But again the team synchronize view is borked. This time subclipse won’t remove all updated files, double clicking on a folder throws an exception, etc.

I know that GIT is the SCM du jour, but please can someone at eclipse.org take note and finally implement a working, pleasant integration with subversion? Is that so much to ask after 5 years of Subversion availability?

Russia – Netherlands 3-1

Posted on by
5

In a disappointing match between Russia and the Netherlands, the Russians defeated the dutch on all fronts. The Dutch coach of Russia, Guus Hiddink, outclassed Marco van Basten on a strategic level and ensured that the star team from Holland never got to play the game we all came to love (except for the Italians and French). The Russians were better on all fronts and their victory was deserved. The #10 of the Russians was rightfully chosen as the player of the match, and I think Edwin van der Sar was the best dutch guy. Anyway, I’m hoping for a Germany-Russia final where Russia wins. Then we still have a slight orange glow over this championship.