CFP Now Open: Free Java @ FOSDEM 2011

Join us at FOSDEM 2011 to be a part of our sessions where we’ll discuss the state of Free Java!

Our theme is “Java Sans Frontières”

  • Why Free Java technology is awesome
  • Standing on the Shoulders of Free Java
  • The future of Free Java

The Call For Participation is OPEN NOW, but closes on 3rd December…
So send in a talk proposal today and join us in Brussels 5-6 February!

Why FOSDEM?

  • Engage in scintillating discussions with smart hackers over world famous Belgian Beer
  • Join the Web of Trust by getting your strong new key signed
  • Indulge in exquisite chocolate
  • Visit historic Brussels within walking distance

Why the Free Java DevJam?

  • This is the most significant non-commercial, neutral environment for Java developers to meet
  • Learn how to get involved in technical Free Java projects
  • We will not shy away from politics (especially this year)!
  • We will get together for an awesome Dinner
  • You will meet historic hackers in the evolution of Free Java

Please join the freejava-devroom@lists.fosdem.org list for general discussion about the event.

To submit a formal Talk Proposal follow the guidelines at
http://wiki.debian.org/Java/DevJam/2011/Fosdem/CallForParticipation

Respectfully,

Doug Lea on leaving the JCP and the way forward

Doug Lea posted why he is not seeking another term on the JCP Executive Committee:

I believe that the JCP is no longer a credible specification and standards body, and there is no remaining useful role for an independent advocate for the academic and research community on the EC.

Some have argued that JCP was never a credible standards body. I once disagreed: Sun initially placed in the JSPA and Process documents enough rules to ensure that the JCP could foster innovation, quality, and diversity, […] However, some of these rules, and violations of rules, have been found to be the source of stalemates and lost technical ground. […]

For the core Java platform (which these days roughly corresponds to Java SE), the only existing vehicle for which I can foresee a useful role for the academic and research community is OpenJDK. OpenJDK is a shared-source, not shared-spec body, so is superficially not an alternative at all. But at this point, a Linux-style model for collaboratively developed common source is likely to be more effective in meeting upcoming challenges than is the JCP.

I admit that I was one of those people who argued that the JCP always has been hostile towards Free Software communities. Which is why I personally always concentrated on just producing Free Software implementations and routed around the JCP whenever I could. But it is sad to see even people like Doug Lea loosing the faith. He was brave enough to at least try.

I do agree concentrating on a shared Free Software implementation distributed under the GPL is the best way forward for Java. If we can really turn such a project into a collaboratively developed common source base on which everybody is free to build innovative platforms. Hopefully OpenJDK, with a little help from IcedTea, GNU Classpath and friends, will be that project.

GDB Python integration

The GDB Python integration is really awesome. But whenever I want to point people at it I never know what a good overview is to link them to. So I created a little PythonGdbTutorial page on the GDB wiki that has just a one sentence summary and links to all the articles Tom Tromey wrote about the cool stuff that is now possible. Like implementing new gdb commands, convenience functions, filtering backtraces, pretty printers, scripting gdb itself and even writing a whole new GUI, all in python of course.

Update: Phil Muldoon pointed out that the online GDB manual is also completely up to date now. See the GDB Python chapter.

Oracle tries to destroy free java – now what?

Seems Oracle bought Sun to become a java patent troll. Trying to destroy the alternative free java implementation that is part of android. Sun used to be agnostic towards Free Software in the past, then became a huge fan on java liberation day. Now that Oracle is in control and starts its quest to destroy the free java world, we are back to the dark ages. So, now what?

Oracle is still distributing a free version of java itself through OpenJDK on which IcedTea is based. Implementations derived from that source base are safe against copyright and patent claims as long as one follows the obligations of the GPL. That is of course only for patent and copyrights Oracle holds or can pass on (through its stewardship of the JCP). To protect against claims by unrelated companies or when you have a free implementation of java not based on code distributed by Oracle, like GNU Classpath, try to get your implementation covered by a Free Software friendly patent pool. For example gcj/libgcj/GNU Classpath (as are some parts of the apache and eclipse java stacks) are part of the “System Components” of OIN (and Oracle has joined OIN).

Finally if you contribute to any Sun/Oracle java implementation demand that they change their Contributor Agreement to be truly reciprocal, not just for copyrights, but also for any patent claims covering the project you contribute to. So that anybody that wants to share the project you contributed to will always and irrevocably get all the rights to do that (not just for the GPL version). Point 3 in the current Sun/Oracle Contributor Agreement isn’t reciprocal, you grant a perpetual, irrevocable, non-exclusive, worldwide, no-charge, royalty-free license to any patent claims you might have to Sun/Oracle, but they are not granting back to you or the wider community any they hold on the project as a whole.

WordPress 3 rocks

WordPress 3.0 integrated Multisite support! I only maintain two blogs, but it was already handy to put them under the same “Super Admin” install. WordPress really is pretty smooth these days and highly customizable.

GNU Hackers Meeting and GUADEC

I’ll be at the GNU Hackers Meeting this weekend and at GUADEC next week.

GNU Hackers Meeting
GUADEC

IcedTea6-1.8 release

Matthias Klose released IcedTea6 1.8. He still doesn’t have a blog (or is that old fashioned already in these web 3.0 micro-message-blogging days). So here is the release announcement he made:

IcedTea6-1.8 release

We are proud to announce the release of IcedTea6 1.8.

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools. It also includes the only Free Java plugin and Web Start implementation, and support for additional architectures over and above x86, x86_64 and SPARC via the Zero assembler port.

New in release 1.8 (2010-04-13):

  • Updated to OpenJDK6 b18.
    • Nimbus Look ‘n’ Feel backported from OpenJDK7.
    • JAXP and JAXWS now external dependencies rather than being in-tree.
    • Updated timezone data
    • Addition of security updates applied in IcedTea6 1.6.2.
    • Many bug fixes
  • Latest security updates and hardening patches:
    • (CVE-2010-0837): JAR “unpack200” must verify input parameters (6902299)
    • (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)
    • (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
    • (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)
    • (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
    • (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)
    • (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)
    • (CVE-2010-0088): Inflater/Deflater clone issues (6745393)
    • (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
    • (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
    • (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
    • (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
    • (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
    • (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)
    • (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)
    • (CVE-2009-3555): TLS: MITM attacks via session renegotiation
    • 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
    • 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
    • 6910590: Application can modify command array in ProcessBuilder
    • 6909597: JPEGImageReader stepX Integer Overflow Vulnerability
    • 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
  • Old plugin removed; NPPlugin is now the default and is controlled by –enable/disable-plugin. As with the old plugin, it produces a IcedTeaPlugin.so library rather than IcedTeaNPPlugin.so.
  • Dependence on the binary plugs mechanism removed. The plugin and NetX code is now imported into the JDK build in the same manner as langtools, CORBA, JAXP and JAXWS.
  • Fix for plugin buffer overflow: https://bugzilla.mozilla.org/show_bug.cgi?id=555342
  • Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code
  • Zero/Shark
    • Shark is now able to build itself.
    • For ARM, add Thumb2 JIT.
    • Fixed Shark sharkCompiler mattr memory corruption bug when using llvm 2.7.

The tarball can be downloaded here: http://icedtea.classpath.org/download/source/icedtea6-1.8.tar.gz

The following people helped with this release: Gary Benson, Deepak Bhole, Andrew John Hughes, Mark Wielaard, Nobuhiro Iwamatsu, Matthias Klose, Ed Nevill, Pavel Tisnovsky, Xerxes Rånby, and many others.

We would also like to thank the bug reporters and testers!

To get started:

$ hg clone http://icedtea.classpath.org/hg/release/icedtea6-1.8
$ cd icedtea6-1.8

Full build requirements and instructions are in INSTALL:

$ ./configure [--enable-visualvm --with-openjdk --enable-pulse-java --enable-systemtap --enable-nss ...]
$ make

Roos

Jonas looks at Roos Jonas got a little sister, Roos

Fosdem SystemTap Interview

Did an interview for FOSDEM about SystemTap. It discusses a wide range of topics. About when I got involved with Free Software, working for Red Hat, how FOSDEM helped the libre Java community, getting Fedora more observable by adding static markers into programs, the history of observation tools (tracers, profilers, debuggers) on GNU/Linux, comparisons to other tools like DTrace, GUI frontends, Eclipse integration, the future of SystemTap and of course why you should come to FOSDEM.

Fosdem talk – Full System Observability with SystemTap

I'm going to FOSDEM, the Free and Open Source Software Developers' European MeetingReally looking forward to Fosdem next month. This year I will be giving a talk What is my system doing – Full System Observability with SystemTap during one of the main tracks. There will be some demos of the new systemtap java and python tracing support that I blogged about earlier.

FOSDEM, the Free and Open Source Software Developers' European Meeting