• cheeser
  • ernimril
  • joed
  • kinabalu
  • lunk
  • ojacobson
  • r0bby
  • ThaDon
  • ricky_clarkson
  • topriddy

« 2019-06-19


2019-06-21 »

Nick Message Date
Goplat [Goplat!~Goplat@reactos/developer/Goplat] has joined ##java [12:01]
Janhouse [Janhouse!] has joined ##java [12:05]
RedSoxFan07 [RedSoxFan07!] has joined ##java [12:13]
veegee [veegee!] has joined ##java [12:22]
DiabloD3 [DiabloD3!] has joined ##java [12:30]
top^ [top^!~prashant@] has joined ##java [12:33]
djhworld [djhworld!~djhworld@] has joined ##java [12:39]
Diablo-D3 [Diablo-D3!] has joined ##java [12:41]
g00s [g00s!~g00s@unaffiliated/g00s] has joined ##java [12:43]
Diablo-D3 [Diablo-D3!] has joined ##java [12:51]
led_dark_1 [led_dark_1!~Thunderbi@] has joined ##java [01:04]
sauvin [sauvin!sauvin@about/linux/staff/sauvin] has joined ##java [01:06]
sameerynho [sameerynho!~lxsameer@unaffiliated/lxsameer] has joined ##java [01:08]
exmortus [exmortus!darkstarde@gateway/vpn/privateinternetaccess/darkstardevx] has joined ##java [01:12]
rudrab [rudrab!~rudrab@] has joined ##java [01:21]
Chuguniy [Chuguniy!~Chuguniy@] has joined ##java [01:27]
immibis [immibis!] has joined ##java [01:31]
OnceMe [OnceMe!~OnceMe@unaffiliated/onceme] has joined ##java [01:42]
kn0bl3 [kn0bl3!~kn0bl3@gateway/tor-sasl/kn0bl3] has joined ##java [01:43]
g00s [g00s!~g00s@unaffiliated/g00s] has joined ##java [01:43]
palasso [palasso!~palasso@unaffiliated/palasso] has joined ##java [01:44]
null1337 [null1337!~WhoAmI@] has joined ##java [01:45]
rudrab [rudrab!~rudrab@] has joined ##java [01:56]
rudrab [rudrab!~rudrab@] has joined ##java [01:57]
AMcBain [AMcBain!] has joined ##java [01:57]
kn0bl3_ [kn0bl3_!~kn0bl3@gateway/tor-sasl/kn0bl3] has joined ##java [01:59]
Diablo-D3 [Diablo-D3!] has joined ##java [02:00]
Zee- [Zee-!~Zee-@] has joined ##java [02:16]
Muzer [Muzer!] has joined ##java [02:17]
null1337 [null1337!] has joined ##java [02:26]
Muzer [Muzer!] has joined ##java [02:41]
Matthijs [Matthijs!~quassel@unaffiliated/matthijs] has joined ##java [02:53]
g00s [g00s!~g00s@unaffiliated/g00s] has joined ##java [02:56]
ravenousmoose [ravenousmoose!~ravenousm@] has joined ##java [03:17]
indistylo [indistylo!~aruns_@] has joined ##java [03:21]
progart [progart!~kamee@] has joined ##java [03:26]
null1337 [null1337!] has joined ##java [03:26]
indistylo [indistylo!~aruns_@] has joined ##java [03:27]
AMcBain [AMcBain!] has joined ##java [03:30]
Secret-Fire [Secret-Fire!] has joined ##java [03:45]
sbalmos [sbalmos!~sbalmos@2605:a000:1304:8078:8d69:9fa4:e381:2af4] has joined ##java [03:50]
exonity01 [exonity01!uid364582@gateway/web/] has joined ##java [03:51]
xa0s_ [xa0s_!] has joined ##java [03:53]
yawkat now that i think about it further, what actually *is* the suggested crypto_secretbox "replacement" using only the java stdlib? [03:53]
sonOfRa I'd go with GCM, Random nonce, and prepend. [03:54]
adder` [adder`!~adder@gateway/tor-sasl/adder] has joined ##java [03:54]
sonOfRa Also eating my words right now, I expected a much worse response (if jsondb is what we're talking about) [03:55]
yawkat oh yea, i forgot about gcm. [03:55]
yawkat same [03:55]
yawkat my suggestion would have been AES-CTR, no padding, + HMAC-SHA256, but then you get a key derivation mess [03:55]
yawkat let me see how gcm is used in java [03:55]
yawkat looks secure [03:58]
sonOfRa yeah I was looking at that as well [03:58]
surial Given: @FunctionalInterface interface NumberProcessor<T extends Number> { int process(T in); }.... and an impl: go((Integer x) -> 5);. Is there any way for the go method to figure out that the passed-in lambda explicitly picked 'Integer' as bound for T there> [03:59]
surial yawkat: yeah was not expecting 'oh fuck yeah my bad will fix thx'. as response to this one. [04:00]
yawkat surial: well, it's erased, but you can find out with some black magic i believe [04:00]
Chewtoy [Chewtoy!~Chewtoy@unaffiliated/chewtoy] has joined ##java [04:00]
surial yawkat: well, tell me the black magic. [04:00]
surial I tried passedInLambda.getClass().getMethods() but it's just 'Number' from there, even though pIL.getClass().toString() is voodoo$blahblah/LAMBDA$0... [04:01]
yawkat surial: you could make the interface serializable and look at the serialized form. you could also introspect the generated bytecode, i believe [04:01]
surial kinda ran out of black magic options from there. I also tried a public default Class<T> get() { this.getClass().getGenericInterfaces().... } line, but the generic interface is just the raw interface (as in, I get an array with 1 element in it, and that element's type is j.l.Class. [04:02]
surial yawkat: oh, okay, real fucking voodoo you meant. A'ight. [04:02]
surial Perhaps that's going a little far. I already found calling .getClass() on a lambda distasteful, but I guess making it serializable and actually serializing the damn thing, that's beyond distasteful and into the 'I dont care how much uglier the API becomes.. do NOT go there'. [04:03]
surial yawkat: you're crafting an answer to @FarooqKhan I assume? [04:03]
Jantz [Jantz!~IceChat9@2407:7000:8d04:100:ad7c:76b6:43fd:10e4] has joined ##java [04:04]
surial fun fact: Trying to google for what 'EAV' means is fuckign impossible. [04:04]
Me4502 [Me4502!~Me4502@unaffiliated/me4502] has joined ##java [04:05]
yawkat this is my answer: [04:05]
yawkat yawkat's title: "Insecure default cipher Issue #19 Jsondb/jsondb-core GitHub" [04:05]
yawkat surial: IND-EAV is indistinguishability under an eavesdropper. i.e., an attacker may pick two plaintexts and gets a ciphertext back, and must decide which plaintext was encrypted. [04:06]
surial EAVesdropper. I see. [04:07]
sonOfRa yawkat: Might want to add something about them having to store the nonce; some format like b64'nonce:b64'ciphertext [04:07]
sonOfRa And then split the b64 messes on :, extract both sides, and start the decryption. This kind of thing is often not obvious, which is the *reason* why people reuse static fixed nonces [04:07]
surial The problem is the API. [04:08]
surial The API is 'pass in a key and some text to encrypt'. [04:08]
surial Well, no, okay, you can make this work: Return some formatted concept which includes both an IV and the resulting ciphertext. [04:09]
surial then the API 'pass in a key and some output of the encrypt function and I will decrypt it' can also be written. [04:09]
surial The API here is 'String encrypt(String plainText)' on an object that is created however you like, but this specific impl requires an encryptionKey and charset. The returned string is a base64-encoded array. Thus, you have the flexibility to include an IV in there too. [04:11]
surial presumably the returned data can be any length and the only rule is: If you feed that string to the 'decrypt' method it should 'just work' and get you your original text back. [04:11]
acidjnk [acidjnk!] has joined ##java [04:12]
surial yawkat: the above would require a bit of a rejigger on how this method works; right now it initializes the ciper in the constructor. That must be removed; instead, the constructor should just store the key and that's that. The encrypt method crafts a new cipher, a new key, randoms up an IV, encrypts the input data, constructs a byte array combining the randomed IV and the result of the cipher run, base64s that, and returns that. [04:13]
surial yawkat: that takes care of the IV. Next was that AEAD thing.. how did that go? [04:13]
surial s/crafts a new cipher, a new key/constructs a new Cipher object, can re-use the SecretKeySpec created in the constructor,/ [04:13]
sonOfRa There's no additional data here, so a doFinal(completeInput) is sufficient [04:14]
surial yawkat, sonOfRa: The only other change you are advicing is to rip out CBC and replace it with GCM, right? Security wise all that does is prevent padding oracle attacks but that's a win. Am I missing anything else? [04:15]
sonOfRa You also abort decryption if the ciphertext was tampered with [04:15]
surial Does java11 ship with GCM built in? [04:16]
sonOfRa That is, there is a decryption error if the tag doesn't match the ciphertext [04:16]
sonOfRa Java 8 does [04:16]
sonOfRa So probably yes [04:16]
surial great. [04:16]
sonOfRa surial: basically if I flip a few bits in the ciphertext with the current construction, it will happily decrypt and yield garbage plaintext [04:16]
surial Okay, so, GCM output is larger than? [04:16]
surial s/than/then? [04:16]
sonOfRa If I flip some bits in GCM, without knowing the secret key, I can't flip the appropriate bits in the tag. Encryption will fail [04:17]
surial pigeon hole principle dictates that if the output is as large as the input is (excluding padding shenanigans, assume input is aligned), then it is impossible to detect either the wrong key or garbage ciphertext. [04:17]
surial so, either what you're saying is mathematically impossible, or, GCM output is larger than the input. which is fine, of ocurse. Just checking. [04:17]
sonOfRa Yes [04:18]
toytoy [toytoy!~toytoy@unaffiliated/t0yt0y] has joined ##java [04:20]
surial forked it, gonna write the update just for some experimenting. [04:20]
sonOfRa yawkat: does one generally use any specific SecureRandom implementation? I've just been using the no-arg constructor, assuming it'd be using /dev/urandom [04:23]
null1337 [null1337!] has joined ##java [04:25]
palasso [palasso!~palasso@unaffiliated/palasso] has joined ##java [04:32]
sonOfRa surial: re: api, interestingly not even libsodium does this for *secret-key-encryption* [04:37]
sonOfRa They do it for hybrid encryption with public keys [04:37]
karab44 [karab44!~karab44@unaffiliated/karab44] has joined ##java [04:39]
sonOfRa oh nevermind I see why; the nonce is not *included*, but in the public-key encryption scheme, it can be derived [04:39]
Jigsy` [Jigsy`!~Jigsy@unaffiliated/jigsy] has joined ##java [04:42]
yawkat sonOfRa: i added "The random nonce can simply be prefixed to the final encrypted message. It does not need to be secret." [04:42]
yawkat as the tag needs to also be predefined-length, i dont see a reason for a more complex format [04:43]
sonOfRa Oh right, it's all fixed-length, so you don't even need a special separator [04:43]
sbalmos1 [sbalmos1!~sbalmos@2605:a000:1304:8078:8d69:9fa4:e381:2af4] has joined ##java [04:45]
ravenousmoose [ravenousmoose!~ravenousm@] has joined ##java [04:47]
nav2002 [nav2002!~nav2002@] has joined ##java [04:48]
zonaut [zonaut!] has joined ##java [04:49]
yawkat sonOfRa: oh re securerandom, i believe the default constructor makes no guarantees re blocking [04:50]
sonOfRa The whole "picks whatever provider has the highest prference" is kinda meh [04:50]
yawkat if you know your target OS, there are native non-blocking prngs, but i think SHA1PRNG is the only cross-platform one [04:50]
sonOfRa supposedly you can ask for "NativePRNGNonBlocking" which *sounds* crossplatform [04:51]
sonOfRa sonOfRa's title: "Standard Algorithm Name Documentation" [04:51]
yawkat oh yea, thats new to java 8. [04:52]
ravenousmoose [ravenousmoose!~ravenousm@] has joined ##java [04:54]
surial yawkat: I'm sending a PR with an update. [04:58]
yawkat surial: how are you doing compatibility? [04:58]
yawkat deprecate the old class and add a new ICipher? [04:58]
surial yawkat: I'm debating which SecureRandom to use. Bouncing between new SecureRandom() which makes no guarantees of any sort but it's always there and it tends to be the 'best' option, or explicitly specifying one to ensure a few things, risking that it's suboptimal and/or not available. [04:58]
surial yawkat: yes. [04:58]
yawkat i think NativePRNGNonBlocking with fallback to SHA1PRNG is safe [04:58]
surial yawkat: I'm naming it DefaultCIpher, because hardcoding the precise mode and algo in the impl is a silly idea if the point of the impl is: "This is the simplest thing that'll work for your average case". [04:59]
yawkat nonce doesnt need to be unpredictable, just unique [04:59]
surial yawkat: So, SecureRandom.getInstance("NativePRNGNonBlocking"), wrapped in a try/catch for NoSuchAlgorithmException, falling back to SecureRandom.getInstance("SHA1PRNG")... [04:59]
yawkat surial: imo, DefaultCipher implies ability to change that impl in the future, though - youd need something like a version tag [04:59]
surial falling back to new SecureRandom? [04:59]
yawkat surial: you shouldnt need to fall back from SHA1PRNG, it's available always [05:00]
sonOfRa I'd argue that SHA1PRNG not being present in the JVM *and* native not being present is like UTF8 not being present [05:00]
minos_ [minos_!] has joined ##java [05:00]
yawkat yea pretty much [05:00]
sonOfRa i.e. this jvm is fucked [05:00]
yawkat @SneakyThrows it :D [05:00]
magz [magz!] has joined ##java [05:01]
sonOfRa I'd fall back to just new SecureRandom() if nonblocking isn't present, I doubt it's a thing that will affect many users [05:01]
yawkat surial: see for example - goodFastHash is not compatible across versions [05:02]
yawkat yawkat's title: "Hashing (Guava: Google Core Libraries for Java 23.0 API)" [05:02]
yawkat they specify the algorithm explicitly for the compatible cases [05:02]
surial yawkat: so, like, 'DefaultCipher1'? [05:03]
yawkat no, i mean a version tag to the ciphertext [05:03]
yawkat i.e. v1.<base64> [05:03]
sonOfRa I *would* name it, for sake of compatibility: They already have a @Secret annotation in their codebase with runtime retention [05:03]
yawkat thatd be the "proper" thing for a "Default" cipher imo [05:03]
sonOfRa @Secret w/o parameter simply uses a default class defined at compile-time, and *with* a parameter uses the defined class [05:04]
progart [progart!~kamee@] has joined ##java [05:12]
royal_screwup21 [royal_screwup21!d98a3b22@gateway/web/cgi-irc/] has joined ##java [05:13]
DrDonkey [DrDonkey!~DrDonkey@unaffiliated/drdonkey] has joined ##java [05:13]
surial yawkat: Cipher.getInstance("AES/GCM/NoPadding", "SunJCE").init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv)) is failing with an invalid iv, where iv is a byte[] of size 12. also tried 16. [05:18]
surial what am I doing wrong? The error is useless. just 'this is no good' and that's all I get. [05:18]
surial notably, if I ask the cipher to make it and then feed it right back to it, same error. [05:18]
surial that sounds more like a bug in SunJCE. [05:18]
yawkat surial: for gcm, you must use GCMParameterSpec [05:18]
surial ohhhh... [05:18]
yawkat 128 bits are a sane value for tag length [05:20]
TheWild [TheWild!] has joined ##java [05:20]
o-bit [o-bit!69150022@gateway/web/freenode/ip.] has joined ##java [05:21]
zonaut parted the channel: "Leaving" [05:25]
sbeex [sbeex!51ddef9a@gateway/web/cgi-irc/] has joined ##java [05:38]
esro [esro!] has joined ##java [05:40]
surial yawkat: review? [05:43]
surial surial's title: "Adding a more secure default cipher by rzwitserloot Pull Request #20 Jsondb/jsondb-core GitHub" [05:43]
surial also improved in passing by ditching the silly locks. [05:45]
surial the bytebuffer bullcrap is to avoid the creation of 1 potentially large (if large input) array, but, really, this API just does not lend itself to performance in the face of larger inputs, so perhaps that was overkill. [05:45]
mayurvpatil [mayurvpatil!~mayurvpat@] has joined ##java [05:46]
Galactus [Galactus!~Galactus@unaffiliated/galactus] has joined ##java [05:46]
yawkat surial: GCMParameterSpec takes the tag length as the first param, for the auth tag, not the iv length [05:47]
yawkat also 128 bit tag *and* nonce would be better if supported [05:47]
surial yawkat: okay so I should just hardcode 128 and 16 bytes resp? [05:48]
yawkat yes, if the jdk supports 16 bytes iv [05:48]
surial crud, I have other work to do that just came up (server on fire).. I can pick this up later, or you make the updates? [05:48]
yawkat i'll leave it as a comment if thats ok - have to do my homework [05:49]
yawkat huh, github has a cool code review feature now. [05:51]
sonOfRa I wonder why AEADBadTagException is a fucking subclass of BadPaddingException [05:59]
sonOfRa That's... pretty stupid [05:59]
rruizt [rruizt!] has joined ##java [05:59]
yawkat presumably because doFinal throws IllegalBlockSizeException, ShortBufferException, BadPaddingException, and they had to add AEADBadTagException somehow [06:02]
sonOfRa Oh I guess it would've broken existing code [06:02]
Addax and couldn't think of a BaseFooException? [06:02]
qwedfg [qwedfg!~qwedfg@] has joined ##java [06:02]
sonOfRa There's GeneralSecurityException [06:03]
sonOfRa But doFinal doesn't explicitly throw that, so they had to extend something that doFinal already explicitly throws in order to not break every single user of that API [06:03]
yawkat thats my guess [06:03]
surial well, it confused me, thought that couldn't happen there. d'oh. [06:04]
sonOfRa The java crypto api in general is just... a fucking mess [06:04]
Vurtatoo [Vurtatoo!] has joined ##java [06:05]
gelignite [gelignite!] has joined ##java [06:05]
sonOfRa surial: I don't think it can happen on *encryption*, but it definitely can happen on decryption [06:05]
surial So, if an AEADBadTagException is thrown, does that mean its the wrong key, or.. that the ciphertext is garbled? [06:08]
yawkat either [06:09]
yawkat with normal encryption, when using the wrong key, you get garbled plaintext, with AEAD, you get an authentication failure [06:10]
surial so, catch (AEAD..) { throw new JsonDBException("Incorrect key for this ciphertext (or ciphertext is corrupted)", e);} [06:10]
surial I quenched the fire :) [06:10]
yawkat yea, or tampered with [06:10]
surial okay, pushed IV_SIZE to 16, edited the tag param from "IV_SIZE*8" to "TAG_SIZE", which is a new constant, value 128. [06:10]
surial anything else? [06:10]
sonOfRa That exception just says: "This combination of ciphertext+tag was not created with this key" [06:11]
sonOfRa It doesn't (and can't) know which is "invalid" [06:11]
yawkat surial: nothing i can see, the guy will have to see about the other changes i guess [06:12]
sonOfRa If it *could* tell, that would be a problem, because that would supply information about the correct key to an attacker [06:12]
surial okay. [06:12]
sonOfRa I haven't found anything else either [06:12]
yawkat if only everyone was on java 11, then wed have chacha20 [06:13]
surial wow, y'all put that on the PR. Well, resolved it all, and added a commit with the updates. [06:13]
yawkat well you said you had stuff to do :P [06:15]
hussam [hussam!uid193284@gateway/web/] has joined ##java [06:18]
Muzer [Muzer!] has joined ##java [06:27]
donotturnoff [donotturnoff!] has joined ##java [06:44]
ogradyd [ogradyd!~Thunderbi@2a02:8070:88bf:9df0:80d2:20d9:8517:b9d6] has joined ##java [06:49]
mayurvpatil [mayurvpatil!~mayurvpat@] has joined ##java [06:52]
VegetarianFalcon [VegetarianFalcon!uid258908@gateway/web/] has joined ##java [07:04]
sbeex good morning, I am learning spring and now at my service layer I would like to throw an UnableToSaveUserException when something wrong occured. BUT as it is annotated with @Transactional spring automagically throw an RollbackException or something like that and do not care about my custom exception [07:05]
sbeex is it a common practice to have every time a method annotated with transaction have a public one without transactional ? [07:06]
sbeex which catch the transactional exception and then rethrow the one we want ? [07:06]
sbeex looks a bit.. hacky [07:06]
sbeex (I try to have ConstraintViolationException throwed as error instead of the Rollbackexception) [07:07]
galgamach [galgamach!~galgamach@2a02:587:a0f:3d00:309c:34fa:12bc:afc6] has joined ##java [07:24]
themsay [themsay!~themsay@] has joined ##java [07:27]
OnceMee [OnceMee!~OnceMe@unaffiliated/onceme] has joined ##java [07:34]
mr_lou [mr_lou!] has joined ##java [07:35]
tardybaker [tardybaker!~onthelawn@unaffiliated/tardybaker] has joined ##java [07:35]
themsay [themsay!~themsay@] has joined ##java [07:36]
pioto [pioto!~pioto@unaffiliated/pioto] has joined ##java [07:39]
omonk [omonk!~omonk@unaffiliated/omonk] has joined ##java [07:43]
Velgor [Velgor!] has joined ##java [07:44]
Jantz [Jantz!~IceChat9@2407:7000:8d04:100:ad7c:76b6:43fd:10e4] has joined ##java [07:46]
pragma- [pragma-!~chaos@unaffiliated/pragmatic-chaos] has joined ##java [08:01]
pragma- lol, only 471 nicks here [08:02]
pragma- make that 470 [08:02]
pragma- parted the channel: "Bye!" [08:02]
srm [srm!~srm@unaffiliated/srm] has joined ##java [08:02]
Muzer [Muzer!] has joined ##java [08:14]
surial yes, 'lol [08:18]
CookieM [CookieM!] has joined ##java [08:18]
toytoy [toytoy!~toytoy@unaffiliated/t0yt0y] has joined ##java [08:20]
duckpuppy [duckpuppy!] has joined ##java [08:22]
odinsbane When I close my swing app from intellij, it clears the clipboard of anything I copied from the swing app. Is this expected behavior? [08:34]
yawkat linux? [08:35]
odinsbane Yes, centos 7 + gnome. [08:35]
yawkat i have the same issue for basically all applications on linux. [08:35]
TheWild [TheWild!] has joined ##java [08:37]
odinsbane I must have only noticed because I constantly restart the app I am working on. [08:38]
yawkat year of the linux desktop [08:41]
Addax hey, don't put down linux, the linux users might hear you [08:43]
yawkat im a linux user, im allowed to [08:44]
odinsbane it's a security feature. [08:44]
omonk [omonk!~omonk@unaffiliated/omonk] has joined ##java [08:47]
donofrio [donofrio!] has joined ##java [08:53]
selckin its how clipboard works, on paste you ask the app for the content, can be in different data formats, can ask for text or images etc, gnome/kde etc usually have clipboard app that "cashes" it etc [08:56]
selckin so not a java thing [08:56]
yawkat selckin++ always wanted to know why. [08:58]
yawkat selckin has a karma level of 95, yawkat [08:58]
conan [conan!] has joined ##java [09:02]
odinsbane In nashorn, you can access java classes via, java.lang.ClassName, can I do that with other packages? [09:12]
odinsbane Otherwise I have to use Java.type("fully.qualified.ClassName"); [09:12]
odinsbane Essentially, I want a package as an object. [09:15]
Addax I am not thinking that is how any of it works [09:17]
cheeser what does even mean? "package as an object?" [09:18]
odinsbane Right, Java is an object that you can use to access java.lang classes. [09:18]
themsay [themsay!~themsay@] has joined ##java [09:21]
odinsbane Sorry, I can access java.lang.Thread by default. I cannot just use Thread though. I can access other packages via ImageProcessor = Java.type("ij.process.ImageProcessor"); it would be convenient if I could just use ij.process.ImageProcessor without using the Java.type. If I print(java) it shows up as a [JavaPackage java] for whatever that's worth. [09:23]
tuskkk____ [tuskkk____!uid18470@gateway/web/] has joined ##java [09:25]
indistylo [indistylo!~aruns_@] has joined ##java [09:26]
HumanG33k [HumanG33k!~HumanG33k@] has joined ##java [09:27]
mindCrime [mindCrime!] has joined ##java [09:28]
matsurago [matsurago!~matsurago@240b:10:b3a1:1700:e835:ad7a:ec6f:cd9e] has joined ##java [09:30]
HumanG33k [HumanG33k!~HumanG33k@] has joined ##java [09:31]
nav2002 [nav2002!~nav2002@] has joined ##java [09:34]
indistylo [indistylo!~aruns_@] has joined ##java [09:43]
plarsen [plarsen!~plarsen@redhat/jboss/pdpc.professional.plarsen] has joined ##java [09:46]
plarsen [plarsen!~plarsen@redhat/jboss/pdpc.professional.plarsen] has joined ##java [09:50]
Human_G33k [Human_G33k!~HumanG33k@] has joined ##java [09:50]
omonk [omonk!~omonk@unaffiliated/omonk] has joined ##java [09:52]
Brainium [Brainium!~brainium@unaffiliated/brainium] has joined ##java [09:56]
hypc1 [hypc1!~Thunderbi@] has joined ##java [10:01]
LearnAllTheTime [LearnAllTheTime!~LearnAllT@2600:1700:e560:21e0:80df:ddfb:691:1872] has joined ##java [10:01]
greggerz [greggerz!~greggerz@unaffiliated/greggerz] has joined ##java [10:11]
LSCody [LSCody!] has joined ##java [10:15]
d10n-work [d10n-work!uid37161@gateway/web/] has joined ##java [10:16]
fotato uh.... [10:16]
fotato fotato's title: "Java Packages and How to import them?" [10:16]
indistylo [indistylo!~aruns_@] has joined ##java [10:17]
surial fotato: odinsbane is talking about nashorn (javascript) [10:17]
odinsbane wow, just knocked out a long standing bug. [10:32]
Zarthus it feels great to fix bugs from like 2010-2015 [10:34]
IRCNew [IRCNew!] has joined ##java [10:34]
dez [dez!uid92154@fedora/deSouza] has joined ##java [10:36]
toytoy [toytoy!~toytoy@unaffiliated/t0yt0y] has joined ##java [10:36]
kegster [kegster!~kegster@unaffiliated/kegster] has joined ##java [10:37]
toytoy [toytoy!~toytoy@unaffiliated/t0yt0y] has joined ##java [10:38]
RedSoxFan07 [RedSoxFan07!] has joined ##java [10:39]
elm_ [elm_!~elm@2a02:1748:dd4d:5880:64a6:117f:e086:9f20] has joined ##java [10:41]
elm_ I want to have an InputStream with custom data fetched and modified from another InputStream [10:42]
elm_ Is there a simple way to do this [10:42]
yawkat netty [10:43]
yawkat yawkat, netty is an effort to provide an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance & high scalability protocol servers & clients. See for info. [10:43]
elm_ I just want to insert/replace one line in a file that is piped to another file [10:43]
yawkat then use a bufferedreader and a loop [10:43]
yawkat easiest way to do it [10:43]
elm_ with a BufferedReader I can read a file linewise [10:44]
elm_ but the output file (size is known) should also be represented by a modified custom InputStream [10:44]
elm_ i.e. create an InputStream of something that is not totally cached in memory [10:45]
odinsbane output file, inputstream? [10:45]
elm_ I would like to do that without creating a file just with network streams [10:46]
indistylo [indistylo!~aruns_@] has joined ##java [10:46]
elm_ the files are Amazon S3 files so I only have an InputStream to write to the target file [10:46]
odinsbane InputStream.write [10:46]
odinsbane odinsbane, what does that even *mean*? [10:46]
odinsbane javadoc InputStream.write [10:46]
odinsbane I have no documentation for InputStream.write [10:46]
odinsbane javadoc OutputStream.write [10:47]
odinsbane I have no documentation for OutputStream.write [10:47]
elm_ that method does not exist [10:47]
odinsbane elm_: right, that is what I am trying to get out. You don't write to an input stream. [10:47]
elm_ I believe you will need to create an own custom InputStream class [10:47]
elm_ the custom InputStream class then reads the primary InputStream as needed and passes on the result (with the inserted line) to the output InputStream [10:48]
odinsbane So you're passing an input stream to some method, and you want "whatever" will be reading that inputstream to read your modified data? [10:48]
elm_ I am not really very confident with Java so I do not know how to do that [10:48]
odinsbane elm_: How big is the file? [10:48]
elm_ yes [10:49]
elm_ it can be quite large [10:49]
elm_ so caching it entirely in memory is not so recommended [10:49]
elm_ some docs on how to derive an own InputStream class would be very helpful [10:50]
odinsbane elm_: There are PipedInputStream and OutputStream. [10:51]
elm_ but they just forward a stream unalteredly [10:52]
elm_ I need to alter the stream [10:52]
elm_ i.e. insert a line [10:52]
odinsbane elm_: You read your file with a reader (that way it understands lines) then your write those bytes to a PipedOutputStream. [10:54]
elm_ aha [10:55]
odinsbane elm_: or check the FilterInputStream [10:55]
jamezp [jamezp!~jamezp@redhat/jboss/jamezp] has joined ##java [10:56]
odinsbane elm_: [10:58]
odinsbane odinsbane's title: "Character Streams (The Java Tutorials > Essential Classes > Basic I/O)" [10:58]
odinsbane actually that looks bad. [10:59]
elm_ It is 100% sure that I need to derive an own class [10:59]
elm_ any output stream (whether PipedOutputStream or not) would deadlock if you write too much into it [10:59]
cheeser not deadlock. block. [11:00]
elm_ I would need a PipedOutputStream subclass that has a method "moredata" [11:00]
elm_ if moredata is called it reads the primary input stream and passes on some bytes to the real InputStream which is the output [11:00]
elm_ so that class which I need to subclass just needs a limited buffer when passing things on [11:01]
elm_ does such a class exist which I could subclass? [11:01]
cheeser reads block, too. so you just read if/when there's data. then write. if the write blocks because the output buffer is full the whole things will just stall until that buffer drains enough. [11:02]
cheeser i think the answer has been stated to be: no [11:02]
odinsbane elm_: There might be something, but I don't know it. You could override read on an input stream, and then in that read method, you consume bytes from your original stream. [11:02]
elm_ no, I just read whenever more data is required [11:02]
elm_ to write the read data alteredly [11:02]
cheeser also doable [11:02]
elm_ ok both versions would work [11:03]
cheeser hell, just subclass some InputStream and override read() [11:03]
cheeser then it'll only read the underlying wrapped IS on demand [11:03]
elm_ so what I would need in that subclassed InputStream is something like a fifo queue I guess [11:04]
elm_ any valuable helper class to implement that? [11:04]
cheeser you could've had this written by now... [11:04]
elm_ ? - no [11:05]
elm_ written what? [11:05]
cheeser "just subclass some InputStream" [11:05]
cheeser this code you need, of course. [11:05]
elm_ I just figuered out how to do that [11:05]
elm_ and that was my description [11:06]
SunStorm [SunStorm!] has joined ##java [11:06]
tang^ [tang^!~tang^@] has joined ##java [11:07]
elm_ any suggestions for the fifo queue which I need inside the InputStream subclass? [11:08]
cheeser ffs [11:08]
cheeser taps out [11:08]
bendem fifo? [11:08]
elm_ necessary operations: enqueue, check fifo length, dequeue [11:08]
cheeser first in, first out [11:08]
elm_ yes [11:09]
bendem I know what fifo means, I don't know why he needs it [11:09]
cheeser "fifo length" isn't a thing. buffer/queue length is [11:09]
cheeser bendem: whew. you had me worried. :) [11:09]
elm_ think about the problem for a moment [11:09]
cheeser i have. i even told you how to implement it. in two different ways. [11:09]
elm_ or call it queue [11:09]
elm_ I will override read [11:09]
elm_ and it will read as much data into the fifo queue as needed to satisfy for the return value of the read methhod [11:10]
elm_ checked? [11:10]
LearnAllTheTime [LearnAllTheTime!~LearnAllT@] has joined ##java [11:10]
elm_ direly needed this fifo queue [11:10]
cheeser you think you do so you refuse to consider other approaches [11:11]
cheeser anyway. i've said my bit. good luck and all that. [11:11]
elm_ what about other approaches [11:11]
elm_ there is no other approach than to override read [11:11]
elm_ so a queue is needed anyway [11:12]
elm_ it does not work in any other way [11:12]
elm_ rethink the problem [11:12]
elm_ and then tell me if there is a queue class [11:12]
cheeser enter [11:12]
cheeser Enter is not punctuation. Please don't press your Enter or Return key until you're finished typing your question, sentence, or idea. It is annoying to see that and hard to follow. [11:12]
cheeser i've given you two approaches. go write some code. [11:12]
odinsbane elm_: here is a skeleton. I'm outta here though. [11:12]
elm_ you only have to override a read method that returns a singleton character? [11:14]
elm_ how can that be? [11:14]
elm_ read calls comprise multiple characters at a time [11:14]
elm_ which read method do I need to override? [11:14]
elm_ there are multiple: [11:15]
elm_ [11:15]
bluezone [bluezone!uid104970@gateway/web/] has joined ##java [11:15]
elm_ read(byte[] b, int off, int len) ?? [11:15]
elm_ that is something you need to know [11:15]
elm_ one method will internally be implemented with the other one [11:15]
elm_ do I also need to implement skip? [11:16]
royal_screwup21 [royal_screwup21!d98a3b22@gateway/web/cgi-irc/] has joined ##java [11:16]
indistylo [indistylo!~aruns_@] has joined ##java [11:16]
tang^ tias [11:16]
tang^ Try it and see. You learn much more by experimentation than by asking without having even tried. [11:16]
cheeser tang^++ [11:17]
cheeser tang^ has a karma level of 26, cheeser [11:17]
elm_ ok just need to return an int [11:17]
elm_ but the other method makes it more performant [11:17]
elm_ I guess this is the way to go [11:17]
elm_ so can anyone suggest me a class for a fitting fifo queue [11:18]
manualcrank [manualcrank!] has joined ##java [11:21]
indistylo [indistylo!~aruns_@] has joined ##java [11:21]
conan [conan!] has joined ##java [11:23]
elm_ what about class ByteBuffer? [11:26]
elm_ anyone knows how java.nio.ByteBuffer works? [11:27]
elm_ can it have variable sized content? [11:27]
elm_ is it fifo like a queue? [11:27]
elm_ it is not well documented [11:27]
kgrimes2 [kgrimes2!~kgrimes2@] has joined ##java [11:27]
cheeser enter [11:29]
cheeser elm_, Enter is not punctuation. Please don't press your Enter or Return key until you're finished typing your question, sentence, or idea. It is annoying to see that and hard to follow. [11:29]
elm_ or is there a StrinBuffer for byte[] where you can append and get from the beginning (or the other way round) [11:29]
yawkat netty [11:29]
yawkat yawkat, netty is an effort to provide an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance & high scalability protocol servers & clients. See for info. [11:29]
indistylo [indistylo!~aruns_@] has joined ##java [11:32]
fstd_ [fstd_!~fstd@unaffiliated/fisted] has joined ##java [11:33]
odinsbane elm_: Don't use StringBuffer, it isn't what your looking for. [11:38]
indistylo [indistylo!~aruns_@] has joined ##java [11:44]
kicked indistylo (Banned: please fix your connection. you're bouncing in and out. this ban will expire after 2h) [11:44]
elm_ I just saw that I need to read the input as string [11:45]
elm_ because I care about newlines [11:45]
rapidwave [rapidwave!~quassel@unaffiliated/rapidwave] has joined ##java [11:48]
gelignite [gelignite!] has joined ##java [11:49]
rapidwave How do I install JavaMail? Do I just add JAR directory as library to NetBeans or is there more to it? [11:49]
Addax Just add the dependency to your maven pom or your build.gradle [11:49]
upgrdman [upgrdman!~upgrdman@blender/artist/upgrdman] has joined ##java [11:49]
rapidwave I'm trying to use JavaMail to read mail [11:49]
rapidwave Aren't those Eclipse features? [11:50]
Addax right, well, like I said... [11:50]
Addax no [11:50]
cheeser maven [11:50]
cheeser Maven is a software management tool that can compile, test, package, and deploy your project, with plugins for everything you can think of. See and [11:50]
Addax maven and gradle have nothing to do with eclipse [11:50]
Addax or netbeans... or idea. They're separate tools entirely. The IDEs can use them. [11:50]
Addax javamail [11:51]
Addax JavaMail is, of course, a Java-based Mail API. It supports SMTP, POP, IMAP, and more. It's at ; ask me about ~commons-email for an easier bstraction which wraps JavaMail. ~spring-email is also a thing, as is ~simplejavamail. [11:51]
cheeser and developers *should* use them. [11:51]
cheeser if you're not, you're doing it wrong. [11:51]
Addax cheeser ++ [11:51]
Addax cheeser has a karma level of 1,499, Addax [11:51]
Addax netbeans defaults to ant, which is psychotic and stupid. Only people who really know what they're doing should be using ant, and netbeans users... don't overlap with the set of people who know what they're about. [11:52]
bendem any teacher that doesn't require student projects to build with mvn package or gradle build should be fired really [11:52]
Addax bendem: but then there'd be no teachers left! [11:52]
Diablo-D3 bendem: honestly, that could very well be every java teacher [11:52]
bendem my point exactly [11:52]
bendem java teachers need to be replaced [11:53]
Diablo-D3 Im not even sure why we need them [11:53]
Diablo-D3 java is not a difficult language [11:53]
Diablo-D3 its maybe the easiest language Ive ever learned, and Ive learned a lot of them [11:53]
mbooth You know what they say: Those who can, do. Those who can't, teach. [11:53]
Addax heh. My son's *college* teacher for java *required* that he submit a single class for an assignment... that had a dependency on another class. (So he was supposed to submit a NONWORKING project.) [11:53]
bendem because a teacher will force you to discover some concepts and techs that you would not find until much later if you teach yourself [11:54]
Addax and it was required to be built with eclipse. Just... stunning [11:54]
bendem and because learning good practices from the start is awesome [11:54]
bendem I'd love to teach one day [11:54]
Diablo-D3 Addax: maybe the teacher misspoke? [11:54]
Addax no [11:54]
Rapture [Rapture!~textual@2601:1c2:5102:6d00:619c:8790:752b:695a] has joined ##java [11:54]
Diablo-D3 so he intends on failing every student on that assignment? [11:55]
Addax he actually submitted the ancillary class (verbatim, although I wanted to fix it desperately) - and got marked as having PLAGIARIZED [11:55]
Diablo-D3 ... how the fuck do you get marked as plagiarized [11:55]
parliament_ [parliament_!sid146171@gateway/web/] has joined ##java [11:55]
Diablo-D3 this isnt english class [11:55]
Addax "This second class looks exactly like the utility class you were required to use! You plagiarized it!" [11:56]
discopatrick_ [discopatrick_!sid138124@gateway/web/] has joined ##java [11:56]
MIsAn [MIsAn!~yuljk@unaffiliated/yuljk] has joined ##java [11:56]
Addax never mind that the utility class was broken; it was an algebraic evaluator that... couldn't handle unary minus [11:56]
Addax also used method parameters like "ArrayList<String>" and, in one place, "LinkedList" [11:56]
cheeser Addax: people who know what they're doing don't use ant [11:56]
Diablo-D3 So when are you going to speak with the principal or dean or whatever of the school, and discuss hiring only certified java instructors for the position? [11:56]
Addax cheeser: yet some people who know what they're doing *do* - see stanford NLP, for example [11:57]
Addax Diablo-D3: I'm not going to at all. [11:57]
DemonWav_ [DemonWav_!~DemonWav@unaffiliated/demonwav] has joined ##java [11:57]
Sleaker_ [Sleaker_!quasselcor@2604:880:a:7::e1b] has joined ##java [11:57]
bendem doesn't lombok also use ant? [11:57]
surial it does. [11:57]
cheeser mock surial [11:57]
javabot points at surial and says "your dum" [11:57]
surial ant is awesome. [11:57]
surial you know, in the biblical sense. [11:57]
cheeser as in, it all ends in a giant conflagration and untold suffering? [11:58]
Enissay2 [Enissay2!~Enissay@unaffiliated/enissay] has joined ##java [11:58]
Addax hey, if you have a series of configurations to manage and you're willing to undergo all the pain and are afraid of gradle, ant's fantastic [11:58]
jaskal_ [jaskal_!jaskal@unaffiliated/jaskal] has joined ##java [11:58]
limbo__ [limbo__!ar@] has joined ##java [11:59]
yokel_ [yokel_!~yokel@unaffiliated/contempt] has joined ##java [11:59]
surial gradle would add nothing to lombok, and it woudl slow down the builds significantly. [12:00]
GeraldW_ [GeraldW_!] has joined ##java [12:00]
Addax or, as in the case of stanford NLP and probably a host of others, there's a legacy build that would be a total drag to port [12:00]
Diablo-D3 Addax: well thats no fun [12:00]
elm_ is there a better method than string.getBytes() which writes into an already existing byte array? [12:00]
surial true fact: We have had 5 offers to contribute all starting with "I guess I'll tackle the ant problem first and set y'all up for <maven/gradle>". We immediately shitcanned those 'contributors' for being fucking morons. [12:00]
Diablo-D3 Addax: I mean, yeah, you need to teach your kid to pick his own fights, but we have to, in the future, deal with that teacher's students [12:01]
Addax Diablo-D3: ... like my son, whose java code is abominable [12:01]
Diablo-D3 oh man [12:01]
surial not because maven/gradle are bad, but because if you think the best way to start contributing to a FOSS project is to... completely redesign a build ? and you think that's gonna go over real well.. I doubt I have the ability to communicate with your neptunian brai. [12:01]
Diablo-D3 buys Addax a beer [12:01]
Iolo_ [Iolo_!] has joined ##java [12:01]
Addax surial: note that I do actually have a number of accepted PRs based on that exact notion, although I tend to look carefully at whether there's a "win" involved before bothering [12:02]
Diablo-D3 I think this is why I dont have kids, Im too afraid they're going to go into my industry and then never RTFM :( [12:02]
surial elm_: .string.getBytes() should not be used at all; use string.getBytes(someCharset). Both of these methods produce a new byte array; they do NOT write into 'existing byte array'. [12:02]
cheeser otoh, if I see ant on a project i'm about 97% less likely to want to contribute. [12:02]
Addax surial: I looked at lombok, for example, and decided that there was no way *I* would be able to contribute an alternative build that was worth a damn, even if it was feature-complete [12:02]
surial cheeser: well, what can I say. Lombok is not for the faint of heart. Also, we have plenty of contributors. They are manly (m/f) coders who have no problem slogging uphill both ways. [12:03]
Diablo-D3 cheeser: if I see ant on a project, I may not even BE able to contribute; generally its an indication of ancient legacy code [12:03]
Addax Diablo-D3: that's very much a faulty assumption though [12:03]
surial Diablo-D3: generally, yes. Lombok is complex. If someone opens the root file view on github, sees 'build.xml', and closes the tab? Good riddance. [12:03]
cheeser that's the spirit! :D [12:03]
Addax notes that surial prefers the ivory tower to the bazaar [12:04]
cheeser i just cba to set up a project like that in my IDE. unless it's my job, i have better things to do. [12:04]
surial If you can't even be arsed to click on it and then go: "oooohhh. geez, what the fuck, is this rocket science? I guess building lombok is a bit more complicated than your average java project" ? that's understandable, but that kind of impatience is just not conducive to a good lombok developer. There's a ton of corner cases you do need to cver and I guarantee you, most of em will NEVER be relevant to you (but they are relevant [12:04]
surial to a bunch of our users, so can't be ignored). [12:04]
cheeser ¯\_(?)_/¯ [12:04]
Diablo-D3 Addax: I did say 'generally' [12:05]
Addax Diablo-D3: *nod* true [12:05]
Diablo-D3 I rarely see alive projects still using ant that are still alive and not pretty old [12:05]
Addax I guess I agree with that, usually ant yields projects with commits every few years nowadays [12:05]
Brainium [Brainium!~brainium@unaffiliated/brainium] has joined ##java [12:05]
Addax there are exceptions, and those are still viable projects, but... yeah, generally not ones I care about because of the build system [12:05]
Addax Diablo-D3: I've mentioned at least two! [12:06]
Addax well, I didn't mention lombok, but I sort of did [12:06]
surial Maybe one day we'll rewrite lombok to an amazing extent: New build, probably using our own build system (because it has at that point jack fuck all to do with normal java builds; we'd ship ALLLLL the compilers separately, don't want to invoke system javac for any of it), single unified API that works for all 3 targets, etc. I guess gradle or maven would kick it off (fetch deps, compile our build system and execute it, which then [12:06]
surial takes care of all the rest, making it LOOK like a plain jane project even when it is not). But that'll probably the most complex thing we'd ever do to the lombok source base. [12:06]
Diablo-D3 btw, re gradle, is it really that bad or what? [12:06]
Addax gradle's fine [12:06]
Diablo-D3 because I see a fair amount of gradle dislike, and I dont really know why [12:06]
Diablo-D3 its alternative is maven, so its like, how bad could it really be [12:07]
Addax I don't know why either, probably ignorance [12:07]
Addax people despise maven because it's XML, so ... yeah, people are stupid [12:07]
cheeser surial: is it that you have to target/build with different JVMs? [12:07]
surial gradle? Not particularly bad. Last time I checked in depth it goes through a ton of hoops to avoid doing needless work which complicates builds considerably (case in point: annotation processors need to explicitly mark themselves as 'gradle compatible' or they torch your build speed to a crisp), but isn't really faster. [12:07]
Addax if that's enough to dissuade you from using a tool, you're a dope and need to step away from the computer and never have kids anyway [12:07]
surial cheeser: we still have to compile code with -source 1.5 -target 1.5, for starters. [12:07]
Diablo-D3 surial: that seems like a rather specific compliant, how many common things need to process annotations [12:08]
rippa [rippa!] has joined ##java [12:08]
null1337 [null1337!] has joined ##java [12:08]
Addax ... lots [12:08]
hypc [hypc!~Thunderbi@] has joined ##java [12:09]
surial Diablo-D3: any non-trivial java project? [12:09]
ernimril build systems tend to be quite complex and I think all build systems have seen quite a lot of critique over the years. I guess mostly because most developers never understand the build systems [12:09]
kashike [kashike!kashike@unaffiliated/kashike] has joined ##java [12:09]
mbooth I don't think I've touched a code base that didn't use annotations of some kind in years... [12:09]
surial from JPA's annotation based processing to mapstruct to autovalue to lombok to SPI generators... [12:09]
Diablo-D3 eh, right, forgot that'd qualify [12:09]
surial frankly if your java project ISNT using an AP, what kind of third rate amateur uninteresting bit of tripe ARE you making? [12:09]
satifant [satifant!~sati@unaffiliated/satifant] has joined ##java [12:10]
Diablo-D3 I just use the stuff, I don't always consider how it works [12:10]
surial ernimril: for lombok I'm specifically referring to what lombok has to do to make a build. example: We invoke the compiler 8 times, and that's not even compiling the tests. [12:10]
HZun [HZun!] has joined ##java [12:10]
mindCrime [mindCrime!~mindCrime@] has joined ##java [12:11]
surial frankly if gradle/maven made it easy to write lombok's build, the tool would be vastly over-engineered to cater to ridiculously overspecific use cases :) ? but given that our build is itself a bunch of software, well, we were either gonna write it in ant, or in straight up java. [12:11]
ernimril surial, sure, I was only going on general build systems, since I do not use lombok I can not really say much about it [12:11]
surial I'm warming up to plan #2 there. Maven is clearly right the fuck out. Gradle could be, but at that point you're not really gaining much value out of using it. [12:11]
surial and it probably actively gets in the way. Say what you want about ant, but <mkdir> just makes a fucking dir. [12:11]
surial gradle tries to be all smart and go: Welllll now I think perhaps this step might safely be skipped! Let's skip it. Which cool and all, but makes debugging builds rather more complicated than neccessary. Besides, the speedups built into lombok's build are all handrolled and there's no way gradle could know about any of it. [12:12]
mbooth really wants to look at lombok's build now [12:13]
surial ernimril: well, sbt goes some ways to show how it goes, no? You start thinking: Pfff,, dafuq? Why is gradle/maven/whatever so complicated? How hard can a make clone be? We'll make something muuuch simpler. and then.. well, check out sbt now. [12:13]
mbooth Sounds pretty interesting [12:13]
surial mbooth: [12:13]
surial surial's title: "lombok/build.xml at master rzwitserloot/lombok GitHub" [12:13]
surial enjoy. There are more build files, for the website for example which this thing also builds. [12:13]
mbooth Ta [12:13]
surial but that's the start point at least. [12:13]
q9929t [q9929t!~Thunderbi@] has joined ##java [12:14]
ernimril it is typically not the build system that needs to be faster, it is the different tools the build system use. Compiling ~50k source files in java takes less than one minute. Finding out what few files of such a project needs to be recompiled after a few file changes and compiling them can be done in less than a few seconds. Rebuilding one or two jars is quick. Then we can start talking about different dependency things, annotation [12:14]
ernimril processors and other things, they tend to take time [12:14]
surial mbooth: also note that lombok's ant is built on something called 'ivyplusplus' which is ivy with a few extras. lombok is as far as I know the one and only tool that uses ivyplusplus. So that whole 'we use our own build' concept is already half true. [12:14]
srisri [srisri!~srisri@] has joined ##java [12:14]
surial ernimril: rebuilding a shaded jar is slow as dogshit, and will always be. [12:14]
Diablo-D3 huh, I think it was ivy was my biggest ant compliant [12:15]
esro [esro!] has joined ##java [12:15]
surial Part of the problem with slow builds is that people make idiotic choices and these choices then become industry standard. such as shading, which is rarely needed and usually a dumb plan. [12:15]
Addax Diablo-D3: huh, ivy's the *best* thing about ant - it's what makes ant tolerable! [12:15]
ernimril surial, I do not really use sbt, if I want a make clone I use gnu make :-) [12:15]
Diablo-D3 Addax: well, thats half of my compliant, it wasnt built in like maven repos was into maven [12:15]
Addax wait... sbt? [12:15]
ernimril sbt [12:15]
ernimril SBT is the "simple build tool," proving that Scala developers have well-developed senses of irony and sarcasm. It's really easy to use when your build doesn't actually do anything, apart from the incredible speed. ("It's incredible how SLOW this is!") See ; it's actually not entirely incapable, but really? Use gradle or maven. Nobody wants to read "still compiling" messages. [12:15]
Diablo-D3 the other half is... it never seemed as powerful as maven was natively [12:16]
surial ernimril: well, sbt started out life as 'simple build tool', then became 'scala build tool', and now is just 'sbt build tool', because, well, it REALLY isn't simple. at all. [12:16]
Addax surial: and BTW, shaded jars (including and especially the spring boot equivalent) are *very* common these days [12:16]
Diablo-D3 and it had weird problems that I never quite solved, either I was using ivy wrong, or I had deps that confused it [12:16]
surial Diablo-D3: maven is very powerLESS; it is hard to do anything with it.. EXCEPT the bits it wants you to do, where it is passably nice at it (vs, say, ant, where ant has absolutely no opinions or default-to-conventions whatsoever and you have to write it all, it's a programming language even though the docs really try their hardest to lie to you and say that it is not). Which makes maven great if what you're doing fits within its [12:17]
surial conventions, which is a lot of java projects. but not all java projects. [12:17]
surial Diablo-D3: ivy is more convoluted than it needs to be and inconsistent with names, both internally and vs. mavencentral on which it heavily relies upon in practice. [12:17]
Addax surial: also, maven's approach there (the "powerless" approach) is a feature [12:17]
surial Diablo-D3: It's.. suboptimal to say the least. But it'll do. [12:17]
quadsar [quadsar!~quadsar@unaffiliated/quadsar] has joined ##java [12:17]
surial Addax: agreed. [12:18]
Diablo-D3 surial: yeah, but maven will also do if maven does what I need without fighting with it, which is where I ended up going [12:18]
Addax Diablo-D3: I don't think he has a problem with that :) [12:18]
surial and hence why 'you should use maven!' for lombok feels so sad and makes me ignore somebody so rapidly. It not only shows an utter lack of understanding of lombok's build and a disdain for me to suggest it without even spending 1 minute to check out what that might mean, it also means said idiot is less aware of what maven is than they really ought to be if they go around advising it. [12:18]
ernimril migrating an old project that was not built for maven (or gradle) to maven is an interesting task... [12:18]
surial It's a bit like me sitting next to a house with peeling paint and somebody walking by and going: You should fix that with sushi! [12:19]
surial sushi is nice, but clearly inappropriate for house painting. That's not sushi's fault. [12:19]
Addax surial: see, I'm ensmartened! I looked at lombok, said "what is this crap? ANT?" and looked a little further and decided that it wouldn't be worth migrating to gradle, much less maven [12:19]
surial Diablo-D3: oh, don't worry. Once you try to make maven do things that it doesn't want you to, you're fighting with it FAR more than ant. [12:20]
surial also, maven as a project is fucking bad. [12:20]
Diablo-D3 if lombok has highly customized its use of ant, then it seems to be using ant for the right reasons, and should never change [12:20]
rapidwave I setup Maven for the project, but the files aren't getting read by NetBeans. [12:20]
Diablo-D3 no, Ive seen maven warts up front and center, but its why Im wondering why people hate gradle [12:20]
Diablo-D3 gradle seems like its sane, it seems like it just does what its supposed to and not fight anyone [12:21]
surial mavencentral, I mean. There is this snapshot concept. It is documented NOWHERE. The format used to send a real release to mavencentral (well, sonatype, and that's how you feed mavencentral) is documented but unneccessarily convoluted and has 'security measures' that dont do anything (so, security theatre then). The snapshot concept? Utterly different format for no reason. Documented nowhere. Idiotically finicky; like if the [12:21]
surial header isn't precisely the way maven does it, down to the last byte, it gives you a random, unrelated error message. [12:21]
surial So in that sense, if anybody would do me the kindness of coming up with a better mavencentral, i'll cheerlead you alll the waty. [12:21]
Addax snapshot != maven central [12:21]
surial we have 'solved' the problem by hosting our own mavencentral style repo where we deposit our snapshots, and that works great. [12:22]
Diablo-D3 well isnt that the problem with every repo thats not cpan? [12:22]
surial why should it be? [12:22]
Diablo-D3 the way its ran is always fucking weird, and shit always happens that fucks everyone up [12:22]
surial also, rubygems and such have their own issues, but not about spec and usability. Generally they tried to be 'too nice' and now have scaling issues. [12:22]
Diablo-D3 npm most certainly isnt the only complete fuckup [12:22]
surial For example, with rubygems, there's (like apt), a sort of index file you need, and serving up that fucker is now quite a big problem. (SOURCE: Talking at length with andré about it). [12:23]
surial mavencentral solved it by not having index files. The right dir to find a dep is constructable from the GAV straight up. [12:23]
surial good design choice though I bet given the roots of maven they just stumbled onto that. [12:24]
surial npm... oh god. [12:24]
surial also npm is in dire fucking trouble I think. They JUST started to attempt to earn some actual money to run it all by... selling for quite a large amount precisely what github recently added, which is cloud hosted corporate repos. [12:24]
surial If you're the kind of corp that even would consider putting your stuff in the cloud, 90%+ odds you have github and if not, the bargain pricing github has for this puts quite the crimp on npm's ability to charge meaningful money for this service. sonatype at least has 10+ years of history going for it, and professional support for self-hosting your corp repo. [12:25]
LunarJetman [LunarJetman!] has joined ##java [12:25]
rorx [rorx!] has joined ##java [12:25]
surial Diablo-D3: note that what 'we java pros' tend to point-and-laugh about with NPM is stuff that mavencentral basically does exactly as badly. It's JUST that the java community isn't quite as cavalier with endless depchains. Despite mavencentral's attempts, not because of them. [12:26]
surial So, whilst I love me some npm bashing like any other java programmer, careful you don't break our glass house with them stones there. [12:26]
LtHummus [LtHummus!] has joined ##java [12:29]
orbyt_ [orbyt_!~orbyt@] has joined ##java [12:29]
Diablo-D3 surial: tbf, I was actually trying to compare the two [12:30]
Diablo-D3 I literally just said if its not cpan, its probably shit [12:30]
Diablo-D3 sometimes I just dont feel like being a monster, and try to be nice about throwing shade :( [12:32]
LKoen [LKoen!] has joined ##java [12:33]