Info

Login

Channels

APIs

Credits

  • cheeser
  • ernimril
  • joed
  • kinabalu
  • lunk
  • ojacobson
  • r0bby
  • ThaDon
  • ricky_clarkson
  • topriddy

« 2019-05-20

2019-05-21

2019-05-22 »

Nick Message Date
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [12:00]
wisey [wisey!~wisey@79-73-80-105.dynamic.dsl.as9105.com] has joined ##java [12:02]
Devastator [Devastator!~devas@unaffiliated/devastator] has joined ##java [12:05]
Goplat [Goplat!~Goplat@reactos/developer/Goplat] has joined ##java [12:07]
mr_lou [mr_lou!~misthalos@077213097222.dynamic.telenor.dk] has joined ##java [12:13]
whaley fucking ron stay on topoic [12:16]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [12:35]
Sheilong [Sheilong!uid293653@gateway/web/irccloud.com/x-qgliowrdwpodoxql] has joined ##java [12:37]
forgottenone [forgottenone!~forgotten@176.88.99.234] has joined ##java [12:38]
djhworld [djhworld!~djhworld@90.252.73.64] has joined ##java [12:39]
Kestrel-029 [Kestrel-029!~Nicmavr@unaffiliated/nicmavr] has joined ##java [12:41]
kegster [kegster!~kegster@unaffiliated/kegster] has joined ##java [12:47]
sagax [sagax!~sagax_nb@213.138.71.146] has joined ##java [12:48]
ygivenx [ygivenx!~ygivenx@2601:647:4e01:1561:5114:56eb:cc3b:7dcd] has joined ##java [12:52]
karab44 [karab44!~karab44@unaffiliated/karab44] has joined ##java [12:53]
Ragnarokkr [Ragnarokkr!~ham@unaffiliated/ragnarokkr] has joined ##java [12:57]
Muzer [Muzer!~muzer@tim32.org] has joined ##java [01:00]
davcon [davcon!~davcon@91.252.41.200] has joined ##java [01:18]
davcon parted the channel: [01:19]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [01:21]
g00s [g00s!~g00s@unaffiliated/g00s] has joined ##java [01:22]
Psybur [Psybur!~Psybur@unaffiliated/psybur] has joined ##java [01:22]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [01:36]
t2mkn [t2mkn!~t2mkn@43.226.2.66] has joined ##java [01:39]
autojack [autojack!~owen@unaffiliated/autojack] has joined ##java [01:41]
autojack parted the channel: [01:45]
ygivenx [ygivenx!~ygivenx@2601:647:4e01:1561:388d:8e84:a325:7113] has joined ##java [01:46]
autojack [autojack!~owen@unaffiliated/autojack] has joined ##java [01:48]
autojack sorry if this borders on tech support, but I am really baffled by this problem. I have a Java-based service that fails to execute when run via systemd on one specific system. the java process starts, and lsof shows the .war file is loaded, but nothing else happens. there should be lots more files loaded, logging, ports bound, etc. [01:50]
autojack if the same user manually runs the same command, it runs fine. I've checked all the obvious stuff - using the same java binary, same .war, same permissions, etc. and I can't reproduce the problem on another system configured as identically as I can get it. [01:51]
autojack what I'm hoping someone here can answer is simply, is there anything that would cause the java process to start and open the .war, but prevent it from executing it? [01:52]
progart [progart!~kamee@178.78.133.81] has joined ##java [01:53]
OnceMe [OnceMe!~OnceMe@unaffiliated/onceme] has joined ##java [01:55]
autojack I also can't get a thread dump when the process is in this state. when I try, I get an error that jstack can't attach to the process (even though I run it as the user that owns the process), and when I try jstack -F I get a sun.jvm.hotspot.debugger.DebuggerException. [01:57]
autojack (using sudo to run the jstack -F command) [01:58]
autojack without -F I get "Unable to open socket file: target process not responding or HotSpot VM not loaded." maybe this sheds some more light on what is happening to the jvm here. [01:59]
sauvin [sauvin!sauvin@about/linux/staff/sauvin] has joined ##java [02:03]
mohsen_1 [mohsen_1!uid289573@gateway/web/irccloud.com/x-waqbhsagpmrdmdyv] has joined ##java [02:05]
DTZUZO [DTZUZO!~DTZUZO@S0106bcd16584b0aa.vs.shawcable.net] has joined ##java [02:07]
sa02irc [sa02irc!~sa02irc@155-079-043-212.ip-addr.inexio.net] has joined ##java [02:07]
immibis [immibis!~immibis@222-153-253-249-fibre.sparkbb.co.nz] has joined ##java [02:10]
mohsen_1 What template engine do you use in a non-Java EE environment? [02:11]
exonity01 [exonity01!uid364582@gateway/web/irccloud.com/x-xghgxldnxkudmevi] has joined ##java [02:11]
odinsbane autojack: sounds like a systemd type issue. maybe selinux? Maybe try a different war/service that might not need any additional resources. [02:13]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [02:16]
puppy_za [puppy_za!uid277586@gateway/web/irccloud.com/x-ygpqxvhuajlnqkmp] has joined ##java [02:16]
palasso [palasso!~palasso@unaffiliated/palasso] has joined ##java [02:17]
acidjnk [acidjnk!~acid@i577BCA58.versanet.de] has joined ##java [02:20]
autojack odinsbane: thanks! I did check, selinux is not enabled here. I agree that it seems like systemd is doing something bad, but I can't make sense of what it is. I was trying to work backward to that, by first figuring out what could cause the java process to start, with all expected arguments, but then fail to do anything. [02:21]
autojack I'm curious why jstack and jstack -F both fail to work. seems to suggest that the jvm is in a busted state, but I can't think why. [02:24]
deebo jstack etc don't work on centos/rhel without jvm debug symbols [02:26]
deebo might be a cause [02:26]
deebo could be a cwd or some issue depending on how you're running a war (why are you running a war) [02:27]
ogradyd [ogradyd!~Thunderbi@HSI-KBW-046-005-255-037.hsi8.kabel-badenwuerttemberg.de] has joined ##java [02:32]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [02:33]
autojack deebo: OH. you might have hit on why I can't get the thread dump. I wonder if they have a JRE and JDK both installed, service running under the JRE, and we're trying to use the JDK tools to get the thread dump. thanks, that is something I can check on. [02:33]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [02:39]
autojack deebo: the service is packaged and shipped as a .war. what's wrong with that, out of curiosity? [02:40]
deebo .wars are usually meant to run on an application container, dunno why they kept that feature if it's standalone [02:42]
skuuter [skuuter!~quassel@80-62-117-220-mobile.dk.customer.tdc.net] has joined ##java [02:47]
autojack deebo: ah. this is Jenkins. it can be run in Tomcat, but it also bundles Jetty which is how most people use it. [03:00]
ygivenx [ygivenx!~ygivenx@2601:647:4e01:1561:388d:8e84:a325:7113] has joined ##java [03:12]
bolovanos [bolovanos!~bolovanos@91.201.22.5] has joined ##java [03:16]
CookieM [CookieM!~tomek@afbd215.neoplus.adsl.tpnet.pl] has joined ##java [03:16]
deebo just install jenkins from a repo? if you installed from a repo, you probably havent properly configured the defaults at /etc/sysconfig/jenkins [03:17]
autojack no, it's installed from an official RPM. I'm actually a Support Engineer for Jenkins, and trying to assist a customer. so I *should* know what I'm doing here ;) [03:18]
autojack but if you said I should contact Jenkins support, well, that's me :D [03:19]
autojack anyway your comment about the JDK vs JRE I think is dead on. with that in mind, I can go back and get them running under the JDK java binary, and then hopefully get a thread dump from there. [03:20]
autojack so thanks for that! [03:20]
yawkat ive seen some build systems spit out wars that can run both standalone and in a container [03:20]
Nicmavr [Nicmavr!~Nicmavr@unaffiliated/nicmavr] has joined ##java [03:26]
g00s [g00s!~g00s@unaffiliated/g00s] has joined ##java [03:40]
acidjnk [acidjnk!~acid@i577BCA58.versanet.de] has joined ##java [03:43]
rruizt [rruizt!~rruizt@83-84-23-124.cable.dynamic.v4.ziggo.nl] has joined ##java [03:43]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [03:48]
shmoon cheeser: Thanks, is it possible to do the same for a dependent Java lib though ? [03:48]
shmoon Not for my own app, but say open a file from a dependent JAR in IntelliJ, make changes there (which I can't currently cuz it opens in readonly mode) and then re-run my app (or hot-reload) to get some logs/output from that dependent lib. [03:48]
Secret-Fire [Secret-Fire!~Secret-Fi@97-120-107-144.ptld.qwest.net] has joined ##java [03:53]
enoq [enoq!~textual@212-186-80-213.static.upcbusiness.at] has joined ##java [03:55]
Secret-Fire [Secret-Fire!~Secret-Fi@97-120-107-144.ptld.qwest.net] has joined ##java [03:55]
Maldivia shmoon: do you have the source file for the lib so you can make changes? [03:58]
HumanG33k [HumanG33k!~HumanG33k@62.147.242.8] has joined ##java [04:05]
forgottenone [forgottenone!~forgotten@176.88.99.234] has joined ##java [04:05]
HumanG33k [HumanG33k!~HumanG33k@62.147.242.8] has joined ##java [04:06]
Matthijs [Matthijs!~quassel@unaffiliated/matthijs] has joined ##java [04:06]
benyoo [benyoo!~benyoo@ip1f11c996.dynamic.kabel-deutschland.de] has joined ##java [04:07]
shmoon Maldivia: I can download the source code, but currently I'm viewing it in Intellij in readonly mode. [04:17]
yawkat You can't edit it in intellij without downloading the actual source if that's what you're asking [04:24]
shmoon Hmm, so is there any article on such a workflow ? If I download the source locally, I guess I'll have to point my pom.xml of main app to the local source. [04:27]
shmoon Should I use jrebel/quarkus then atop it ? [04:27]
yawkat Just install it to local repo [04:29]
yawkat And use it as a snapshot dependency [04:30]
shmoon Ok, will readup on maven snapshot dependencies. Then I've to use jrebel/quarkus right ? [04:30]
yawkat I typically just run my application [04:31]
yawkat But sure, you can use jrebel [04:31]
shmoon Oh well yes, if I have downloaded the source and linked my local code to it then sure just running the app should be enough. Thanks, I'll go through this workflow once and see if it works according to my needs or not. [04:34]
shmoon Wish there were quick/easy ways, maybe via intellij itself - will try to find that as well :D [04:34]
yawkat People don't usually edit the libraries they're using live. [04:37]
Human_G33k [Human_G33k!~HumanG33k@62.147.242.8] has joined ##java [04:37]
deebo anyone know if spring security has some hook for custom login validation? using OID login that works fine, but i need to check some extra attributes from the OID response and possibly not allow the login in the app [04:39]
beStKodErEveR [beStKodErEveR!~dannyD@h-5-150-218-151.NA.cust.bahnhof.se] has joined ##java [04:45]
forgottenone [forgottenone!~forgotten@176.88.99.234] has joined ##java [04:48]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [04:49]
VegetarianFalcon [VegetarianFalcon!uid258908@gateway/web/irccloud.com/x-ftbzhxbxxniifrwl] has joined ##java [04:50]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [04:57]
nfd9001 [nfd9001!~nfd9001@c-67-183-33-240.hsd1.wa.comcast.net] has joined ##java [05:01]
magz [magz!~magz@68-168-184-223.fttp.usinternet.com] has joined ##java [05:01]
nfd [nfd!~nfd9001@2601:602:8500:2443:81c6:2034:93b4:15e5] has joined ##java [05:02]
mluser-home [mluser-home!~mluser-ho@ip68-0-67-199.tu.ok.cox.net] has joined ##java [05:07]
deavmi [deavmi!~deavmi@146.232.65.210] has joined ##java [05:08]
shmoon yawkat: Maybe the library has some issues, hence want to make changes and debug code right there. [05:16]
yawkat The trick is to make a test case and develop the changes in the library directly [05:16]
yawkat Have to do that at some point anyway, might as well start out with it [05:17]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [05:26]
Nicmavr [Nicmavr!~Nicmavr@unaffiliated/nicmavr] has joined ##java [05:26]
Lymia [Lymia!lymia@magical.girl.lyrical.lymia.moe] has joined ##java [05:28]
Addax morning [05:45]
ztychr [ztychr!ztychr@gateway/vpn/privateinternetaccess/ztychr] has joined ##java [05:48]
ianrobot [ianrobot!~ianrobot@x590e055d.dyn.telefonica.de] has joined ##java [05:56]
kicked ianrobot (Banned: possible bot? this ban will expire after 90d) [05:56]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [05:56]
progart [progart!~kamee@5.77.254.89] has joined ##java [05:59]
forgottenone [forgottenone!~forgotten@176.88.99.234] has joined ##java [06:05]
srm [srm!~srm@unaffiliated/srm] has joined ##java [06:11]
dansan [dansan!~daniel@2602:306:c5b5:e308:e5fb:2ee8:7e8:d420] has joined ##java [06:12]
ericek111 [ericek111!~ericek111@109-230-55-69.dynamic.orange.sk] has joined ##java [06:13]
nebulae [nebulae!~nebulae@2a02:587:a0f:3d00:e907:6d0c:6860:3ba9] has joined ##java [06:16]
nebulae I have a BigDecimal number that is printed as -4E+1. I want the actual number but I don't want to do it as toPlainString(). I need the value to be a number [06:18]
odinsbane Looks like a number to me. [06:19]
nebulae odinsbane: can't I have it like -40 ? [06:19]
nebulae or something >? [06:19]
odinsbane I am not quite sure what you want. Are you displaying it, because that would mean a string. [06:20]
Addax nebulae: first question: does toPlainString() work? [06:22]
Addax (and are you displaying it?) [06:22]
nebulae Addax: yes it does. I can see it the number in double quotes [06:22]
Addax ... in double quotes? [06:23]
Addax Okay, so if it works... why not use it? [06:23]
nebulae "40" [06:23]
Addax So System.out.println(yourNumber.toPlainString()) // prints 40 and not "40"? [06:24]
nebulae because I want to pass it a database which expects only numbers [06:24]
puppy_za I assume that he wants the float value [06:24]
nebulae no it prints "40" [06:24]
Addax WITH the quotes? [06:24]
nebulae yes [06:24]
nebulae I don't want quotes. No String. I want it in BigDecimal [06:24]
Addax right, I'm just confused momentarily by the quotes, because the javadoc doesn't mention them and this seems really relevant [06:25]
Addax nebulae: so... statement.setBigDecimal() does what for you? [06:26]
Addax nebulae: I guess I'm trying to understand the actual scope of the problem. You say it *prints* as -4E+1, but you want to ... pass it to a database, which wouldn't involve printing at all [06:28]
nebulae let me show some code [06:28]
Addax oh yes, please, do that [06:28]
yawkat toPlainString does not return quotes, they are added by you elsewhere [06:30]
Addax yawkat ++ right, that's ... an important thing to keep in mind, and the assertion is a significant point [06:30]
Addax yawkat has a karma level of 312, Addax [06:30]
odinsbane If it's a string the database probably stores it as a string, and maybe displays the quotes. [06:31]
hussam [hussam!uid193284@gateway/web/irccloud.com/x-kewnalloafcuwtpw] has joined ##java [06:31]
Addax let's wait until he shows code so we can see the actual problem [06:31]
nebulae Addax: https://pastebin.com/vfjavN31 look at line 15 [06:31]
yawkat thats json dude [06:32]
yawkat for json, it doesnt matter if it's -4e+1 [06:33]
yawkat it's valid json and exactly the same as -40 [06:33]
Addax you said a database [06:33]
Addax but now we understand the quotes better [06:33]
nebulae so if I pass -4E+1 to a database itwill write -40 ? [06:33]
yawkat if you pass this json, yes [06:33]
nebulae aaah OK [06:33]
Addax what's the difference between -4e+1 and 40? [06:33]
yawkat at the time it is parsed as json, it will be the same as -40 again [06:34]
Addax or, for that matter, 00101000? [06:34]
nebulae aaaah OK. Makes sense [06:34]
nebulae you are righ [06:34]
nebulae geez [06:34]
nebulae thank you [06:34]
Addax or 0x24? [06:34]
Addax grins [06:34]
Nicmavr [Nicmavr!~Nicmavr@unaffiliated/nicmavr] has joined ##java [06:41]
x256 [x256!~Jace@2001:638:60f:1000:10e5:187:557d:b49d] has joined ##java [06:44]
sagax hi all! [06:50]
sagax how to run some java compiled code with full debug mode? [06:50]
sagax java -Xdebug not help me [06:51]
Addax sagax: um... java doesn't really have a "debug mode" per se like that [06:51]
Addax which IDE are you using? [06:51]
sagax nothing [06:51]
Addax so... you want to use jdb? [06:51]
sagax vim + maven + terminal [06:51]
sagax ok, will try [06:52]
Addax no [06:52]
Addax don't [06:52]
Addax jdb [06:52]
Addax JDB is a console-based debugger for Java that's only slightly worse than gdb. Don't use it. Using it is like voluntarily rolling around naked on a floor covered with thumbtacks and about 2cm of grain alcohol, but slightly less pleasant. [06:52]
sagax i don't have choose, because i have strange error [06:52]
Addax sagax: if you want to debug java, *install an IDE*. Really. ddd can do it (it will leverage jdb) - or could, back in the day - but you WANT to use an IDE [06:53]
Addax sagax: a debugger can help you figure that out [06:53]
sagax no, i don't want [06:53]
Addax seriously: IDEA community edition, eclipse, netbeans [06:53]
Addax ... why? [06:53]
sagax because IDE hide all low level java [06:53]
Addax no, they don't [06:53]
Addax there is no "low level java" [06:53]
Addax jdb would show you the exact same "level" of java [06:54]
odinsbane Java tries to hide the low level java. [06:54]
Addax except a lot less pleasantly [06:54]
sagax not matter, odinsbane, ide hide more [06:54]
Addax sagax: java isn't C or C++ [06:54]
Addax no, they don't [06:54]
sagax ide it's good who already know java [06:54]
sagax i don't know java, just learning, small learning [06:54]
Addax yes, but IDEs are also THE way to debug java code line by line [06:54]
Fuchs [Fuchs!fuchs@freenode/staff/Fuchs] has joined ##java [06:55]
surial sagax: so your plan to learn java faster is to... console-debug your way thruogh an existing app? [06:55]
surial sagax: that's... nuts. [06:55]
Addax I'm totally approving the manly approach (vim, maven, command line) but for java debugging, USE AN IDE. [06:55]
sagax surial: i don't this plan [06:55]
sagax i just write some small java app [06:55]
Addax you left out a [06:55]
surial sagax: I don't even [06:55]
sagax i want or don't want - i learning java [06:55]
Addax sagax: I understand, but ... seriously [06:56]
Fuchs hello hello, do we happen to have a channel operator that is around and available? :) [06:56]
Addax Fuchs: why [06:56]
progart [progart!~kamee@178.78.133.81] has joined ##java [06:56]
Fuchs Addax: because someone was banned by mistake, apparently, and I was checking if I could help resolving it. But it seems they found one already, all okay, then [06:56]
Kestrel-029 [Kestrel-029!~Nicmavr@unaffiliated/nicmavr] has joined ##java [06:56]
Addax Fuchs: a lot of people here think they were banned "by mistake" [06:56]
Addax probably 99% of them :) [06:57]
odinsbane sagax: What is your strange error? [06:57]
Fuchs Addax: message suggests they were banned for being "probably a bot", which is likely due to their nick, but they are very human :) [06:57]
surial Fuchs: that's just what a bot would say though. [06:57]
Addax Fuchs: I used to be an op here and I'm on good terms with the remaining ops, and I can communicate details if necessary. I might be able to ping an op, too, if you need [06:57]
Addax surial: I have a feeling I know which account it is [06:58]
Fuchs Addax: I think they found one, but I'd get back to you on that if it doesn't work, thanks [06:58]
Addax Fuchs: and that was an intentional ban based on behavior, which seemed botlike even if it wasn't :) [06:58]
Addax Fuchs: appreciate it! [06:58]
sagax odinsbane: i import some (activejdbc, was installed with maven in dependency) import org.javalite.activejdbc.Base; and all normal, BUT, if i try use this `Base` class i got error java.lang.NoClassDefFoundError: org/javalite/activejdbc/Base [06:59]
Addax classpath [06:59]
Addax sagax, The classpath tells Java or the compiler which jar files and folders to search for classes and resources. Use the -cp/-classpath run-time options to specify the classpath (does NOT work with -jar!). Also see http://bit.ly/15InVZQ [cheeser's blog], http://bit.ly/19MnH5C [oracle.com], or http://bit.ly/2aJ5MoG for more information. [06:59]
Addax you have to provide a reference to the jars at runtime, not just compile time [06:59]
sagax Addax: maven import module normal [06:59]
Addax sagax: yes. and maven *compiles*. [06:59]
odinsbane sagax: how are you running your app? [06:59]
sagax java see module [06:59]
Addax sagax: compilation and runtime are not the same thing. [06:59]
Addax sagax: you have to provide the jars to the classpath at BOTH runtime and compilation. [07:00]
sagax hm, [07:00]
Addax sagax: I know java. You may not believe it, but I do. I know what I'm talking about. [07:00]
sagax i must check it [07:00]
surial looks at Addax's stores of patience dwindling rapidly. [07:01]
Addax java -cp activejdbc.jar:. your.classname.Here <-- an incorrect and incomplete example; you'd have to use ALL of the correct jars and the right directory or jarname for your class, and your class name too [07:01]
Addax surial: not even diminished at all yet :) [07:01]
Addax surial: the impatient thing is very much usually an act :) [07:01]
Addax although I gotta admit, "I want to use jdb" is a good attempt to mark yourself as irrelevant :) [07:02]
sagax yes, uff, my wrong. I know about classpath 2-3 day before now. But... thanks to all [07:02]
odinsbane sagax: You might want to look into getting maven to executing your code too. Especially if you're working from the cmd line. [07:03]
rruizt [rruizt!~rruizt@83-84-23-124.cable.dynamic.v4.ziggo.nl] has joined ##java [07:03]
Addax sagax: some good news: when you think you know java well enough to start using an IDE, your head's gonna explode at how easy everything is [07:04]
Addax and if you're really intent on trying java on hard mode, TRY using jdb... when you graduate to the IDE, you'll be amazed at how trivial debugging is [07:05]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [07:05]
Addax a debugger wouldn't have helped your noclassdef error, though - it'd just throw the exception you already saw, at the line the exception told you about [07:06]
waz [waz!~waz@pdpc/supporter/active/waz] has joined ##java [07:10]
sagax thanks [07:11]
yokel [yokel!~yokel@unaffiliated/contempt] has joined ##java [07:15]
Fuchs right, that seems to have worked, have a great day, all :) [07:25]
Fuchs parted the channel: "Part" [07:25]
lithium [lithium!~lithium@unaffiliated/lithium] has joined ##java [07:26]
mr_lou [mr_lou!~misthalos@077213097222.dynamic.telenor.dk] has joined ##java [07:29]
Addax https://dzone.com/articles/lazy-assignment-in-java [07:32]
Maldivia well, the JVM actaully has support for it now :D [07:34]
Maldivia and when JEP 303 comes around, we can have it on Java level as well, not just bytecode [07:35]
Ard1t [Ard1t!~ard1t@unaffiliated/ard1t] has joined ##java [07:36]
Addax is it slated for a release yet? [07:36]
cheeser 12 is the target. [07:37]
Gugi [Gugi!~Gugi@ens247.neoplus.adsl.tpnet.pl] has joined ##java [07:37]
Maldivia not targeted yet, but JEP 309 made it into JDK11, and 334 into JDK12 -- so all the pre-required things are present now [07:37]
cheeser 303 dep's on 334 which is slated for 12 [07:37]
Maldivia cheeser: 12 is already out :D [07:37]
cheeser 303's fate is undetermined at this point [07:37]
Maldivia cheeser: we're working on 13 [07:38]
cheeser Maldivia: oh, that's right! ha! [07:38]
cheeser did 334 make it in to 12 then? [07:38]
Maldivia yes [07:38]
cheeser i think that was Brian's Constable, right? [07:38]
Maldivia yep [07:38]
cheeser D [07:38]
cheeser i love brian. [07:38]
Maldivia hmm, actaully, it should be super easy to make a JDK11 lib for this now, with ASM [07:40]
Maldivia dammit, now I have to try [07:41]
cheeser i get on a plane in 7 hours. you have until then. [07:41]
tuskkk____ [tuskkk____!uid18470@gateway/web/irccloud.com/x-bfglqynqditfgteb] has joined ##java [07:44]
deavmi [deavmi!~deavmi@146.232.65.210] has joined ##java [07:46]
deavmi [deavmi!~deavmi@146.232.65.210] has joined ##java [07:51]
beStKodErEveR [beStKodErEveR!~dannyD@h-5-150-218-151.NA.cust.bahnhof.se] has joined ##java [07:52]
deavmi [deavmi!~deavmi@146.232.65.210] has joined ##java [07:52]
dez [dez!uid92154@fedora/deSouza] has joined ##java [07:56]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [08:02]
masuberu [masuberu!6eae9618@gateway/web/freenode/ip.110.174.150.24] has joined ##java [08:03]
masuberu hi, instructions in finally block always gets executed even if previous block was a catch with return, is that right? [08:03]
Bombe Yes. [08:04]
Maldivia yes [08:04]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [08:04]
cheeser tias [08:04]
cheeser Try it and see. You learn much more by experimentation than by asking without having even tried. [08:04]
SuperTyp [SuperTyp!~SuperTyp@15.5.3.213.static.wline.lns.sme.cust.swisscom.ch] has joined ##java [08:07]
amoe [amoe!~amoe@visarend.solasistim.net] has joined ##java [08:10]
srm [srm!~srm@unaffiliated/srm] has joined ##java [08:10]
Maldivia cheeser: done :D [08:10]
[twisti] am i the only one who gets annoyed that System.exit is not treated like a first class language construct instead of just another method ? [08:11]
Maldivia why would it be a language construct?! [08:11]
[twisti] it seems like exiting the VM is a pretty fundamental, structural thing [08:12]
Maldivia yeah, it's a JVM construct, not a language construct [08:13]
[twisti] and this one, for example, this would throw an error: "return; System.out.println("bla");", yet this doesnt "System.exit(1); System.out.println("foo");" [08:13]
[twisti] that has always bothered me [08:13]
Maldivia cheeser: https://gist.github.com/Maldivia/513d2bb27738ab957339d13af2bb5e19 [08:15]
t2mkn [t2mkn!~t2mkn@43.226.2.66] has joined ##java [08:15]
camerin [camerin!hoax@elite.bshellz.net] has joined ##java [08:16]
yawkat [twisti]: more generally, noreturn [08:17]
yawkat kotlin does this with the `Nothing` return type - if an expression evaluates to the `Nothing` type, it cannot terminate normally [08:18]
sbeex [sbeex!~sbeex@46.140.90.107] has joined ##java [08:22]
surial [twisti]: What you're looking for is the opposite of void. [08:23]
surial [twisti]: some languages have it. Some do not. [08:23]
surial [twisti]: A return type which has no valid values at all. Not even null. [08:24]
surial [twisti]: so, public Impossible doSomething() {}... requires you to do one of three things, or it will not compile: [08:25]
surial [A] loop forever, in a way that is provable to the compiler. so, if the body is while (true) { Thread.sleep(1000L); doStuff(); } then it'll compile. or [B] all exits are throws. So, a body of: doThingie(); throw new WhateverException(); is good. or [C] return x; where x is an expression of the Impossible type (and given that it is not possible to make any value of that type whatsoever, the ONLY way to accomplish that, is to call [08:26]
yawkat @NonNull Void :) [08:26]
surial a method that itself returns it. [08:26]
surial Once you have that, you can update the signature of System.exit() to return 'Impossible', and the compile can then compile-time reason that this method call never (normally) exits. [08:27]
surial [twisti]: It applies not JUST to System.exit; infinite loops and always-throws methods would also use this. It's... a thing a language can have. Java decided not to have this. [08:27]
Maldivia yawkat: you might also find the above gist interesting :D [08:29]
surial I guess if you want to deal with it for sysexit specifically, you could have had System.exit() return a Throwable. It's a meaningless return value of course (System.exit never returns anything; it either exits the VM then and there, or, throws a securityexception), but that would allow you to write: "throw System.exit(0);" which gets correctly dealt with by java's Definite Assignment rules system and the like, and works [08:29]
surial regardless of context (be it a constructor, a static block, an initializer block, or any method regardless of erturn type). [08:29]
surial [twisti]: anyway, know you know the 'academic' solution to this problem for future debates :) [08:29]
Addax right: "use kotlin" [08:29]
[twisti] ill get right on that [08:30]
funeral [funeral!~Funeral@185.217.171.68] has joined ##java [08:30]
Addax next [08:30]
Addax Another satisfied customer. Next! [08:30]
Addax D [08:30]
surial Maldivia: which class versoin is required for this CoDy stuff? 12? [08:32]
cheeser Maldivia++ [08:32]
cheeser maldivia has a karma level of 274, cheeser [08:32]
surial Maldivia: also having a bit of an issue running it here; does it print 'init world string' once or twice? [08:32]
surial twice, right? [08:32]
noodlepie [noodlepie!~phillip@77.44.49.73] has joined ##java [08:33]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [08:34]
Maldivia surial: prints it twice, since there are two Lazy's made from world [08:35]
yawkat Maldivia: do you really need condy for this? [08:35]
yawkat you can do this with normal bootstrap methods right [08:35]
Maldivia yawkat: that would call the method every time, not just once [08:36]
Maldivia surial: condy is 11 [08:36]
IRCNew [IRCNew!~Elrick@76-10-173-219.dsl.teksavvy.com] has joined ##java [08:36]
yawkat no, it would call the bootstrap method and you could replace the call site with your constant access [08:36]
Maldivia yawkat: you would need to store the value somewhere [08:37]
IRCNew I'm wondering how to get client system information. like ip, hostname, username... [08:37]
yawkat MethodHandles.constant [08:37]
IRCNew using tomcat [08:37]
Addax IRCNew: from the... clients connecting TO tomcat? [08:37]
IRCNew yes [08:38]
yawkat username and hostname are usually not accessible [08:38]
yawkat you can get remote ip and run rdns but thats it [08:38]
Maldivia yawkat: I guess you could, yah [08:38]
Maldivia yawkat: dammit, now I need to try that as well :D [08:38]
funeral [funeral!~Funeral@2a01:79d:3e82:4b8c:a393:7879:435f:9c81] has joined ##java [08:38]
yawkat ^^ [08:38]
Addax IRCNew: well, HttpServletRequest will show you SOME of that, but... the rest they'd have to explicitly provide [08:39]
IRCNew Well right now I'm trying to come up with some information for securing clients [08:39]
yawkat "securing"? [08:40]
Addax securing... clients? [08:40]
IRCNew and identifying them [08:40]
Addax uh... [08:40]
yawkat a cookie? [08:40]
IRCNew like when you log into google you don't need to relogin every week [08:40]
Addax well, none of that information can be verified from the server side [08:40]
Addax IRCNew: look up oauth and cookies [08:40]
yawkat you dont use username or hostname for this [08:41]
yawkat yea, you use cookies [08:41]
IRCNew is oauth not for using google to signin to you site [08:41]
Addax this is why it's best to say "this is what I'm trying to accomplish" as opposed to "this is how I'm trying to do some unspecified task" [08:41]
Nicmavr [Nicmavr!~Nicmavr@unaffiliated/nicmavr] has joined ##java [08:41]
IRCNew I'm not looking for that [08:41]
Addax IRCNew: cookies. [08:41]
Bombe IRCNew, it?s not. [08:42]
surial IRCNew: the way the low-level stuff works is that a cookie is set. As in, when you actually log into google, the page that has 'thanks for logging in!' on it, in the request, sets the HTTP header: "Set-Cookie: authToken=92384129847123098412309471230498271340981274; http-only=true; secure=true; max-age=<time in seconds since 1970 about 3 weeks fron now>; path=/ [08:44]
IRCNew This is my current idea. the client provides cookies for username, token, hostname(something they have). Once a token has expired all that information would need to be provided with a refresh token [08:44]
Gugi [Gugi!~Gugi@ens247.neoplus.adsl.tpnet.pl] has joined ##java [08:44]
Addax sighs [08:44]
surial IRCNew: your browser receives this and stores it in its DB. the 'secure' t hing means it wont send that unless connecting to https, and the http-only thing means that if you try to read the cookie store from javascript, this one wont show. Next time the browser loads https://google.com/anything-goes-here, it sends in the HTTP request 'Cookie: name=authToken; value= 92384129847123098412309471230498271340981274'. Your server [08:45]
surial receives this, looks up this number in a DB somewhere, and knows why you are. [08:45]
surial IRCNew: no, you don't get it. [08:45]
surial IRCNew: the client provides fuck all. [08:45]
surial IRCNew: the client just does what the HTTP spec says it must, which is to send the Cookie header with the same stuff that you told it to send via the Set-Cookie header. [08:45]
[twisti] IRCNew: this problem is solved, and well solved. if you reinvent it, you are guaranteed to fuck it up, because security is HARD, and a lot of smart people have spent a lot of time trying to exploit the very thing you are intending to reinvent [08:45]
surial IRCNew: you CANNOT tell the client to send its hostname, or its username. There's no such thing. [08:45]
[twisti] just go with an established solution [08:45]
surial IRCNew: you can tell the client to send <THIS>, where THIS is a specific sequence of stuff. The browser is a parrot: It will precisely copy exactly what you tell it to. No more. No less. [08:46]
IRCNew that authToken is basically what I have [08:46]
surial IRCNew: you'll still fuck it up. [08:46]
surial IRCNew: for example, how do users _GET_ that auth token? By entering a username and password? [08:46]
Addax IRCNew: surial isn't insulting you - he's telling you the truth. I'd do the exact same thing (use an existing solution, because if I did it, I'd screw it up too.) [08:47]
Maldivia yawkat: works [08:47]
surial Note, I wouldn't; I handroll this stuff. But then I do give talks about how to do that and such. So, you know. Mere mortals shouldn't go down this road. [08:47]
IRCNew I thought the authToken would be put into a cookies after a success login [08:47]
surial Sure. [08:47]
surial But define 'success login'. [08:47]
Addax notes that he - Addax - did not claim that SURIAL would screw it up, because he made an assumption. [08:48]
surial How are you doing that part? [08:48]
IRCNew https post request [08:48]
surial ... with a username and password? [08:48]
IRCNew yes [08:48]
surial and how do you know that password is correct? [08:48]
jamezp [jamezp!~jamezp@redhat/jboss/jamezp] has joined ##java [08:48]
plarsen [plarsen!~plarsen@redhat/jboss/pdpc.professional.plarsen] has joined ##java [08:48]
IRCNew PBKDF2 hash [08:48]
surial okay well you got that far, that's good. [08:48]
[twisti] snickers as everyone watching this debate sighs disappointedly that the answer wasnt "i compare it with the password i stored in the plain text file" [08:49]
Addax [twisti]: for the record, I'm NEVER disappointed that people do the right things (or right-er things) [08:50]
Maldivia yawkat: https://gist.github.com/Maldivia/560779a886c187da63c6908be5573ac6 [08:51]
yawkat D [08:52]
dmlloyd it just rolls off the fingers [08:52]
dmlloyd you've got unsafe *and* method handles, congrats [08:53]
yawkat so, i wonder how fast this is compared to the usual lazy implementations. [08:53]
Maldivia dmlloyd: I need Unsafe to do class-pool patching :D [08:54]
IRCNew So is sending a post request of username, password. Then using a hash method with a salt to confirm. Then creating a cookies called token to verify the user [08:54]
yawkat in theory, it could be jitted basically perfectly [08:54]
Maldivia yawkat: well, there's still the class definition part of it [08:54]
yawkat Maldivia: only once though [08:54]
Maldivia yawkat: ofcourse, all the ASM can be removed and replaced with a byte[] [08:54]
yawkat im wondering about the get call perf [08:54]
dmlloyd as with most bytecode, it'll start off interpreted [08:56]
IRCNew Well can I just guess someones access token with oauth and have access [08:56]
yawkat dmlloyd: yea, but in theory once the callsite is replaced it should be very very easy to optimize [08:57]
dmlloyd yes it should be straightforward [08:57]
yawkat compared to other lazy implementations that have at least a field load [08:57]
yawkat and probably a null check too [08:57]
Maldivia dmlloyd: for comparison - the JDK11 Condy version of it: https://gist.github.com/Maldivia/513d2bb27738ab957339d13af2bb5e19 [08:57]
dmlloyd the null check is usually free AFAICT [08:57]
yawkat yea, but how free [08:58]
yawkat dirt cheap for sure [08:58]
dmlloyd basically it only trips if there's a null [08:58]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [08:58]
dmlloyd unless a value is likely to be null [08:58]
IRCNew Basically It seems like oauth is broken. How does it deal with someone just guessing the access token [08:59]
yawkat lol [08:59]
IRCNew Well I know that the access token should expire so since you don't have a refresh token you lose access at some point [09:01]
yawkat you cannot guess an access token [09:01]
yawkat it's a long random string [09:01]
IRCNew Well yea you would write a program to guess it [09:02]
yawkat a program cant either [09:02]
[twisti] jesus [09:02]
yawkat the search space is too large [09:02]
IRCNew or try a bunch of options [09:02]
yawkat no, it's simply impossible [09:02]
yawkat do the math [09:02]
IRCNew How long should they be [09:03]
yawkat long enough. anything from 256 bits entropy on is fine. [09:03]
sonOfRa IRCNew: so let's say your tokens are 32 bytes. That's 256 random bits. [09:03]
sonOfRa That means there are 2^256 possible tokens, roughly 1.5*10^77 [09:04]
IRCNew hmm good point I should not be using alphanum [09:04]
[twisti] oauth implementations/handlers must be able to store at least 255 characters [09:04]
Addax IRCNew: you should be using someone else's public and open source solution [09:05]
IRCNew the access token needs to be sent with some other identifier [09:05]
IRCNew is it not [09:05]
IRCNew I'm looking at RFC 6749 [09:06]
IRCNew which ones do you guys use [09:07]
lithium [lithium!~lithium@unaffiliated/lithium] has joined ##java [09:07]
IRCNew son0fRa Yea it is hard but not impossible [09:08]
Addax heh [09:08]
Addax "not impossible! All they have to have is a working 16-qubit cpu" [09:08]
sonOfRa IRCNew: no, it's actually impossible [09:08]
utf_8x [utf_8x!~utf_8x@ip4-83-240-127-9.cust.nbox.cz] has joined ##java [09:09]
sonOfRa There is somewhere between 10^78 and 10^72 *atoms in the universe* [09:09]
IRCNew unlikely. But if it is just a token is being sent as you get more users it becomes more likely you could gain access to someones account [09:09]
Addax yawkat: boy, you're going to be disappointed when they actually build a working 16-qubit CPU [09:09]
Addax IRCNew: it is... uh... [09:09]
cheeser i'll be chuffed as fuck! imagine what we could do with all that! [09:09]
sonOfRa Let's say we're using a 512 bit identifier because we're paranoid [09:09]
Addax cheeser: well, yeah [09:09]
yawkat Addax: the 256 bit figure is already provisioned for quantum computing :) grovers algorithm reduces it to 128 bits, but thats it [09:10]
sonOfRa That's 1.3*10^154 possibilities. [09:10]
Addax Manning actually has two books out on quantum computing now, one for java and one for python [09:10]
yawkat without quantum computing, i wouldve said at least 128 bit [09:10]
vy [vy!b90ea864@gateway/web/freenode/ip.185.14.168.100] has joined ##java [09:10]
Addax yawkat: lies! okay, fine, a 32-qubit CPU? [09:10]
yawkat more qbits wont help [09:10]
Addax Hrm. [09:10]
cheeser yawkat: fine then. 128. :D [09:11]
vy Hey! Given Function<String, String> f = s -> "f: " + s; Function<?, ?> g = f; Object t = "t"; how can I call "g" with "t"? [09:11]
IRCNew Well I was thinking that if you required something like sending your hostname(something from the client device) to lock the token to a device [09:11]
yawkat vy: you cant [09:11]
Kestrel-029 [Kestrel-029!~Nicmavr@unaffiliated/nicmavr] has joined ##java [09:11]
yawkat vy: Function<?, ?> cannot be invoked, it's a useless type [09:11]
IRCNew then you could expire the token if it is not pared with the correct device [09:11]
yawkat vy: well, except for with null, but thats not what you asked :) [09:12]
yawkat IRCNew: whats stopping me from sending a different hostname [09:12]
IRCNew you can send a different host name but that will trigger a token expire. So now you need to get the refresh token before the real client uses theres [09:13]
Addax IRCNew: this sounds like what you actually want is a physical access key [09:13]
yawkat IRCNew: you can send the same hostname as the client that the auth token did. [09:13]
yawkat sending hostname adds very little security. it is more secure to just make the auth token longer. [09:13]
waz [waz!~waz@pdpc/supporter/active/waz] has joined ##java [09:14]
IRCNew well in order to know that you would need to know the client. [09:14]
yawkat you can guess it, just like you can guess the token [09:14]
sonOfRa Let's say we need 1eV to flip a single bit once (we need *much much more than that*). That'd be roughly 4*10^121 *terawatts* of energy. The current world energy consumption is around 18 Terawatts per year. [09:14]
sonOfRa You're not guessing a 512 bit token. [09:14]
yawkat guessing the hostname is a lot easier than guessing the token [09:14]
dj_pi [dj_pi!~dj_pi@d4-50-214-166.col.wideopenwest.com] has joined ##java [09:14]
deavmi [deavmi!~deavmi@146.232.65.210] has joined ##java [09:14]
vy A more concrete question: I have beans implementing TaskConsumer<V> { Class <V> getType(); void consume(V payload); } in a Map<Class<?>, TaskConsumer<?>>. Given an Object, can I find the matching TaskConsumer based on Object#getClass() and execute its consume()? [09:14]
IRCNew once you get the token you only get 1 attempt to guess the host name [09:15]
Addax haha [09:15]
x256 vy: Sure, after a cast [09:15]
yawkat vy: you need to cast, theres no way to do it in a safe way [09:15]
yawkat IRCNew: you will not guess the token if it's long enough [09:15]
IRCNew Well you will eventually just a matter of time [09:16]
yawkat if youre really concerned about it, just expire every other similar token when a wrong token is entered [09:16]
vy yawkat: x256: But cast to what? I only have the Map<Class<?>, TaskConsumer<?>> at runtime. [09:16]
yawkat IRCNew: no, you will not [09:16]
Addax IRCNew: you'd require the kind of luck that allows you to shoot a dragon at its one vulnerable point with a ballista on a bobbing boat ... through a mountain [09:16]
Addax maybe more luck than that [09:16]
yawkat IRCNew: honestly, this is basic it security [09:16]
yawkat you WILL NOT guess the token if you have enough entropy in it [09:17]
IRCNew I get that we have little chance. But as you get more users you have more tokens which is more dragons [09:17]
Addax no [09:17]
Addax not really [09:17]
yawkat no, more users does not matter [09:17]
yawkat even if everyone in the world had a token it would be peanuts compared to the token space [09:17]
yawkat 256 bits is A LOT [09:17]
x256 vy: A cast to TaskConsumer<Object> if you must. [09:18]
yawkat you will not guess the token before the heat death of the universe [09:18]
sonOfRa IRCNew: see my above calculation [09:18]
sonOfRa Even if you use literally all the energy available in the universe, you cannot hope to guess a 256 or 512 bit token [09:18]
IRCNew I just want to make it harder [09:18]
yawkat then make the token longer [09:18]
yawkat thats the most secure way [09:18]
sonOfRa Harder then requiring the heat death of the universe? [09:19]
x256 vy: ((TaskConsumer<Object>) map.get(task.getClass())).consume(task); The cast is completely unsafe of cause, but you have to guarantee that the map only contains the correct implementations for the class. [09:19]
Addax sonOfRa: the universe WILL die, you know [09:20]
sonOfRa Addax: I sure hope so [09:20]
sonOfRa Sooner rather than later! [09:20]
utf_8x [utf_8x!~utf_8x@ip4-83-240-127-9.cust.nbox.cz] has joined ##java [09:22]
LSCody [LSCody!~textual@pool-96-246-175-233.nycmny.fios.verizon.net] has joined ##java [09:23]
x256 IRCNew: Putting data with low entropy (hostnames) into a token will weaken its strength, compared to a token generated from the same amount of random data. [09:25]
Teckla [Teckla!uid172075@gateway/web/irccloud.com/x-opjojtwzyzyugewi] has joined ##java [09:27]
IRCNew Actually that makes perfect sense. Since I'm just sending the same amount of data. The advantage is that I would be able to write code to expire the token without killing off a bunch of tokens when anyone gets part of a token correct [09:28]
freeone3000 ...what is "part of a token correct"? [09:29]
freeone3000 this isn't movie-hacking, you either get all of it or none of it. [09:29]
vy x256: Ok, got it working, thanks. [09:29]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [09:30]
IRCNew Well I want to expire the token if you guess 90% because then you are too close to the token if you keep going you will get it [09:30]
Addax how would you gauge that you were 90% to the token? [09:31]
x256 IRCNew: That makes no sense, and may actually open your service for timing side-channel attacks. Never ever provide an attacker with information on how much of a secret he already guessed correctly. [09:31]
Addax If you're 99% "right" on the token, you're still 100% wrong [09:31]
Addax and you'd have no way to know how close you were [09:32]
IRCNew yes you are still wrong and you have not got in. But since you are close and if you keep going up the numbers you will get to the token. So I would expire the token and require the refresh [09:32]
Addax you wouldn't have a way to know [09:32]
sonOfRa IRCNew: this is not how any of this works [09:32]
IRCNew yes [09:33]
yawkat IRCNew: you will not guess the token. [09:33]
Addax if you're one bit off, you're still 100% wrong and have no evaluation criteria by which you knew you were one bit off, or which bit was off [09:33]
sonOfRa Please consult a professional about this, you are very confused about how this works [09:33]
x256 IRCNew: Try not to invent your own snakeoil. Security is hard. Anything 'added' to a proven method is a potential bug or side-channel an attacker can use. [09:33]
IRCNew say I'm 99% correct. First off I don't know this but I'm just going to keep adding 1 to the number till I hit a token [09:34]
Addax that is... not how... no [09:34]
Addax sorry, was trying to type through tears of laughter [09:34]
yawkat IRCNew: if you dont know that youre that close, you have to do the 99% *again*. [09:34]
x256 That's not how probability work [09:34]
Addax that's not an insult, it's just.... that's amusingly wrong [09:35]
yawkat IRCNew: *at least* once. [09:35]
averell [averell!~averell@unaffiliated/averell] has joined ##java [09:35]
Addax that's "donald trump will be a great president because he's a good businessman" wrong [09:35]
[rg] [[rg]!d8df4f72@gateway/web/freenode/ip.216.223.79.114] has joined ##java [09:35]
IRCNew they are just guessing. People say the lottery is basically impossible. So no one should ever win [09:36]
Addax no [09:36]
yawkat IRCNew: the lottery has much much higher probability than this. [09:36]
Addax besides, the numbers for the lottery are far, far, far, far more constrained than tokens [09:36]
IRCNew well people would still win the lottery if it had the same chances [09:36]
sonOfRa No, they wouldn't [09:36]
yawkat IRCNew: no, they wouldnt. [09:36]
Addax actually, no [09:36]
Addax they wouldn't [09:36]
IRCNew 100% that someone would eventually win [09:37]
yawkat IRCNew: nobody would win the lottery in any reasonable time frame in our universe. [09:37]
sonOfRa IRCNew: the sheer scale of numbers 128 bits and upwards can be overwhelming [09:37]
yawkat no. [09:37]
yawkat not before long past the heat death of the universe. [09:37]
Addax IRCNew: look, pretend the security stuff was written by nerds who really wanted to MAKE SURE their moms wouldn't see their porn stash [09:37]
x256 IRCNew: Use more than 128 bit for your token, limit the token lifetime, limit the number of times an attacker is allowed to guess (per time-frame). That's it. [09:37]
Addax "You have to have bought a ticket in THIS store, and then you have to match some ungodly number of digits." [09:38]
sonOfRa IRCNew: the chance to win in a 6 out of 49 lottery game is roughly 1 in 15 million [09:38]
Addax "and we're not telling you which store among 10^10 there are." [09:38]
sonOfRa This is *roughly* the same chance you get if your token was 24 bits long [09:38]
dendazen [dendazen!~dendazen@pool-72-76-93-243.nwrknj.fios.verizon.net] has joined ##java [09:38]
Addax IRCNew: hint: 512 bits is a lot bigger than 24 bits [09:39]
sonOfRa The 1 in (X) part gets double each time you add a bit [09:39]
sonOfRa so, at 32 bits, you're already at 1 in 3.8 billion [09:39]
sonOfRa 33 bits, 1 in 7.6 billion [09:39]
freeone3000 How would you even know if you're 99% correct? [09:39]
Addax freeone3000: I know! [09:39]
Addax it's crazy [09:39]
Addax that's why i laughed when he said that, because it was so unexpected [09:40]
IRCNew no one know they are 99% correct [09:40]
IRCNew that is obvious. [09:40]
yawkat IRCNew: the lottery in my country has a chance equivalent to roughly 27 bits. that means you have to win 2**100 times in a row to hit 128 bits. that would mean winning the lottery every time, every 340 femtoseconds, ever since the universe has existed [09:40]
Addax again, no insult intended [09:40]
IRCNew I'm not telling people this [09:40]
sonOfRa at 64 bits, you're at 1 in 1 in 16 quintillion [09:40]
sonOfRa 65 bits, 1 in 32 quintillion [09:40]
IRCNew My point it if someone guesses a number and it ends up being correct what do I do [09:41]
yawkat that will not happen. [09:41]
sonOfRa Noone will ever guess it [09:41]
IRCNew no some one has guessed it [09:41]
sonOfRa No. [09:41]
yawkat it may be more likely that you suddenly quantum tunnel to mars for no reason. [09:42]
IRCNew we are in a world in which someone guessed it [09:42]
Addax IRCNew: when? [09:42]
sonOfRa To correctly guess at a 1 in X chance, you need roughly X/2 guesses. [09:42]
x256 IRCNew: If you have a 256 bit token, and 1.000.000.000 active tokens (that's a lot), and an attacker would be able to try 1.000.000 tokens per second (that's fast), he would still require 1882284014079344104757903288348677237003062328756381411 years in average to guess a token correctly (that's quite long). Roughly. [09:42]
IRCNew just want to remove the fact it is not likely. but what do I do [09:42]
Addax hahaha [09:42]
sonOfRa You don't. [09:42]
IRCNew what do I do [09:42]
q9929t [q9929t!~Thunderbi@60.243.226.158] has joined ##java [09:42]
freeone3000 IRCNew: Well, it'd be a compromise of pretty much any reliable system we know of. What you should be looking at is "what if someone steals this key?" [09:43]
Addax IRCNew: you relax and use the 512 bit token [09:43]
sonOfRa IRCNew: please stop. Reconsider what you are doing. If you don't trust us, hire a cryptographer. [09:43]
freeone3000 'cause *that's* going to happen way more frequently. [09:43]
sonOfRa They will tell you exactly what we have told you [09:43]
yawkat hey, i have a degree in it security, im certified for telling you this! [09:43]
IRCNew I don't know [09:44]
Addax but he hasn't hired you, so you might be lying [09:44]
IRCNew it just seems broken we have nothing as backup if this happened [09:45]
yawkat who's saying i dont lie when i *am* hired, too! [09:45]
Addax IRCNew: it's... uh... [09:45]
Addax yawkat: some assumption of ethics? [09:45]
sonOfRa Addax: he *is* german! [09:45]
sonOfRa Or at least so he says. [09:45]
yawkat IRCNew: it's much more likely for the earth to explode suddenly. do you prepare for that? [09:45]
freeone3000 IRCNew: What usually happens in such a case is the backup is where the flaws get introduced. [09:45]
Addax yawkat: I used to have DoD SecB clearance, so while I still had that the gummint asserted that I was fairly safe... but even then there was a question [09:46]
freeone3000 General defense-in-depth strategies focus on what happens in case of key compromise from a key *theft* perspective, not a lucky guess. [09:46]
bolovanos [bolovanos!~bolovanos@ctrli.eu] has joined ##java [09:46]
Addax yawkat: I'm prepared for the earth exploding suddenly! Jesus is a friend of mine!... right, Jesus? ... Hello, Jesus? Are you there? [09:46]
x256 IRCNew: It is more likely that your computer spontaneously forms an AI out of solar flare errors on your harddisk, takes over the world, finds your IRC chat logs, starts to hate you and purposefully leaks your token to your enemies, than for an attacker guessing it. [09:46]
Addax I dont even know if DoD uses the same classifications as they used to :/ [09:46]
IRCNew I'm just saying that mathematically it is possible to get the number. I want to confirm the token is coming from the correct device [09:47]
freeone3000 Key theft mitigations include token time-to-lives measured in weeks, using a derivative key instead of the direct key for purposes of secure communication, and scope-limiting the roles of users. [09:47]
freeone3000 IRCNew: Aha, you're defending against someone, say, taking a memory dump of the device, and using the token. [09:47]
x256 IRCNew: Short answer: You can't. There is no way to be 100% sure of anything. [09:47]
Addax IRCNew: don't confuse potential with actuality though [09:47]
sonOfRa IRCNew: then mathematically, the likelihood of them guessing the hostname correctly at the same time, is indiscernable from the likelihood of someone *just* guessing the token [09:47]
freeone3000 (Please say yes this is a thing that could actually happen and there are real defenses against this because this is a thing that could actually happen.) [09:48]
x256 Also, relevant: https://xkcd.com/538/ [09:48]
IRCNew Well then my option is to just do IP locks [09:48]
IRCNew require it to come from the same IP [09:49]
sonOfRa IRCNew: I, a not very sophisticated attacker, am capable of spoofing that. [09:49]
cheeser i'm spoofing it now! [09:49]
Gugi [Gugi!~Gugi@ens247.neoplus.adsl.tpnet.pl] has joined ##java [09:49]
freeone3000 IRCNew: IPv4 IPs are not unique to user, or site, or constant, or... effectively anything you'd want an identifier to be. [09:50]
x256 IRCNew: IP rate limiting works fine for IPv4 networks. For IPv6, your blocklist storage would have to be larger than the universe. [09:50]
IRCNew Well then the return packets would not come back to you? [09:50]
freeone3000 x256: Does not work fine with IPv4 and hasn't since 2016. CGNAT is super-common, T-Mobile IPv4 IPs are issued to blocks of over 200 users. [09:50]
freeone3000 IRCNew: You know how a home router works? Multiple computers behind one router, everything on one side has different addresses, but traffic on the other side sees it all as one IP? [09:51]
freeone3000 IRCNew: They do it through a ridiculously complex state table to do the translation? Carrier-Grade NAT is basically that but sized way up. [09:51]
x256 freeone3000: I mean blacklists to block attackers after X failed guesses for Y seconds. If I accidentally block a legitimate user for some seconds because his room-mate is a blackhat, I would not care :) [09:51]
IRCNew Well yea. But if you require the token to come from an ip then they would need to be on that network [09:51]
cheeser that's cute. [09:52]
IRCNew I'm not removing tokens [09:52]
Addax IRCNew: what you COULD do is assume we aren't helping and do it yourself. After your method's been broken, come back to us. :) [09:52]
IRCNew and if you spoof your ip then the return packed would not come back to you [09:52]
sonOfRa IRCNew: that depends on the capabilities of the attacker. I could (at the cost of my server ISP telling me to stop it), fake that I'm that certain IP. [09:52]
freeone3000 well THAT's not true. [09:52]
freeone3000 Note: The "telling you to stop it" comes in the form of a *phone call*. [09:52]
Bombe Just don?t pick up! [09:53]
Bombe Check mate, atheists. [09:53]
freeone3000 That's what Hurricane Electric does :P [09:53]
sonOfRa If I were a sophisticated attacker, I could just... do that, and there would be noone to call me [09:53]
sonOfRa It'd eventually show up in bgpstream and some nerds on twitter would get angry about it for a few hours [09:53]
sonOfRa But getting angry about it is the extent of what they can do about it. [09:53]
cheeser i'll write a sternly worded letter. [09:54]
freeone3000 This is also a reasonably cheap attack, much cheaper than attacking the hash, possibly cheaper than stealing the key. [09:54]
sonOfRa cheeser: you can file it to the top drawer in the complaints department :) [09:54]
Bombe ?Dear diary, today somebody spoofed their IP! I?m mad as heck.? [09:55]
freeone3000 so between "IPs don't work because they're too broad" and "IPs don't work because they're unauthenticated" and "IPs don't work because even legitimate users have frequently changing IPs" we're at: Don't use IPs. [09:55]
extorr [extorr!~extor@unaffiliated/extor] has joined ##java [09:56]
MatthijsH [MatthijsH!~quassel@unaffiliated/matthijs] has joined ##java [09:56]
fstd_ [fstd_!~fstd@unaffiliated/fisted] has joined ##java [09:56]
IRCNew Well I'm not removing the token. that would just be dumb [09:56]
Arimil [Arimil!~Renari@24.229.184.254.res-cmts.sm.ptd.net] has joined ##java [09:56]
Xiti` [Xiti`!~Xiti-@unaffiliated/xiti] has joined ##java [09:57]
IRCNew you need IP and token. I don't see who it makes it less secure [09:57]
shicks_ [shicks_!~shicks252@ool-4354603e.dyn.optonline.net] has joined ##java [09:57]
freeone3000 Please don't require IP. If you require IP, you've just broken it for effectively every corporate user. [09:57]
oogaw [oogaw!~wagoo@24.65.76.83.dynamic.wline.res.cust.swisscom.ch] has joined ##java [09:57]
freeone3000 Good JWT token usage: Limited scope, Limited time, Strong crypto. You've nailed the third, do the first two and you're set. [09:57]
SuperTyp_ [SuperTyp_!~SuperTyp@15.5.3.213.static.wline.lns.sme.cust.swisscom.ch] has joined ##java [09:57]
VVD59949 [VVD59949!~VVD@109.252.91.44] has joined ##java [09:58]
GeraldW_ [GeraldW_!~geraldw@v22017115126455540.ultrasrv.de] has joined ##java [09:58]
IRCNew Well the idea is the token is tied to and IP and when your ip changes then you can use the refresh token to get a new token(tied to your current ip) and refresh token [09:59]
skunnard [skunnard!~penthief@unaffiliated/penthief] has joined ##java [09:59]
ashka` [ashka`!~postmaste@pdpc/supporter/active/ashka] has joined ##java [09:59]
DiabloD3 [DiabloD3!foobar@exelion.net] has joined ##java [09:59]
APK [APK!AKP@irc.akpwebdesign.com] has joined ##java [09:59]
Ekho- [Ekho-!~Ekho@unaffiliated/ekho] has joined ##java [09:59]
freeone3000 k, but why link that to IP change instead of to, I dunno, 24h? [09:59]
DTZUZO_ [DTZUZO_!~DTZUZO@S0106bcd16584b0aa.vs.shawcable.net] has joined ##java [09:59]
DTZUZU2 [DTZUZU2!~DTZUZU@S0106bcd16584b0aa.vs.shawcable.net] has joined ##java [09:59]
IRCNew well both time and ip change [09:59]
Cyp__ [Cyp__!~Cyp_@87-52-78-149-cable.dk.customer.tdc.net] has joined ##java [09:59]
freeone3000 IP change is just a fustration that doesn't actually add anything. I wouldn't use it. [10:00]
Techcable_ [Techcable_!znc@irc.techcable.net] has joined ##java [10:00]
x256 IRCNew: The IP adds no security because the token alone is secure enough. It just adds annoyance for your users. [10:00]
xintron1 [xintron1!~xintron@unaffiliated/xintron] has joined ##java [10:00]
mbooth IRCNew: So why bother tying to IP, if you can just refresh? Seems like extra inconvenience for users for no benefit whatsoever [10:01]
Orphis_ [Orphis_!~orphis@adam.orphis.net] has joined ##java [10:01]
Mrkkk [Mrkkk!~Mrkkk@240e:470:100:514f:312b:9c29:abdc:f9b1] has joined ##java [10:01]
IRCNew well if you have your refresh tokens working properly it should just be automatic [10:01]
sbeex_ [sbeex_!~sbeex@46.140.90.107] has joined ##java [10:01]
sunri5e_ [sunri5e_!~sunri5e@unaffiliated/sunri5e] has joined ##java [10:01]
Maldivia_ [Maldivia_!~maldivia@nyx.duckpond.dk] has joined ##java [10:01]
mike5w3c_ [mike5w3c_!~mike@sideshowbarker.net] has joined ##java [10:01]
mbooth IRCNew: But what does it add? [10:01]
autojack_ [autojack_!~owen@unaffiliated/autojack] has joined ##java [10:01]
sud0 [sud0!~Death@hackspaceuy/member/sud0] has joined ##java [10:01]
camerin [camerin!hoax@elite.bshellz.net] has joined ##java [10:01]
IRCNew well. I don't think this is in oauth but I was thinking you need to send a refresh and the token at the same time [10:02]
Maxdaman1us [Maxdaman1us!~Maxdamant@unaffiliated/maxdamantus] has joined ##java [10:02]
eof_ [eof_!~eof@static.170.252.47.78.clients.your-server.de] has joined ##java [10:02]
canton7_ [canton7_!~canton7@about/csharp/regular/canton7] has joined ##java [10:02]
IRCNew mbooth it makes it a little bit harder to get everything since spoofing would not return data correctly to you unless you have a proxy.... [10:03]
IRCNew but unlike my hostname which is sending more data it would make more sense to just increase token size at that point [10:03]
led_dark_1 [led_dark_1!~Thunderbi@217.66.160.14] has joined ##java [10:03]
Alina-malina_ [Alina-malina_!~Alina-mal@unaffiliated/alina-malina] has joined ##java [10:03]
IRCNew Thanks everyone for making the idea of using a hostname pointless since it is better to just add more bits [10:04]
Bombe 512 bits is plenty. [10:04]
x256 IP checks would also introduce a timing side-channel. An attacker could now verify if a specific IP has any tokens in your database, based on the time it takes to look the IP up in it. [10:04]
x256 Adding stuff to methods already proven to be secure will never improve security. [10:04]
IRCNew why don't I just make it take the same amount of time. Also if you have a valid ip you still need to get that token [10:05]
lilalinux_mbp [lilalinux_mbp!znc@80.69.39.131] has joined ##java [10:06]
IRCNew so you still are trying to guess that token [10:06]
freeone3000 "just" does a whole lot of work in that sentance. [10:06]
freeone3000 Have you written a constant-time check before? [10:06]
Bombe Nobody is trying to guess a 512-bit token. [10:06]
Bombe Because that?s stupid. [10:06]
lilalinuxHH [lilalinuxHH!znc@80.69.39.131] has joined ##java [10:06]
fizzie [fizzie!fis@unaffiliated/fizzie] has joined ##java [10:06]
Fairy [Fairy!~Fairy@unaffiliated/fairy] has joined ##java [10:06]
liefer [liefer!~liefer@3e6b4c17.rev.stofanet.dk] has joined ##java [10:07]
knited [knited!~knited@unaffiliated/knited] has joined ##java [10:07]
rudidev [rudidev!~rudidev@104.248.83.16] has joined ##java [10:07]
callMeBaby [callMeBaby!~callMeBab@45.63.96.158] has joined ##java [10:07]
Amadiro [Amadiro!~Amadiro@v220100555393154.yourvserver.net] has joined ##java [10:07]
deavmiUniversity [deavmiUniversity!~deavmi@41.164.24.82] has joined ##java [10:07]
SanguineAnomaly [SanguineAnomaly!~anomaly@cpc109023-salf6-2-0-cust375.10-2.cable.virginm.net] has joined ##java [10:07]
Rapture [Rapture!~textual@50-204-232-30-static.hfc.comcastbusiness.net] has joined ##java [10:08]
AcTiVaTe [AcTiVaTe!~activate@host-m7ku8h.tnz1.zeelandnet.nl] has joined ##java [10:08]
quadsar [quadsar!~quadsar@unaffiliated/quadsar] has joined ##java [10:08]
IRCNew I have not done the constant-time before but I think PBDKF2 example has it. [10:08]
x256 Adding artificial delays either won't help (fixed or random delays do not hide anything), or make DOS attacks trivial. [10:08]
greggerz [greggerz!~greggerz@unaffiliated/greggerz] has joined ##java [10:09]
freeone3000 yeah but hold on are you using a key derivation function on a non-random IV? [10:09]
IRCNew DOS attacks seem like they would be a problem regardless [10:09]
irdr [irdr!irdr@137.204.76.34.bc.googleusercontent.com] has joined ##java [10:09]
freeone3000 see this is "I don't know how it makes it less secure" should really put the emphasis clearer [10:10]
IRCNew By requiring a 512bit token and IP is less secure then just requiring a 512bit token. Can you explain [10:10]
freeone3000 okay see it seems like you're using PBDKF2 as your key derivation function. [10:10]
IRCNew O wow [10:11]
IRCNew no I'm not [10:11]
freeone3000 ...what *are* you using? [10:11]
Bombe ?crayons, apparently. [10:11]
IRCNew yea [10:12]
IRCNew crayons [10:12]
IRCNew dam [10:12]
freeone3000 'cause I was about to go "that's a good decision, but you need to make sure your *inputs* to key derivation are difficult to guess". [10:12]
freeone3000 But if you're not, well, what is your key derivation fucntion? [10:12]
sauvin [sauvin!sauvin@about/linux/staff/sauvin] has joined ##java [10:13]
[rg] do I need to use runnable to get a hashmap of lamdas and another object? e.g map<String, MyInterfaceClass> [10:13]
[rg] would be map<String, Runnable> ? [10:13]
kqr [kqr!~kqr@vps.xkqr.org] has joined ##java [10:13]
IRCNew SecureRandom [10:13]
Bombe You know, IRCNew, if you somehow get the feeling that you are being ridiculed, then a) yes, you are, and b) congratulations, you are actually capable of grokking what people tell you. Now listen to what we?re saying and stop making up your own security solutions because THEY. WILL. FAIL. Just don?t. Thanks. [10:13]
freeone3000 IRCNew: oh no. [10:13]
AfroThundr|main [AfroThundr|main!~AfroThund@countervandalism/AfroThundr3007730] has joined ##java [10:14]
IRCNew Yea [10:14]
freeone3000 IRCNew: That's not a key derivation function, it's just a CSPRNG. [10:14]
salparadise [salparadise!~salparadi@ec2-54-245-184-165.us-west-2.compute.amazonaws.com] has joined ##java [10:14]
IRCNew At least this is not in production yet [10:14]
freeone3000 IRCNew: So how do you translate from your CSPRNG to the otoken you generate? [10:14]
mz` [mz`!~mz@gandi/mz] has joined ##java [10:15]
IRCNew I'm doing it wrong [10:15]
mbooth IRCNew++ [10:15]
IRCNew This needs to be fixed [10:16]
Crash1hd [Crash1hd!~Crash1hd@unaffiliated/crash1hd] has joined ##java [10:16]
IRCNew It is the most important part [10:16]
DrowningElysium [DrowningElysium!uid190788@gateway/web/irccloud.com/x-qxjsopojtxhzbpst] has joined ##java [10:16]
Bombe Unless you?re creating an authentication framework (gee, I hope not) it?s not the most important part. [10:16]
freeone3000 If you need an authentication solution, try a drop-in one from spring-security, such as OAuth or JWT. This will likely suit your needs. (I like Apache Shiro, but it's a bit lower-to-the-ground) [10:17]
Bombe Yes, all that is basically a solved problem. [10:17]
Bombe No need to invent anything. [10:17]
IRCNew Do all these use a third party [10:19]
cheeser you can run your own oauth server [10:19]
IRCNew I don't know [10:20]
IRCNew I think I could [10:21]
freeone3000 OAuth1, not 2, means you're running both servers. 2 is a bit complex. [10:21]
freeone3000 (2 isn't *inherently* more secure than 1 - it offers a few more levers and a bit more scoping, but 1 is much easier to get right) [10:22]
rwheadon [rwheadon!~rwheadon@23-127-128-33.lightspeed.tukrga.sbcglobal.net] has joined ##java [10:22]
rwheadon [rwheadon!~rwheadon@50-206-47-6-static.hfc.comcastbusiness.net] has joined ##java [10:23]
IRCNew Anyone have information on how to setup oauth on own servers [10:26]
IRCNew I think I just need to use a library since. I'm making a square wheel currently [10:27]
freeone3000 IRCNew: Yep. Here's how to do single-WAR for your resource server, your authentication server, and your application using JWT on OAuth2 with Spring-Security: https://www.baeldung.com/spring-security-oauth-jwt [10:28]
freeone3000 freeone3000's title: "Using JWT with Spring Security OAuth | Baeldung" [10:28]
[rg] oh i got it gonna need a class to hold each function for the interface, nice [10:28]
[rg] factories ftw [10:28]
freeone3000 (Apparently OAuth2 is what all the Cool Kids are using, so even though I found OAuth1 simpler, all the guides are for 2, so might as well do 2.) [10:28]
progart [progart!~kamee@178.78.133.81] has joined ##java [10:30]
IRCNew Well If I follow something like this. I should be closer to using Google signin / Gitlab / facebook.... [10:30]
VicMackey [VicMackey!~vicmackey@158.227.0.238] has joined ##java [10:30]
freeone3000 Yep, those also provide OAuth. If you don't want to track user credentials yourself, you can use one of those, but that's more of a user experience question (technical audiences don't trust you with an oauth flow, since that allows you to correlate usage) [10:31]
AcTiVaTe [AcTiVaTe!~activate@host-m7ku8h.tnz1.zeelandnet.nl] has joined ##java [10:32]
IRCNew Well I want to allow signin using those services so the user can pick. I mean I'm storing passwords has PBKDF2 hashes so I don't think I have a problem currently [10:34]
IRCNew I just need to allow users to say logged in with out using Sessions and using cookies [10:34]
IRCNew to store tokens [10:34]
IRCNew So just confirming. I could use OAuth to allow users to use my server to login to other servers [10:37]
conan [conan!~conan@85.255.234.247] has joined ##java [10:44]
IRCNew Well is a proper implementation to setup an OAuth client and then have that connect to your OAuth Server or a Google OAuth Server [10:45]
bolovanos [bolovanos!~bolovanos@91.201.22.5] has joined ##java [10:47]
elinow [elinow!~elinow@86.57.224.98] has joined ##java [10:49]
freeone3000 yes. [10:51]
IRCNew Yea. I don't know what I was thinking trying to roll my own solution since I want to eventually connect to a Google OAuth [10:52]
cheeser *sniffle* our little tyke has grown up! *sniffle* *sniffle* [10:53]
paws__ [paws__!uid89121@gateway/web/irccloud.com/x-ljpioygnvvjomkss] has joined ##java [10:53]
odinsbane alergies? [10:54]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [10:54]
puppy_za don't reinvent the wheel :p [10:54]
RedSoxFan07 [RedSoxFan07!~Thunderbi@d-137-103-109-45.ct.cpe.atlanticbb.net] has joined ##java [10:55]
[rg] how do you guys browse jdk docs? [10:56]
[rg] just from google? [10:56]
[rg] wish there was a text info or something local [10:56]
cheeser you can download them... [10:57]
cheeser downloads [10:58]
cheeser Find current releases for Java at http://www.oracle.com/technetwork/java/javase/downloads/index.html . Older releases can be found at http://www.oracle.com/technetwork/java/javase/archive-139210.html . If you don't need the Oracle Version, see ~alternative jdk [10:58]
CAPITANOOO [CAPITANOOO!~CAPITANOO@185.192.137.14] has joined ##java [10:59]
qrestlove [qrestlove!~qrestlove@2601:446:c201:f560:a49a:2c2e:81d1:634b] has joined ##java [11:01]
[rg] "Oracle account sign in" ? [11:02]
pualj [pualj!~tux@105.33.225.254] has joined ##java [11:03]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [11:05]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [11:07]
sonOfRa cheeser: do we want to change those links to something like adoptopenjdk, now that you can't really download oracle jdk w/o login anymore? [11:07]
cheeser sonOfRa: probably, yeah [11:08]
sonOfRa alternative jdk [11:08]
sonOfRa See ~zulu, ~openjdk, ~adoptopenjdk, ~corretto, ~oraclejdk, ~ibmjdk, ~openj9, ~sapmachine or ~liberica for alternatives [11:08]
cheeser but you don't need to log in to download the jdk [11:08]
sonOfRa Oh, was I on the jre page, nvm then [11:09]
cheeser what's a jre? :D [11:09]
sonOfRa Ohhh, I was on the *archive* apge [11:09]
sonOfRa Looks like everything except JDK12 redirects me to login.oracle.com [11:10]
freeone3000 yep, because oracle doesn't support older versions of the jdk. [11:11]
cheeser anything after 6mos old requires a support contract [11:11]
IRCNew Something I don't understand is do I need to pay oracle money to use java [11:18]
kassle [kassle!~kassle@london.serv.krybrig.org] has joined ##java [11:18]
[rg] you dont [11:18]
yawkat even below 6mo a support contract is required to use the oracle jdk linked on that site [11:18]
IRCNew when would you need to pay oracle [11:18]
yawkat "Oracle JDK is Oracle's supported Java SE version for customers and for developing, testing, prototyping or demonstrating your Java applications." [11:19]
kassle parted the channel: [11:19]
yawkat so, just dont use that site if you want to actually use java beyond those terms [11:19]
cheeser use adoptopenjdk everywhere [11:20]
IRCNew Well if I have openjdk then I'm fine [11:20]
cheeser depends on the openjdk vendor. oracle has one, too. [11:20]
IRCNew well It it an Ubuntu build [11:21]
Mrkkk [Mrkkk!~Mrkkk3@115.196.18.58] has joined ##java [11:24]
themsay [themsay!~themsay@149.254.234.86] has joined ##java [11:24]
orbyt_ [orbyt_!~orbyt@172.92.5.20] has joined ##java [11:25]
kappa1 [kappa1!~kappa1@unaffiliated/kappa1] has joined ##java [11:26]
IRCNew it seems fine [11:26]
kappa1 why am I getting a parse exception here: new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ").parse("2014-07-19T23:59:57.161Z"); [11:26]
[rg] whats the error? [11:27]
kappa1 Exception in thread "main" java.text.ParseException: Unparseable date: "2014-07-19T23:59:57.161Z" [11:27]
ygivenx [ygivenx!~ygivenx@c-67-161-30-108.hsd1.ca.comcast.net] has joined ##java [11:27]
IRCNew I don't know much about date parsing but why did you 'T' and not 'Z' [11:28]
kappa1 just used the mask that was here: https://docs.oracle.com/javase/7/docs/api/java/text/SimpleDateFormat.html [11:28]
kappa1 IRCNew, apparently it worked [11:29]
kappa1 by using 'Z' [11:29]
Muzer [Muzer!~muzer@tim32.org] has joined ##java [11:29]
IRCNew yea actually Z should be a time zone [11:30]
IRCNew not the letter Z [11:30]
kappa1 but when Z means it's UTC [11:30]
yawkat java.time [11:30]
yawkat Use the new, as of java 8, java.time package (inspired by joda-time): http://docs.oracle.com/javase/8/docs/api/java/time/package-summary.html and the tutorial, http://docs.oracle.com/javase/tutorial/datetime/TOC.html . Look at https://yawk.at/java.time/ for an overview of the basic concepts. [11:30]
[rg] anyone work for a large coporate comany here? [11:31]
freeone3000 [rg]: Many people. [11:31]
yawkat anyone [11:31]
yawkat Chances are someone has, so why not just ask your question and save some time? If someone knows the answer and wants/has time to help, perhaps they will. [11:31]
IRCNew looking at the first link it says Z if for timezone and and example is -0800 [11:31]
freeone3000 kappa1: Not according to SimpleDateFormat. Z represents an RFC882 timezone. See https://docs.oracle.com/javase/7/docs/api/java/text/SimpleDateFormat.html#rfc822timezone [11:31]
freeone3000 What it LOOKS like what you have is an ISO8601 datetime, which has a prebuilt format which handles these cases, including 'Z' (which is allowed by ISO8601 but not RFC882) [11:32]
led1 [led1!~Thunderbi@217.66.160.14] has joined ##java [11:33]
Mrkkk kappa1: it looks like that you are using a wrong format to paser the data in the code. [11:33]
Jantz [Jantz!~IceChat9@2407:7000:8d04:100:194a:6964:2af5:7973] has joined ##java [11:33]
kappa1 I see, makes sense [11:33]
IRCNew And I believe you should use X for ISO8601 and Z for RFC822 [11:34]
[rg] well, if you have how would you say the impact has been using java for a large team? [11:34]
freeone3000 [rg]: what are you looking for here? [11:35]
kappa1 Let me see [11:35]
[rg] nothing, just discussion? [11:35]
[rg] wonders if he is the only one who doesnt make assumptions [11:35]
kappa1 IRCNew, worked fine with X [11:35]
IRCNew great [11:36]
kappa1 iso8601 right [11:36]
kappa1 thanks :-) [11:36]
freeone3000 kappa1: I'd still advise you to use the prebuilt ISO8601 format, it handles a few more weird edge cases like that. Several components of your datetime there are actually optional. [11:36]
Nicmavr [Nicmavr!~Nicmavr@unaffiliated/nicmavr] has joined ##java [11:41]
kappa1 parted the channel: "Leaving" [11:42]
kappa1 [kappa1!~kappa1@unaffiliated/kappa1] has joined ##java [11:42]
tang^ [tang^!~tang^@207.229.38.10] has joined ##java [11:42]
Mrkkk [Mrkkk!~Mrkkk3@115.196.18.58] has joined ##java [11:44]
whaley the world will not be at peace until at least all systems are using ISO8601 for all date/time as a string representations [11:46]
whaley it is known [11:46]
Mrkkk [Mrkkk!~Mrkkk3@115.196.18.58] has joined ##java [11:46]
upgrdman [upgrdman!~upgrdman@blender/artist/upgrdman] has joined ##java [11:46]
aweb [aweb!~aweb@ip68-3-187-172.ph.ph.cox.net] has joined ##java [11:48]
Mrkkk [Mrkkk!~Mrkkk3@115.196.18.58] has joined ##java [11:49]
entry_lvl_dev [entry_lvl_dev!~entry_lvl@ool-18bee332.dyn.optonline.net] has joined ##java [11:49]
Mrkkk [Mrkkk!~Mrkkk3@115.196.18.58] has joined ##java [11:50]
entry_lvl_dev Open do i open a file in firefox in Java [11:50]
entry_lvl_dev how do i open a html file in firefox using java* [11:50]
sagax i write if think that `maven-jar-plugin` can't build jar file with all dependencies? [11:51]
Mrkkk [Mrkkk!~Mrkkk3@115.196.18.58] has joined ##java [11:51]
freeone3000 sagax: correct. usually you'd use maven-shade-plugin to do this. [11:53]
freeone3000 javadoc Desktop [11:53]
freeone3000 entry_lvl_dev, freeone3000: http://bit.ly/2VAWSLX [JDK: java.awt.Desktop] [11:53]
freeone3000 entry_lvl_dev: Please note that the ability to get an instance of this class, and *every method of the class*, is optionally implemented - so this may not be there. [11:54]
entry_lvl_dev thanks freeone3000 [11:54]
entry_lvl_dev freeone3000: but how do i open with a specific browser, not just default browser [11:55]
freeone3000 entry_lvl_dev: You're trying to do the wrong thing there. [11:55]
freeone3000 The default browser is correct. [11:55]
IRCNew what would you expect to happen if firefox was not installed. [11:56]
Mrkkk [Mrkkk!~Mrkkk3@115.196.18.58] has joined ##java [11:56]
entry_lvl_dev right we have 4 different browsers though [11:56]
freeone3000 "we"? [11:56]
entry_lvl_dev yes sir, we [11:56]
rippa [rippa!~rippa@ppp-vpdn-37.1.85.157.yarnet.ru] has joined ##java [12:00]
Mrkkk [Mrkkk!~Mrkkk@115.196.18.58] has joined ##java [12:01]
srisri [srisri!~srisri@c-98-207-200-202.hsd1.ca.comcast.net] has joined ##java [12:02]
dj_pi [dj_pi!~dj_pi@d4-50-214-166.col.wideopenwest.com] has joined ##java [12:02]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [12:02]
jetjoe [jetjoe!~jetjoe@2a02:908:1010:7e20:6184:9429:5a9b:3875] has joined ##java [12:05]
ericek111 [ericek111!~ericek111@109-230-55-69.dynamic.orange.sk] has joined ##java [12:07]
forgottenone [forgottenone!~forgotten@176.88.99.234] has joined ##java [12:07]
Secret-Fire [Secret-Fire!~Secret-Fi@97-120-107-144.ptld.qwest.net] has joined ##java [12:11]
Gugi [Gugi!~Gugi@ens247.neoplus.adsl.tpnet.pl] has joined ##java [12:11]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [12:12]
Secret-Fire [Secret-Fire!~Secret-Fi@97-120-107-144.ptld.qwest.net] has joined ##java [12:13]
Teckla [Teckla!uid172075@gateway/web/irccloud.com/x-izoxipnzqstpgsks] has joined ##java [12:13]
Secret-Fire [Secret-Fire!~Secret-Fi@97-120-107-144.ptld.qwest.net] has joined ##java [12:14]
apok [apok!c3b2b2c5@gateway/web/freenode/ip.195.178.178.197] has joined ##java [12:20]
explodes [explodes!~explodes@unaffiliated/explodes] has joined ##java [12:21]
orbyt_ [orbyt_!~orbyt@172.92.5.20] has joined ##java [12:21]
explodes Hello [12:22]
explodes What is the different between Map<Double> and HashMap<double> [12:22]
whaley polymorphism [12:22]
whaley explodes, polymorphism is http://docs.oracle.com/javase/tutorial/java/IandI/polymorphism.html [12:22]
explodes Is one of them passed by value? [12:22]
orbyt_ [orbyt_!~orbyt@172.92.5.20] has joined ##java [12:23]
deavmi [deavmi!~deavmi@146.232.65.210] has joined ##java [12:23]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [12:26]
srisri [srisri!~srisri@204.14.239.17] has joined ##java [12:26]
ogradyd [ogradyd!~Thunderbi@HSI-KBW-046-005-255-037.hsi8.kabel-badenwuerttemberg.de] has joined ##java [12:26]
knifefork [knifefork!~textual@pool-96-230-101-232.bstnma.fios.verizon.net] has joined ##java [12:28]
apok How do I call a method inside CompletableFuture.exceptionally() /handle() that returns a future? https://pastebin.com/XYsDy214 [12:30]
yawkat you could chain it with another compose [12:33]
deavmi [deavmi!~deavmi@146.232.65.210] has joined ##java [12:34]
apok But say I need to pass the actual exception [12:35]
yawkat well, return the completablefuture and then compose with the identity function [12:36]
orbyt_ [orbyt_!~orbyt@172.92.5.20] has joined ##java [12:36]
sa02irc [sa02irc!~sa02irc@155-079-043-212.ip-addr.inexio.net] has joined ##java [12:36]
apok Can you show an example please? [12:36]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [12:36]
Renari [Renari!~Renari@24.229.184.254.res-cmts.sm.ptd.net] has joined ##java [12:39]
nickel8448 [nickel8448!~rahul@2a02:8084:d6be:8300:419d:8d81:d4b0:712a] has joined ##java [12:40]
lithium [lithium!~lithium@unaffiliated/lithium] has joined ##java [12:42]
Yamakaja [Yamakaja!~yamakaja@vps.pub.yamakaja.me] has joined ##java [12:43]
LKoen [LKoen!~LKoen@2a01cb0407597a00995db2d70786efff.ipv6.abo.wanadoo.fr] has joined ##java [12:45]
Addax explodes: everything in java is passed by value [12:50]
Addax a Map is an interface, a HashMap<Double> is a concrete realization [12:50]
manualcrank [manualcrank!~manualcra@bras-base-mtrlpq2718w-grc-11-70-24-186-113.dsl.bell.ca] has joined ##java [12:51]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [12:51]
[twisti] [[twisti]!~twisti@toadwater.com] has joined ##java [12:56]
enoq [enoq!~enoq@2a02:8388:6a87:b080:649f:9456:c1b1:28e4] has joined ##java [01:01]
knifefork [knifefork!~textual@pool-96-230-101-232.bstnma.fios.verizon.net] has joined ##java [01:02]
tomscher1 [tomscher1!~tom@c108-ads11.uibk.ac.at] has joined ##java [01:11]
[rg] [[rg]!d8df4f72@gateway/web/freenode/ip.216.223.79.114] has joined ##java [01:11]
[rg] is there ever a downside to using raw types? [01:12]
whaley [rg]: yes [01:13]
[rg] well, what is it? [01:13]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [01:13]
[rg] like, is it a big deal? [01:13]
[rg] or not really [01:13]
freeone3000 [rg]: You lose all the benefits of generic typing. ALL benefits. [01:13]
whaley [rg]: you lose compile time checking [01:13]
[twisti] you lose type safety [01:13]
[rg] ah [01:14]
[rg] yeah thats pretty big [01:14]
[rg] dang [01:14]
[rg] passes the responsability on [01:15]
aqd [aqd!~aqd@87-92-9-8.bb.dnainternet.fi] has joined ##java [01:24]
t2mkn [t2mkn!~t2mkn@43.226.2.66] has joined ##java [01:25]
LKoen_ [LKoen_!~LKoen@2a01cb0407597a00fd8065e931c84073.ipv6.abo.wanadoo.fr] has joined ##java [01:30]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [01:32]
jamiejackson [jamiejackson!c7df1efe@gateway/web/cgi-irc/kiwiirc.com/ip.199.223.30.254] has joined ##java [01:37]
paddyez [paddyez!~paddyez@wikipedia/paddyez] has joined ##java [01:38]
rruizt [rruizt!~rruizt@83-84-23-124.cable.dynamic.v4.ziggo.nl] has joined ##java [01:39]
gelignite [gelignite!~gelignite@55d464b8.access.ecotel.net] has joined ##java [01:39]
acidjnk [acidjnk!~acid@i577BCA58.versanet.de] has joined ##java [01:43]
mohsen_1 [mohsen_1!uid289573@gateway/web/irccloud.com/x-uiilylrgxqeafxjj] has joined ##java [01:45]
LKoen [LKoen!~LKoen@2a01cb0407597a00b8fdd3e507b99842.ipv6.abo.wanadoo.fr] has joined ##java [01:46]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [01:48]
led1 [led1!~Thunderbi@217.66.160.14] has joined ##java [01:49]
cfoch [cfoch!uid153227@gateway/web/irccloud.com/x-bljhmlmnfrikvjut] has joined ##java [01:50]
beStKodErEveR [beStKodErEveR!~dannyD@h-5-150-218-151.NA.cust.bahnhof.se] has joined ##java [01:54]
Sasazuka [Sasazuka!~Sasazuka@unaffiliated/sasazuka] has joined ##java [02:02]
SupaHam [SupaHam!~SupaHam@supaham.com] has joined ##java [02:03]
surial Is this the time to mention that Map<Double> is, most of all, a compiler error? [02:06]
Addax no [02:07]
Addax HashMap<double> is multiple errors anyway, so ... let it go [02:07]
[twisti] how is Map<Double> a compiler error ? [02:07]
Addax Map takes a K,V [02:08]
Addax so it's missing a type in the declaration [02:08]
led1 [led1!~Thunderbi@217.66.160.14] has joined ##java [02:08]
[twisti] oh duh lol [02:08]
Addax and his example was HashMap<double> // note primitive [02:08]
[twisti] i seem to have missed something, i dont see anyone mentioning a HashMap<double> [02:09]
t2mkn [t2mkn!~t2mkn@43.226.2.66] has joined ##java [02:11]
ricky_clarkson [ricky_clarkson!~rjclarkso@unaffiliated/rickyclarkson/x-000000001] has joined ##java [02:13]
Addax https://javabot.evanchooly.com/logs/%23%23java/2019-05-21#5ce425d10a975a1bbb1af8ce [02:15]
LSCody [LSCody!~textual@pool-96-246-175-233.nycmny.fios.verizon.net] has joined ##java [02:16]
ztychr [ztychr!ztychr@gateway/vpn/privateinternetaccess/ztychr] has joined ##java [02:21]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [02:21]
[twisti] i seem to have missed a lot [02:22]
RedSoxFan07 [RedSoxFan07!~Thunderbi@d-137-103-109-45.ct.cpe.atlanticbb.net] has joined ##java [02:23]
LunarJetman [LunarJetman!LunarJetma@0547857b.skybroadband.com] has joined ##java [02:23]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [02:26]
ravenous_ [ravenous_!~ravenousm@ptr-cud5aqg3vdz3n95k7t0.18120a2.ip6.access.telenet.be] has joined ##java [02:27]
ravenous_ [ravenous_!~ravenousm@ptr-cud5aqg3vdz3n95k7t0.18120a2.ip6.access.telenet.be] has joined ##java [02:28]
Rovanion [Rovanion!~rovanion@h-109-172.A163.priv.bahnhof.se] has joined ##java [02:30]
Ragnor [Ragnor!~Ragnor@dslb-084-062-042-124.084.062.pools.vodafone-ip.de] has joined ##java [02:35]
whaley surial: it's not a compiler error [02:38]
surial but it is though. [02:38]
LearnAllTheTime [LearnAllTheTime!~LearnAllT@2600:1700:e560:21e0:31dc:cf1b:a041:f031] has joined ##java [02:38]
whaley no it's not [02:38]
surial but it is though. [02:38]
whaley no it's not [02:38]
[rg] just explain instead of circle jerk pls [02:38]
avalchev [avalchev!~Thunderbi@46.238.21.2] has joined ##java [02:38]
whaley plz [02:39]
whaley [rg], If you include "pls" in your request because it's shorter than "please", then expect to get told "no" because it's shorter than "yes". [02:39]
surial But it is though. https://glot.io/snippets/fcfggbvc7t [02:39]
Addax [rg]: it requires two types in the declaration, or it's a raw type [02:39]
Addax one type is not enough [02:39]
whaley yes, for java.util.Map/HashMap [02:39]
whaley which we don't know that's what is being referred to [02:39]
surial [rg]: Map<Integer, String> map = Map.of(1, "One", 2, "Two"); // this thing maps the number to its english word. [02:39]
Addax whaley: gross [02:40]
whaley hahahaha [02:40]
surial whaley: in which case saying that it is NOT a compiler error is equally wrong. [02:40]
surial whaley: if you're going to make a 'pedantic joke' (a.k.a. be a fucking arsehat and confuse newbies; cut this shit out for fuck's sake) ? at least do it right, geez. [02:40]
whaley surial: great. continue being a pedantic fuck about it then [02:40]
Addax have you met surial? [02:40]
fragamus [fragamus!~textual@192.92.7.118] has joined ##java [02:40]
Addax surial without pedantry (and whatever excessive appelation you want to assign) is hardly evidence of surial-ness [02:41]
royal_screwup21 [royal_screwup21!89de72f2@gateway/web/cgi-irc/kiwiirc.com/ip.137.222.114.242] has joined ##java [02:41]
Nicmavr [Nicmavr!~Nicmavr@unaffiliated/nicmavr] has joined ##java [02:41]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [02:42]
[rg] yeah I'm not sure what's the issue it doesn't compile [02:43]
[rg] is the argument about if one type makes it a raw type? [02:44]
fragamus [fragamus!~textual@192.92.7.118] has joined ##java [02:44]
surial [rg]: one type simply does not compile. see https://glot.io/snippets/fcfggbvc7t for the error. [02:45]
Addax ... assuming that when you say "Map" you mean java.util.Map, thanks whaley [02:45]
whaley yes [02:45]
Addax and I admire the calling-out of surial for pedantry when that's... more pedantic than I would ever have expected from you :) [02:46]
[rg] surial: yeah I have seen that [02:49]
whaley Addax: that was the point [02:50]
ianrobot [ianrobot!~ianrobot@x590e055d.dyn.telefonica.de] has joined ##java [02:50]
CookieM [CookieM!~tomek@afdr20.neoplus.adsl.tpnet.pl] has joined ##java [02:57]
DammitJim [DammitJim!~DammitJim@173.227.148.6] has joined ##java [02:57]
DammitJim do you guys have a link with info about when openjdk 8 is EOL? I think oracle java 8 for business ended 01.2019 [02:58]
yawkat still free [02:59]
yawkat Java Is Still Free - https://docs.google.com/document/d/1nFGazvrCvHMZJgFstlbzoHjpAVwv5DEdnaBr_5pKuHo/edit?usp=sharing is a document, worked on by many Java Champions, outlining the options for JDK/Java going forwards. [02:59]
Addax DammitJim: Java 8 is ALREADY EOL [03:00]
Addax if you pay oracle for support it's still viable [03:00]
skunnard Which web frameworks are still popular? I don't see much jaxrs recently, which I find disappointing, because it was a standard. [03:00]
Addax skunnard: really? It's pretty much all people do in java [03:01]
Addax web frameworks [03:01]
Addax Popular web frameworks: Dropwizard, Struts 2, Spring Boot, Stripes, Wicket, and Spark. Ask me about each for more info. Ask me about 'other web frameworks' for exotic choices that are not recommended. [03:01]
DammitJim oh ok... provided by anyone, right? [03:01]
Addax note that dropwizard, spring boot, quarkus all use... jax-rs [03:01]
DammitJim I think I got confused by an article about a company that will support it 'til 2013 [03:01]
skunnard Spring boot doesn't use jaxrs by default though? [03:01]
Addax DammitJim: what, now? [03:01]
Addax skunnard: jax-rs is just a spec [03:02]
Addax ... I think. hmm. Anyway, it doesn't matter. [03:02]
DammitJim nevermind... not relevant for this channel [03:02]
skunnard Yes, with implementations. Spring boot uses its own annotations [03:02]
Sheilong [Sheilong!uid293653@gateway/web/irccloud.com/x-qsdyozepjyuakxev] has joined ##java [03:03]
skunnard DammitJim it seems relevant [03:03]
DammitJim https://blog.payara.fish/openjdk-support [03:04]
DammitJim DammitJim's title: "OpenJDK Support - What You Need to Know?" [03:04]
DammitJim that's what I read [03:04]
DammitJim not a good article for me since I don't use payara [03:04]
skunnard Addax: "it doesn't matter" seems a strange response to a question. [03:05]
Addax DammitJim: uh, that article refers to payara only at the end [03:05]
DammitJim right [03:05]
DammitJim I misread it [03:05]
Addax skunnard: I was saying it didn't matter if jax-rs was only a spec or not [03:06]
Addax one way or the other, what jax-rs does is still very common and very much in use [03:06]
Gazooo [Gazooo!~Gazooo@142.196.183.136] has joined ##java [03:07]
skunnard jersey and resteasy implement jax-rs, but spring boot uses proprietary annotations. I don't see much evidence that jax-rs is still much in use, and was wondering if everybody had given up on the idea of a standard implementation. [03:08]
Addax let's go with "no" [03:08]
Addax I mean, there are multiple implementations, they work, everyone wins [03:08]
DammitJim the part where I get confused from that document is that I don't know when EOL for 11 is [03:09]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [03:09]
DammitJim or are we saying that that's up to the openjdk provider? i.e. Ubuntu.. [03:09]
Addax DammitJim: https://www.oracle.com/technetwork/java/java-se-support-roadmap.html (september 2023 for oracle) [03:09]
skunnard Spring Boot apps are not jax-rs, so I'm hesitant to accept your answer. Doesn't dropwizard use jersey? [03:09]
Addax but it is up to the openjdk provider [03:10]
Addax skunnard: it does [03:10]
Addax but I still don't think the implementation matters much [03:10]
skunnard You need an implementation [03:11]
Addax yes, I know [03:11]
DammitJim so, 11 is 09/2023? [03:11]
skunnard Sounds right. It has long term support [03:11]
DammitJim ok [03:11]
Addax and dropwizard and spring boot provide one for you, and java ee containers (or "jakarta ee" containers) do too [03:11]
DammitJim and it doesn't matter if it is oracle-java-11 or openjdk-11-jdk, right? [03:12]
Addax DammitJim: oracle supports oracle java, not necessarily the openjdk releases [03:12]
skunnard well good to hear people are still using jax-rs. It seems like all I have seen is spring boot recently. [03:12]
Shoe0nHead [Shoe0nHead!uid204639@gateway/web/irccloud.com/x-ntlemvznwposlzkj] has joined ##java [03:13]
skunnard That and vert.x, strangely enough [03:13]
Addax well, spring boot's pretty good, so is vert.x [03:13]
skunnard I thought vert.x seemed a bit crap. [03:14]
Addax shrugs. Okay. [03:14]
deavmi [deavmi!~deavmi@41.164.24.82] has joined ##java [03:15]
deavmiUniversity [deavmiUniversity!~deavmi@41.164.24.82] has joined ##java [03:15]
skunnard Yes, and it seems to slow down when it doesn't get full run of all the allocated resources. [03:16]
Addax I don't know what that means offhand [03:17]
skunnard It looks at how many cores it is running on, and it seems to slow down a lot when other processes are running on those cores [03:18]
Addax would that not be logical? "I'm trying to use core #3, but core #3 is busy, so for some reason I don't have 100% of core 3"? [03:19]
freeone3000 that's uh. yes, that's how time-based multiplexing works. [03:19]
skunnard Quite possibly I am wrong, but it seems odd not to let the JVM do the multiplexing. [03:19]
Addax the JVM still has to defer to the OS... [03:19]
skunnard Great [03:20]
skunnard But let's not do it at the application layer? [03:20]
Addax I'm not sure what you mean, again [03:20]
skunnard Let the OS allocate threads, not Java code. The OS is smarter, [03:21]
Addax I... don't think we're ... talking about the same things. The OS is smarter, yes, and the JVM doesn't allocate threads, it uses them as issued by the OS. [03:21]
skunnard I was under the impression that vert.x counts how many cores are allocated and then implements some kind of -- do you call them "green threads"? [03:22]
Addax anyway, if vert.x didn't work well for you, don't use it? [03:22]
skunnard That's your advice. [03:22]
Addax I don't know what vert.x does behind the scenes, but nobody and nothing uses green threads voluntarily [03:23]
skunnard I may be using the wrong term. [03:23]
[rg] whats vert.x ? [03:23]
Addax Kirk Pepperdine likes vert.x, and I can pretty much guarantee that if there were a core problem like green threads - thread management at the JVM level - he wouldn't [03:23]
[rg] why not rxjava? [03:23]
Addax ert.x [03:23]
Addax vert.x [03:23]
Addax Vert.x is a lightweight, high performance application platform for the JVM that's designed for modern mobile web, and enterprise applications. It is largely designed around reactive principles, and is generally well-regarded (although apparently "be careful with insecure password hashes" according to one user.) See https://vertx.io for more details. [03:23]
skunnard [rg]: I'll check it out [03:23]
Addax I trust kirk's judgement over my own, and I'm an arrogant bastard sometimes [03:24]
skunnard Who is kirk? What is his judgement? [03:24]
[rg] beware, it makes great use of java's functional side [03:24]
[rg] and its confusing [03:24]
lithium [lithium!~lithium@unaffiliated/lithium] has joined ##java [03:25]
Addax kirk pepperdine? <-- kirk [03:25]
Addax pretty well-known java performance guru [03:25]
Addax he likes vert.x, so I have a feeling vert.x in and of itself is pretty capable [03:26]
Addax but since I don't use it myself, I can't say what I think of it [03:26]
skunnard oh, ok. Maybe it was configured wrong, or I was wrong, I'll take a look at his blog. [03:26]
Socoro [Socoro!~martyix@109.183.7.106] has joined ##java [03:27]
[rg] you know tech like this always list large companies at the bottom but, then it gets picked up by us, not a large company [03:28]
[rg] like someones trying to get kubernetes set up here lol [03:28]
skunnard One more thing: Something gave me the impression vert.x was optimised for non-blocking code (I know there is executeBlocking). This makes it questionable for I/O stuff surely. [03:28]
[rg] how is it questionable if nonblocking? [03:29]
Addax skunnard: that's... actually supposed to make it BETTER [03:29]
Addax since the I/O wouldn't block everything, just the I/O operations [03:29]
skunnard fair [03:30]
ericek111 [ericek111!~ericek111@109-230-55-69.dynamic.orange.sk] has joined ##java [03:30]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [03:30]
skunnard I don't know how a framework which first counts the number of cores available will be optimal on k8s [03:31]
dez [dez!uid92154@fedora/deSouza] has joined ##java [03:31]
[rg] is confused [03:32]
dj_pi [dj_pi!~dj_pi@d4-50-214-166.col.wideopenwest.com] has joined ##java [03:34]
esro [esro!~esro@user119-167.otvarta.com.pl] has joined ##java [03:34]
[rg] Addax: you do performance stuff ? [03:35]
skunnard I think what makes me nervous about the execute blocking is java has to go and find another thread on which to execute the task. It sounds better to use fewer threads, hence my reservation about executeBlocking. [03:36]
skunnard Especially when everything you want to do ends up being an executeBlocking [03:36]
Addax [rg]: On occasion. [03:36]
[rg] Addax: how did you get there if you don't mind (what books) ? [03:37]
Addax [rg]: books? [03:37]
[rg] yeah [03:37]
[rg] technical literature [03:38]
[rg] papers [03:38]
skunnard And then all that nested code you see that gets committed [03:38]
[rg] etc [03:38]
Addax I dunno, reason and experience and the right people to know, I guess [03:38]
Addax and the latter is some parts effort and some parts luck [03:38]
[twisti] the years in this channel probably taught me more about java than any book or course or paper ive ever consumed [03:38]
[twisti] mostly through links, partially through well educated discussions and nerd fights [03:39]
Addax [twisti]: sure [03:39]
Addax [twisti]: I just fell in with smart people early, I think, along with a willingness to be wrong [03:40]
Addax It's a good way to stay humble :) [03:41]
[rg] not a problem for me since I'm dumb lol [03:42]
[rg] well, I'll be sticking around them :) [03:42]
Addax Well, I've abandoned really good jobs because I was tired of feeling like I was the smartest person in the company (dunno if I was, but by golly I felt like it) [03:42]
[rg] good pay or good job? theres a difference :P [03:43]
triad [triad!~quassel@unaffiliated/triad] has joined ##java [03:43]
Addax yes [03:43]
[rg] I guess you wanted challenging work? [03:43]
Addax I wanted to keep learning [03:43]
[rg] cool [03:43]
deavmi [deavmi!~deavmi@41.164.24.82] has joined ##java [03:43]
Addax probably not the best career move, but... eh, it happens [03:44]
Addax I think it ruined the section of the company I worked for, though :( [03:44]
freeone3000 vert.x uses actors on a "vertical" which is a Java-provided thread. it's similar to RxJava or to Stream.parallel() [03:44]
[rg] what makes java java? I may have asked before [03:44]
Addax what do you mean? [03:45]
[rg] but what if someone forked it [03:45]
freeone3000 or, AWT, for that matter, although awt uses one "vertical". It's not green-threading, since it's event-dispatch-handler, but you have to keep in mind that you need to keep the dang thread clear. [03:45]
[rg] and started from an older standard [03:45]
Addax to be able to be called "java" it has to pass the compatibility kit [03:45]
Addax if it passes the TCK for 1.4, then great, it's java 1.4 [03:45]
freeone3000 Good luck getting a TCK for anything other than JDK12. [03:45]
Addax and yes :) [03:45]
[rg] interesting [03:45]
Addax freeone3000: hrm. I'd think 11 would be available too, no? [03:46]
[rg] what do ya mean good luck? [03:46]
[rg] because of oracle? [03:46]
Jantz [Jantz!~IceChat9@2407:7000:8d04:100:194a:6964:2af5:7973] has joined ##java [03:46]
freeone3000 Addax: Not that I can find. [03:47]
Addax hmm, interesting [03:47]
freeone3000 [rg]: 1.2-8 are literally unavailable. The procedure for getting access to 9-10 (possibly 11?) involves emailing Oracle and asking pretty please. [03:47]
[rg] damn [03:48]
[rg] lol [03:48]
Maldivia https://openjdk.java.net/groups/conformance/JckAccess/jck-access.html [03:48]
Maldivia Maldivia's title: "OCTLA Signatories List" [03:48]
freeone3000 With JDK12, the TCK's open source and freely available, so only 10 years after Java's been open-sourced we can finally make source code changes and call the result Java. (Yes, I know OpenJDK based stuff isa vailable, but...) [03:48]
Addax was thinking 11 should be available because 11's LTS [03:48]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [03:48]
Maldivia sorry, https://openjdk.java.net/groups/conformance/JckAccess/ was the link :D [03:48]
Maldivia Maldivia's title: "Gaining Access to the JCK" [03:48]
freeone3000 Although the first is also indicative of what types of people get access. [03:48]
Addax only the best people! [03:49]
[rg] night fellas [03:49]
cliluw [cliluw!~cliluw@unaffiliated/cliluw] has joined ##java [03:51]
Maldivia "freeone3000> With JDK12, the TCK's open source and freely available" <-- where? [03:51]
freeone3000 Or they've sworn, at least. [03:52]
Addax but did they pinky swear... [03:52]
freeone3000 We've got the *EE* TCK, that's with the mainline Jarkata EE sources. [03:52]
Maldivia that's completely different though [03:52]
freeone3000 Yeah. Oracle promised, but it looks like it hasn't actually followed through with JDK12 SE. [03:54]
freeone3000 Oh well. I suppose being based on a secret spec is fine. [03:54]
Maldivia where did you find that the JCK would be open-sourced? that's news to me [03:55]
Addax maybe it helps prevent randos on IRC from forking java.... [03:55]
Maldivia apparently JCK6 is available: https://download.java.net/jck/ [03:56]
Maldivia ... or not, download link 404s [03:57]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [03:57]
sameerynho [sameerynho!~lxsameer@unaffiliated/lxsameer] has joined ##java [03:58]
freeone3000 Addax: I don't think that's really in the open-source spirit there. [03:58]
Addax grins [03:59]
wisey [wisey!~wisey@79-73-80-105.dynamic.dsl.as9105.com] has joined ##java [04:01]
Addax freeone3000: I still resent MS with J++ [04:01]
Addax which I blame for Sun's immediate paranoia WRT java [04:01]
erikbrocko [erikbrocko!~ericek111@109-230-55-69.dynamic.orange.sk] has joined ##java [04:03]
penthief YouTube has a video of Bill Gates' deposition about that -- I think it is about that. [04:04]
penthief MS anti-competition and Java [04:05]
Addax From MS' standpoint it made perfect sense [04:06]
lucid-lullaby [lucid-lullaby!lucid-lull@gateway/vpn/privateinternetaccess/lucid-lullaby] has joined ##java [04:06]
beStKodErEveR [beStKodErEveR!~dannyD@h-5-150-218-149.NA.cust.bahnhof.se] has joined ##java [04:07]
freeone3000 Addax: Yeah, with C# it's just not called java. [04:09]
freeone3000 Thankfully ISO/IEMC have no trademarks on C++, at least three other things would need to be renamed [04:10]
Addax well, C# is also now a fundamentally different language... and having a monolithic definition of what java is is useful [04:10]
waz [waz!~waz@pdpc/supporter/active/waz] has joined ##java [04:10]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [04:10]
freeone3000 Oh right, because keeping track of C++ versus WInAPI C versus C++/Wx versus C++/CLR versus C++/RT is *so hard* [04:10]
neonpastor [neonpastor!~admin@ns3852652.ip-145-239-0.eu] has joined ##java [04:10]
Addax this sounds like a different conversation than the one I'm actually having :) [04:11]
Kestrel-029 [Kestrel-029!~Nicmavr@unaffiliated/nicmavr] has joined ##java [04:11]
freeone3000 Oh, well, yeah, but like, the name is distinct. Nobody's confusing VB.NET with VB or with Commodore BASIC. [04:13]
conan [conan!~conan@mdproctor.plus.com] has joined ##java [04:13]
freeone3000 Nobody thinks Visual Pascal is cross-compatible with Delphi. Nobody thinks Visual COBOL will run on a System/360. [04:13]
Addax sure... but J++ was close enough branding with java to obscure the market, esp when marketed by MS over Sun [04:13]
Addax I mean, maybe not, but I remember at the time there was very much the question [04:14]
surial Huh. So, we have this idea of how to solve the problem underlying commonly requested lombok feature (and that solution is _NOT_ a lombok annotation, but something else; something beyond what lombok tries to do), so we usually answer something along the lines of: We won't build that, but if you will, we'll help you out and cheerlead your efforts. So now we get a mail with "I'd like to take you up on your offer". Soooo, do I now [04:14]
surial buy some pom-poms, or.... ? [04:14]
Addax surial: yes. [04:14]
Addax Is this the field name thing? [04:15]
surial No, chained builders. [04:15]
Addax oh [04:15]
surial You know the trick probably. Given a builder pattern with, say, 8 parameters, 3 of which are optional, create 1 builder and 6 interfaces, where the builder implements them all. [04:15]
Addax yeah [04:16]
surial The first interface has only the first mandatory parameter as method. It returns the second interface, which has only the second mandatory. The 5th returns the final interface which has all the optionals AND the build() call. That. [04:16]
surial We think what that is trying to accomplish is nice and all, but for fuck's sake that's a shitload of types. [04:16]
Addax it's kinda gross in practice [04:16]
freeone3000 Type-safe chained builders? Interesting. [04:17]
freeone3000 order matters so that helps, but yikes. [04:17]
surial and the real solution is to mark mandatories as mandatory, optionals as optional, and 'can call multiple times' (@Singular stuff) as 'can be called more than once', and then have an IDE plugin that renders the mandatories in bold, the optionals (and can-call-more-than-onces) as normal, the already-called-stuff (unless can-call-more-than-once) in grey, and the build in grey unless you've hit all the mandatories, then normal. [04:17]
surial .. and generate warnings if you appear to mess up by e.g. calling build() before setting all the mandatories. [04:17]
Addax and for something that the first run would probably expose as an error if done incorrectly... meh [04:17]
surial so then just auto-complete, and if there's bold stuff, do that, if there isn't, yay, you can call build now. [04:18]
freeone3000 (I was about to suggest "Why not just use a method with default parameters that accepts kv-args?" then I realized this is Java, not Kotlin) [04:18]
surial Addax: exactly. This is more about guidance whilst programming than attempting to catch errors. [04:18]
surial and given that it is about guidance... let's GUIDE. [04:18]
surial freeone3000: I'd say building an IDE plugin is less effort than replacing your entire goddamn codebase with something that isn't even C-syntax. [04:19]
AtomicLong [AtomicLong!~AtomicLon@p2E5454C6.dip0.t-ipconnect.de] has joined ##java [04:19]
surial but apparently some in this channel feel just up and moving on over to kotlinifying it all is the right move. Let's posit that such a change is probably beyond the scope of reasoned debate. [04:19]
freeone3000 You wouldn't need to do it all, just that one class. [04:19]
deavmi [deavmi!~deavmi@41.164.24.82] has joined ##java [04:20]
Addax it's still a good move, though :) [04:20]
surial one advantage of the IDE approach is that if the IDE can definitely ascertain that it doesn't have a chance, that it can just back off and render it ALL normal-style, or do as much as it can. For example, if you write a method that receives a builder, there's no way to know which mandatory stuff has already been filled in. So, considering ANY of it mandatory would be wrong. All you can really do here is to render in grey [04:20]
surial anything that is not marked 'multiple-times-makes-sense', which you already called. [04:20]
surial freeone3000: no, you'd have to kotlinize all callers. [04:20]
Addax no, you wouldn't [04:21]
surial #buthow [04:21]
Addax I mean, in some cases, yeah [04:21]
freeone3000 @JvmOverloads allows you to specify a few functions to expose to Java with equivilant signatures. [04:21]
surial This is impossible in vanilla java. Kotlin isn't harry potter. [04:21]
Addax for default method values, kotlin will generate overloaded method names for you so java can call the methods [04:21]
surial which does jack fuck all for builders, no? [04:21]
surial Unless you're telling me kotlin does the 'yay lets make 48 types for you' thing, which would be bad. [04:22]
freeone3000 You likely wouldn't need a builder. [04:22]
surial of course you do. [04:22]
surial the point of... christ. [04:22]
surial do you guys even program in your day to day.. nevermind. [04:22]
Addax yes, why yes I do! [04:22]
freeone3000 ocassionally! [04:22]
surial The point of builders is to write readable code. If I have a method with sig: "void foo(String firstName, LocalDate dateOfBirth, String lastName, LocalDate dateOfEnrollment)" [04:23]
surial And I call it with foo("Jane", "Thomas", LocalDate.of(2018, 1, 1), LocalDate.of(1980, 1, 5)).. [04:23]
surial is that Jane Thomas or is it Thomas Jane, and did I fuck up the ordering of those dates, or is it right? [04:23]
Addax you can certainly do builders and dsls in kotlin [04:24]
sonOfRa Time for semantic Types! [04:24]
freeone3000 well, in IDEA, that shows up as: foo(firstName: "Jane", dateOfBirth: (red) "Thomas", lastName: LocalDate.of(2018, 1, 1), dateOfEnrollment: LocalDate.of(1980, 1, 5)) [04:24]
sonOfRa public class FirstName{ private String name; } [04:24]
surial If I call Foo.builder().firstName("Jane").lastName("Thomas").dateOfBirth(...).build(), there's no question. It's a hack to get named parameters. [04:24]
surial yes, or if you turn that on in eclipse. [04:24]
freeone3000 but you're right, only if that shows up if you use literals instead of variable names, and it's pretty easy to get variable names transposed. [04:24]
surial Which helps a little bit. Not so much in your git diff. [04:24]
freeone3000 (shows up in git diffs in IDEA too!) [04:25]
surial I wonder if the eclipse feature works in diff views. Probably. But that's kind of the point: IDEs can _SOLVE_ this. [04:25]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [04:25]
freeone3000 I mean I'm not even convinced it's a problem that should be solved at the type stage - I'd reach for a stateful builder first. [04:26]
freeone3000 valiating builder? whatever that's called. [04:26]
surial I'm convined it should NOT be solved at the type stage :P [04:26]
surial 'fuck it, TYPE SYSTEM RAAAH!!!' is the warrior cry of scala fanbois and the like. [04:26]
Nicmavr [Nicmavr!~Nicmavr@unaffiliated/nicmavr] has joined ##java [04:26]
Addax freeone3000: he's trying to get me to commit to his side, with "that's what scala does" [04:27]
freeone3000 If types weren't so heavy, I'd agree. in F# I'd do it with types. [04:27]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [04:27]
freeone3000 but F# types are... not Java types. [04:27]
surial I'm more of the 'solve it in whatever way fucks up my language the least, leads to clean error messages, and the best possible interface whilst I code and do things like check diffs'. I get the point that having a type system powerhouse language lets you on-the-fly build lots of stuff that gets halfway there in the form of compiler errors if you get it wrong, but it's rarely the best take on solving a problem. [04:27]
surial Addax: aw, I really thought this gambit was going to work instantly. [04:27]
Addax surial: It almost did, had to catch myself [04:28]
troulouliou_div2 [troulouliou_div2!~troulouli@unaffiliated/troulouliou-div2/x-0271439] has joined ##java [04:42]
rruizt [rruizt!~rruizt@83-84-23-124.cable.dynamic.v4.ziggo.nl] has joined ##java [04:43]
ianrobot parted the channel: [04:45]
immibis [immibis!~immibis@222-153-253-249-fibre.sparkbb.co.nz] has joined ##java [04:48]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [04:49]
AtomicLong [AtomicLong!~AtomicLon@p2E5454C6.dip0.t-ipconnect.de] has joined ##java [04:55]
pmercado [pmercado!~pmercado@190-22-228-216.baf.movistar.cl] has joined ##java [04:57]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [05:03]
ztychr [ztychr!ztychr@gateway/vpn/privateinternetaccess/ztychr] has joined ##java [05:09]
wisey [wisey!~wisey@79-73-80-105.dynamic.dsl.as9105.com] has joined ##java [05:16]
surial ... a lombok contibution which is voodoo fucking magic. [05:20]
surial Makes val better by doing something I barely understand. Well, awesome. [05:20]
arcsin_ [arcsin_!~alureon@unaffiliated/proxa] has joined ##java [05:22]
surial val x = someBoolean ? (Runnable) () -> System.out.println("HELLO") : System.out::println; -- now works. [05:24]
Nicmavr [Nicmavr!~Nicmavr@unaffiliated/nicmavr] has joined ##java [05:26]
indistylo [indistylo!~aruns_@106.51.25.10] has joined ##java [05:30]
Addax ... but ... what's... oh, x becomes a lambda? [05:35]
troulouliou_div2 [troulouliou_div2!~troulouli@unaffiliated/troulouliou-div2/x-0271439] has joined ##java [05:35]
surial Addax: Runnable in this case. The trick is in the RHS (after the colon): javac/ecj need to know what FunctionalInterface to target-type System.out::println into. [05:35]
surial Normally it'll take a cue from the type on the LHS, but it's 'val' so that's no help. [05:35]
Addax *nod* [05:36]
surial now it needs to conclude: Well, the LHS is definitely a Runnable, so I guess that's the only reasonable thing to attempt to target type with. Let's see if it works! [05:36]
surial java10's var gets it right, seemed reasonable to try to get lombok's val in line, but, that wasn't exactly easy so I abandoned the effort, and then a PR shows up with: I fixed this stuff [05:36]
Addax hahaha [05:36]
Addax users ++ [05:37]
Addax users has a karma level of 1, Addax [05:37]
surial The impl is mostly: 'if compilation crashes, check if its a conditional, if so, get the LHS type, re-attrib the RHS using that as target type, and if it works, scrub the error from the array of errors, check if there are now no errors left and if so clear the error flag and truck on'. [05:37]
surial which is fucking nuts, but I've been trying to make this blow up in my face for the past 40 minutes and I can't do it, so, in it goes. [05:37]
surial fwiw, only ecj needed this treatment, javac was easier. [05:38]
Addax that's kinda cool :) [05:38]
troulouliou_div2 [troulouliou_div2!~troulouli@unaffiliated/troulouliou-div2/x-0271439] has joined ##java [05:38]
wisey [wisey!~wisey@79-73-80-105.dynamic.dsl.as9105.com] has joined ##java [05:43]