Friday, June 20, 2003

J2SE: Dear SecureRandom why do you do Full GC?

The first time you invoke a random number genareation method on SecureRandom it does about 20 Full GC's. Doesn't Sun know better than this?

The following example code: 




import java.security.SecureRandom;



public class SecureRandomTest{

        public static void main(String args[]) {

            SecureRandom s = new SecureRandom();

            System.out.println("Before First SecureRandom Call");

            (new SecureRandom()).nextInt();

            System.out.println("Before Second SecureRandom Call");

            (new SecureRandom()).nextInt();

            System.out.println("After Second SecureRandom Call");

        }

}

When executed with Verbose GC options (java -verbose:gc SecureRandomTest) produces the following output:
Before First SecureRandom Call
[Full GC 232K->102K(1984K), 0.0095414 secs]
[Full GC 103K->103K(1984K), 0.0083893 secs]
[Full GC 103K->103K(1984K), 0.0084910 secs]
[Full GC 103K->102K(1984K), 0.0096741 secs]
[Full GC 102K->102K(1984K), 0.0083740 secs]
[Full GC 103K->103K(1984K), 0.0083477 secs]
[Full GC 103K->103K(1984K), 0.0082608 secs]
[Full GC 103K->102K(1984K), 0.0084743 secs]
[Full GC 102K->102K(1984K), 0.0085553 secs]
[Full GC 102K->102K(1984K), 0.0083935 secs]
[Full GC 103K->103K(1984K), 0.0083734 secs]
[Full GC 103K->102K(1984K), 0.0082784 secs]
[Full GC 102K->102K(1984K), 0.0085028 secs]
[Full GC 103K->103K(1984K), 0.0083488 secs]
[Full GC 103K->103K(1984K), 0.0083399 secs]
[Full GC 103K->102K(1984K), 0.0084595 secs]
[Full GC 102K->102K(1984K), 0.0084740 secs]
[Full GC 103K->103K(1984K), 0.0083002 secs]
[Full GC 103K->103K(1984K), 0.0084044 secs]
Before Second SecureRandom Call
After Second SecureRandom Call.

Update 1:
Steven Pozarycki at BEA reponded:

I saw your WebLog and your question about SecureRandom and GC. I recently
had the same issue but I was using a JSP with the same SecureRandom class.
Anyway this is a known issue with Sun and they said it will be addressed in
1.3.1_09 (available in a couple of weeks). The Sun Bug number is 4298667
although you can't view it on java.sun.com.

I also tried this on 1.4.1_02 and there is no problem, so Sun addressed
this issue there as well.

I hope that helps!


Update 2:
I had a change to test this with Weblogic8.1Sp1 (With J2SE1.4.1_03). This seems to be fixed as mentioned by Steven Pozarycki.

Posted by Kumar at 9:15 AM 0 comments

Saturday, May 10, 2003

General: Google Viewer from Google Labs

The Google Viewer displays the pages found as a result of your Google search as a continuous scrolling slide show. You can view your search results without using your keyboard or mouse and you can adjust the speed with which the images move across your screen. Each image of a page's contents is accompanied by a short "snippet" describing that page.

A simple a innovative way to provide search results. Here is the link.

Posted by Kumar at 11:20 AM 0 comments

M$: $2 Trillion fine for Microsoft?

As per The Register, Microsoft's latest security lapse with its Passport information service could trigger a $2.2 trillion fine on the company courtesy of the US government.
Microsoft product manager Adam Sohn's comment to the security flaw in the password reset tool of its Passport service which could compromise the information stored on all 200 million users: "You live and learn". Is M$ really serious about security?

The flaw could have been found by anyone who tried to crack Passport seriously. From The Register:
The flaw was discovered close to four minutes after security researcher Muhammad Faisal Rauf Danka set to work on Passport. He was able to access Passport accounts at will by typing "emailpwdreset" into a URL that has the e-mail address of a user account and the address where a reset message can be sent.

Posted by Kumar at 6:40 AM 0 comments

Friday, May 09, 2003

J2SE: Joshua Bloch speaks about Tiger release

Ever since I read Joshua Bloch's Effective Java Programming Language Guide, I have been an admirer of his programming style.
java.sun.com published an interview with him(Joshua Bloch is Specification Lead for JSR 201).

Draft specs for enumerations, autoboxing, enhanced for loop, static import are available at jcp.org.
Joshua Bloch's sessions at JavaOne 2003.

Posted by Kumar at 2:18 PM 0 comments

Wednesday, May 07, 2003

M$: Know thy enemy

M$ seems to be following this perfectly.
1. M$ .NET evagelist Job posts mentioned J2EE experience as a requirement. A good friend of mine who used to be a J2EE developer is now preaching .NET as a .NET evagelist.
2. M$ training its staff in J2EE and Linux.
3. Looking at JavaBlogs visits, you will be surprised some of the visitors are from microsoft.com :-)

Probably its time to start for us to get to know the Enemy.

Posted by Kumar at 10:21 PM 0 comments

Sunday, May 04, 2003

J2ME: South Korea is now officially Java country

When it comes to cell phones, South Korea is now officially Java country. From News.com

Posted by Kumar at 3:00 AM 0 comments

Saturday, May 03, 2003

Security: Crash IE with 5 lines of HTML

A new IE exploit was found that crashes almost any version of Internet Explorer past 4.0 with just 5 lines of plain HTML code (no JavaScript, ActiveX, etc.).
Reportedly, the vulnerability can be exploited to crash the following applications:
- Windows Explorer
- Internet Explorer
- Outlook
- Outlook Express
- Frontpage

Here is the 5 lines of HTML thats required:


<html>
<form>
<input type crash>
</form>
</html>

Posted by Kumar at 10:47 AM 0 comments

Subscribe to: Posts (Atom)