Month: September 2022

Article originally posted on InfoQ. Visit InfoQ

Technical debt can be quantified in various ways, but you cannot precisely quantify the associated financial debt. According to Kevlin Henney, we can quantify things like how many debt items we have, the estimated time to fix each debt item, a variety of metrics associated with our code, such as cyclomatic complexity, degree of duplication, number of lines of code, etc. All of these are identifiable and countable, but quantifying how much financial debt is present in the code doesn’t work.

Henney gave a keynote about Six Impossible Things at QCon London 2022 and at QCon Plus May 10-20, 2022.

There are many things about technical debt that can be quantified. Henney mentioned that we can list off and number specific issues in code and, if we take the intentional sense in which technical debt was originally introduced, we can track the decisions that we have made whose implementations need to be revisited. If we focus on unintentional debt, we can look at a variety of metrics that tell us about qualities in code.

There’s a lot that we can quantify when it comes to technical debt, but the actual associated financial debt is not one of them, as Henney explained:

The idea that we can run a static analysis over the code and come out with a monetary value that is a meaningful translation of technical debt into a financial debt is both a deep misunderstanding of the metaphor – and how metaphors work – and an impossibility.

According to Henney, quantifying how much financial debt is present in the code doesn’t work. At the very least, we need a meaningful conversion function that takes one kind of concept, e.g., “percentage of duplicate code” or “non-configurable database access”, and translates it to another, e.g., euros and cents:

What is the debt value of “non-configurable database access”? What is the debt value of basing your architecture on one third-party framework versus another? What is the debt value of a decision that may (or may not) have short-term benefits but will (probably) need updating in the long-term? The question is so abstract and malleable that trying to squeeze a financial figure out of it seems not only premature, but smacks of bad science.

Henney stated that just because we may have a number for one kind of thing, such as a code metric, that doesn’t mean we can convert it to a number of another kind of thing, such as money:

It has no more meaningful correspondence to a financial value than the RGB value of my eye colour has to my height.

While we might agree that excessive code duplication represents a code smell, it doesn’t mean that duplication has a simple debt rate, as Henney explained:

In some contexts, duplication can be introduced to reduce coupling, meaning that it can reduce other debts and, therefore, it acts as a credit. Dead code can be recognised as a debt arising from obsolescence, but what about duplication in dead code? In such cases duplication is zero-rated.

Of course, we can always fabricate values and conversions, but we must recognise those as fiction rather than science, Henney concluded. It’s a little like the calculation of Blue Monday, the third Monday in January, which is allegedly the most depressing day of the year according to a “pseudoscience formula that is pure nonsense on stilts”.

This article concludes the series on Henney’s Six Impossible Things keynote:

1. It’s impossible to directly represent infinity or to hold infinite precision on a discrete physical computer, as storage and representations are bounded.
2. Not every question has an answer; developers should increase awareness of unexpected failure modes, advertise the possibility of failure, and use time-outs to recover from waiting for an answer that will never come.
3. The truth can’t always be established where it applies as not all preconditions can be checked in code due to the definitional constraints of the programming language.
4. The future isn’t knowable before it happens; to deal with unknowable unknowns, a solution is to be more experimental and hypothesis-driven in our development.
5. A distributed system is not knowable; failure is normal and distributed systems can provide only two of the three guarantees in consistency, availability, and partition tolerance.

Article originally posted on InfoQ. Visit InfoQ

Oracle has released Project Helidon 3.0, featuring support for JDK 17, Jakarta EE 9.1, and MicroProfile 5.0. Also included in this release is the new Helidon Starter for generating custom Helidon applications, an updated command-line tool, and a security hardening of Java serialization through JEP 290: Filter Incoming Serialization Data.

Helidon is a cloud-native Java framework for microservices, supporting both imperative and reactive applications. Due to security concerns, Helidon doesn’t use Java serialization and disables it by default for applications. Helidon 3.0 also improves the routing of reactive applications.

Upgrading to version 3.0 is straightforward for reactive applications. Imperative applications, on the other hand, “need to change to jakarta.* dependencies and address backwards compatibility issues.”

Helidon recently demonstrated early support for the virtual threads of Project Loom with Helidon Níma. Níma is part of Helidon 4.0, scheduled for a formal release by the end of 2023. Virtual Threads (preview) and Structured Concurrency (incubator), under the auspices of Project Loom, were delivered in JDK 19.

Helidon joins Quarkus and Micronaut as Java frameworks that officially support native Java with GraalVM in production today. Spring Boot 3.0, planned for a GA release in late 2022, will add built-in native Java support.

InfoQ spoke to Helidon Project lead Dmitry Kornilov, director of software development at Oracle and Project Helidon lead, about this project.

Since the release of Spring 1.0 in 2004, only one significant new Java framework has appeared: DropWizard in 2011. All that changed when Micronaut and Helidon were introduced in 2018 and Quarkus in 2019. Why do you think that happened?

Kornilov: Microservice development was growing in popularity back then, increasing demand for lightweight cloud-native Java microservice frameworks. These new frameworks have a much smaller footprint than Java/Jakarta EE application servers and are optimized for modern microservices development. Helidon provides an open implementation based on the MicroProfile standard that gives developers compatibility and portability.

How is writing a Java microservice with Helidon different from writing it with Spring Boot?

Kornilov: The declarative development experience with Helidon is identical to Spring Boot and Quarkus. But the runtime is different: We are trying to make Helidon as effective as possible by reducing the number of third-party dependencies and through various performance optimizations.

Helidon supports imperative (Helidon MP) and reactive programming (Helidon SE). In your estimation, what percentage of Helidon users pick reactive programming?

Kornilov: I don’t have statistics, but I estimate 30 percent. It’s a trade-off: If your focus is on business logic, you can use imperative programming with Helidon MP. If you need the highest possible performance and are willing to invest in the additional complexity of asynchronous development, use the reactive model of Helidon SE. Many users have chosen Helidon SE for that reason.

Helidon allows deploying Java applications to native executables through the GraalVM Native Image compiler. These native executables start faster and use less memory than regular Java applications. In your experience, what percentage of Helidon users runs native Java in production?

Kornilov: I don’t have the numbers. I think native Java is a great choice for applications requiring fast startup time, like serverless functions. For long-running services, which is the most common use case for Helidon applications, HotSpot JRE is preferred because of its excellent runtime optimization.

Helidon also provides an option to build a JLink image with smaller footprint and faster startup time.

How do you think Helidon compares with Quarkus and Micronaut?

Kornilov: Only Helidon supports all features of the Jakarta CDI dependency injection specification in native Java, including portable extensions. Helidon uses Red Hat’s Weld CDI implementation and improved it for native Java.

Micronaut uses its own injection mechanism and doesn’t support CDI. Quarkus’ implementation doesn’t support some CDI features, such as portable extensions, but is optimized for build-time processing.

If there’s one thing you could change about native Java with GraalVM, what would that be?

Kornilov: I asked the Helidon developers for suggestions. First, it would be great to have public APIs for custom extensions such as features, substitutions, etc. There are private APIs for that, but it’s a bad practice to use them. Another suggestion is giving more informative error messages to help fix compatibility issues.

In which areas do you see native Java used most with Helidon? And where is native Java not suitable for Helidon users?

Kornilov: Helidon fully supports GraalVM Native Image. We recently published some Helidon success stories (more are coming). Oracle CX Industry Framework (CXIF) uses Helidon with native Java:

Together with Helidon, GraalVM is also a critical technology to the CXIF architecture. CXIF uses GraalVM Native Image to create minimum-size, precompiled executable images of its microservices. These images are further compressed using UPX compression to yield Docker container images of size <50MB for use with Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE). This enables extremely fast startup time for containerized microservices, allowing CXIF to dynamically start containers running microservices on-demand as requests come in!

More details on this latest release may be found on this GitHub repository. Also, developers interested in a deep-dive of native Java may peruse through this InfoQ six-article series.

Article originally posted on InfoQ. Visit InfoQ

Spring Boot Migrator (SBM) is an experimental Spring project first released in March 2022. SBM allows developers to convert existing, non Spring Boot applications, which are based on technologies such as JAX-RS, EJB and JMS to Spring Boot or upgrade older Spring Boot applications to the latest version.

SBM is based on OpenRewrite, a general purpose tool for source code and configuration refactoring. OpenRewrite uses Recipes to change existing files for Kubernetes, Gradle, Maven, Java and others. The recipes allow, for example, to upgrade an existing application to a newer version of Java. SBM uses OpenRewrite specifically for Spring Boot migrations.

After downloading the latest version of SBM, the command-line interface (CLI) can be started with:

java -jar spring-boot-migrator.jar

After a few seconds, the user is presented with an SBM-specific prompt: migrator:>.

The list command displays the thirty recipes currently available. The recipes, for example, support upgrading Spring Boot to a new version, change XML Bean configuration to Java configuration and migrate various Java EE / Jakarta implementations to Spring Boot.

With the scan [directory] command, an application is analyzed and the applicable recipes are displayed. The following shows an example, older JAX-RS application without Spring Boot support analyzed by SBM, displaying the following results:

scanning 'JAXRS'

Checked preconditions for '.../JAXRS'
[ok] Found pom.xml.
[ok] 'sbm.gitSupportEnabled' is 'true', changes will be committed to branch [master] after each recipe.
[ok] Required Java version (17) was found.
[ok] Found required source dir 'src/main/java'.

Maven    	100% │███████████████████████████│ 2/2 (0:00:09 / 0:00:00)

Applicable recipes:

	= 'automated recipe'
  = 'partially automated recipe'
	= 'manual recipe'

  - initialize-spring-boot-migration []
 	-> Initialize an application as Spring Boot application.
  - migrate-jax-rs []
 	-> Any class has import starting with javax.ws.rs
  - cn-spring-cloud-config-server []
 	-> Externalize properties to Spring Cloud Config Server

Based on the source code of the application, SBM displays the recipes matching the preconditions. When no recipe matches, the list of applicable recipes will remain empty. In this case, one of the recipes listed above may be applied, for example to convert the existing code to a Spring Boot application:

migrator:> apply initialize-spring-boot-migration

This results in a new Git commit with the description SBM: applied recipe ‘initialize-spring-boot-migration’.

Analyzing the commit shows the following changes in the pom.xml: the packaging was changed from WAR to JAR, the spring-boot-starter and spring-boot-starter-test dependencies and the spring-boot-maven-plugin were added and the dependencyManagement section now contains the spring-boot-dependencies of type pom. Depending on the original indentation of the pom.xml file, the indentation may change as well to reflect the recipe.

The source code was altered as well and now contains a SpringBootApp.java and a SpringBootAppTest.java:

@SpringBootApplication
public class SpringBootApp {

	public static void main(String[] args) {
    	SpringApplication.run(SpringBootApp.class, args);
	}
}

@SpringBootTest
class SpringBootAppTest {

	@Test
	void contextLoads() {
	}

}

Now the application is converted to a Spring Boot application. The next step is to migrate the JAX-RS source code to Spring Boot with the command:

migrator:> apply migrate-jax-rs

The command results in a new Git commit with the description: SBM: applied recipe ‘migrate-jax-rs’. Analyzing the commit shows the JAX-RS imports were removed and replaced with Spring imports and the JAX-RS @Path annotation on the class file was replaced with the Spring Boot @RestController and @RequestMapping. The various methods now have Spring Boot’s @RequestMapping, @RequestParam, @PathVariable instead of the JAX-RS annotations such as @Get, @Post, @Path, @Produces, @QueryParam and @PathParam. Lastly the return type of the methods is no longer of type Response, but of type ResponseEntity.

Running the Spring Boot application after the migrations unfortunately failed as the maven-compiler-plugin defined in the pom.xml file used an older version of Java. Manually changing the pom.xml to use the currently installed Java version fixes the problem, but it’s also possible to automate the step with the Change Maven plugin configuration of OpenRewrite.

Analyzing the resulting code and configuration showed some dependencies which were no longer needed by Spring Boot. The obsolete dependencies may be removed manually or this step may be automated as well with SBM or OpenRewrite.

SBM currently supports Maven as OpenRewrite’s support for Gradle is not yet complete. More information on SBM can be found in the User Documentation and Developer Documentation.

Article originally posted on InfoQ. Visit InfoQ

Researchers from Microsoft’s Natural Language Computing (NLC) group announced the latest version of Bidirectional Encoder representation from Image Transformers: BEiT-3, a 1.9B parameter vision-language AI model. BEiT-3 models images as another language and achieves state-of-the-art performance on a wide range of downstream tasks.

The model and experiments were described in a paper published on arXiv. The key idea in BEiT-3 is to model images as another language (which the authors call “Imglish”); this allows the model to be pretrained using only the masked language modeling (MLM) objective, and the training process can therefore be scaled up more easily. This unified architecture allows BEiT-3 to support a wide range of downstream tasks: in evaluation experiments, the model set new state-of-the-art performance records on several benchmarks, including semantic segmentation, cross-modal retrieval, and visual question answering. According to the Microsoft team:

BEIT-3 is simple and effective, and is a promising direction for scaling up multimodal foundation models. For future work, we are working on pretraining multilingual BEIT-3 and including more modalities (e.g., audio) in BEIT-3 to facilitate the cross-lingual and cross-modality transfer, and advance the big convergence of large-scale pretraining across tasks, languages, and modalities.

Since its original publication in 2017, the Transformer model has become the preferred architecture for many natural language processing (NLP) tasks. This led to many researchers adopting the Transformer for vision tasks, and then combining both NLP and vision in a single model. However, these multi-modal architectures often maintain separate encoder modules for the different inputs and require multiple pretraining objectives beyond the standard MLM objective.

By contrast, BEiT-3 uses the Multiway Transformer architecture, which uses a shared self-attention module for both image and text data. The attention head output is then routed to a modality-specific feedforward “expert” module. Because the model pretraining uses only the MLM objective, a smaller batch size can be used, which reduces the amount of GPU memory required to process a training batch.

BEiT-3 was pretrained on several publicly-available text and image datasets, including ImageNet, COCO, and the contents of Wikipedia; overall the data contained 160GB of text-only documents, 14M images, and 21M text-image pairs. The team evaluated the model on several vision and vision-language benchmark tasks, including: semantic segmentation on the ADE20K; object detection, instance segmentation, image captioning, and retrieval on COCO; retrieval on Flickr30K; and visual question answering on VQAv2. BEiT-3 outperformed previous models on most of the tasks; a full list of results is available on Papers with Code.

Large vision-language models are an active research topic. InfoQ covered Google’s Vision Transformer (ViT) in 2021 and DeepMind’s Flamingo model earlier this year. In a Twitter discussion about BEiT-3, Google researcher and ViT co-author Lucas Beyer praised the BEiT-3 team, saying:

Impressive work, congrats! Happy to see someone else successfully training a ViT-G…and such good results on only 35M images does make the masked modeling task appealing!

Microsoft recently released the code and model weights for BEiT v2 on GitHub, and co-author Li Dong said on Twitter that BEiT-3 should be open-sourced soon.

Article originally posted on InfoQ. Visit InfoQ

Jakarta EE 10, released on September 22, 2022, is the third major and fourth overall release of Jakarta EE by the Jakarta EE Working Group since Oracle donated Java EE 8 to the Eclipse Foundation in 2017. This release aims to deliver a set of coordinated specifications for building modernized, simplified, and lightweight cloud-native Java applications across the spectrum of Jakarta EE technologies, such as the Jakarta EE Platform, Web, and the new Core profiles.

The new Core Profile defines a subset of the Jakarta EE specifications geared toward microservices development, smaller runtimes, and ahead-of-time (AOT) compilation.

Java SE 11 is the new baseline runtime supported by Jakarta EE-compatible implementations. However, developers can also develop and deploy the Jakarta EE application on Java 17, which is the most current LTS release. This leads to the opportunity to build modularized applications (introduced in Java 9) and offers improved integration across component APIs.

Jakarta EE 10 provides new functionality in over 20 component specifications. For example:

• A new CDI-Lite specification is introduced in Jakarta Context and Dependency Injection (CDI) 4.0, allowing a reflection-free programming model while maximizing resilience, testability, and maintainability in comparison to conventional approaches.
• Jakarta RESTful Web Services 3.1 standardizes a Java SE Bootstrap API, which allows REST services outside of the Jakarta EE environment, e.g. unit tests, integration tests, etc. This specification also standardizes the multipart form data, which has been missing for many years, and developers needed either Servlets or a vendor-specific REST API to handle the multipart media type.
• Jakarta Persistence 3.1 now supports java.util.UUID, to be used as a basic type of field, which is very convenient for entity IDs in the cloud environment since many databases don’t automatically generate UUID. It also adds several new functions to the Query Language and Criteria API, making Jakarta Persistence much more versatile and allowing developers to write more complex queries utilizing the full power of entity mappings without having to resort to native SQL queries.
• Jakarta Faces 4.0 brings a new API to define the full view (HTML Pages) using only Java code.
• Jakarta Security 3.0 brings necessary and standard support for the OpenID Connect protocol, which has become widely used to login using other services, e.g., Facebook, Google, Twitter, etc.
• Jakarta Concurrency 3.0 adds asynchronous methods with a new Asynchronous annotation, which doesn’t require using EJB, and allows developers to specify the thread pool.

In addition to these, a significant number of other component specifications are introducing major or minor version updates to reflect significant changes in their respective specifications and APIs. Besides, many deprecated features have been removed, streamlining and enhancing the developer experience.

Regarding this release, Reza Rahman, principal program manager at Microsoft and Jakarta EE ambassador, discussing the Jakarta EE 10 release during the launch celebration, stated:

Jakarta EE 10 is an incredibly important release. The earlier releases, such as 9 and 9.1, were essential; however, they didn’t bring any direct value in terms of changes or innovations. This release is foundationally important as it brings the long pending set of changes that, if you are somebody who relies on Jakarta EE as a technology you haven’t really had in the past few years, that’s going to change. And hopefully, moving forward and, more importantly, it’s also sort of proof in the way that the Jakarta EE process can also continue to deliver features and innovations in the same way that Java EE had done for some period of time.

Alongside the release of Jakarta EE 10, the Eclipse Foundation also released the results of its 2022 Jakarta EE Developer Survey, which include the following key results:

• Jakarta EE usage increased from 47% in 2021 to 53% in 2022, while Spring/Spring Boot and MicroProfile usage experienced slight declines.
• The Jakarta EE community is looking for faster support from existing Java EE/Jakarta EE or cloud vendors (28%).
• Despite being released less than a year ago, the use of Java 17 (the LTS release of Java SE) has surged to 26%. Java 11 use remains steady at 57% (58% in 2021). This is a good indicator that enterprises closely follow the LTS releases.

Developers who wish to evaluate Jakarta EE 10 can leverage the article by Ivar Grimstad, Jakarta EE Developer Advocate, and his presentation at JavaZone 2022, read the specifications, and download the compatible products.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for September 19th, 2022 features news from OpenJDK, JDK 19, JDK 20, Amazon Corretto 19, BellSoft Liberica JDK 19, Jakarta EE 10, multiple Spring Framework updates, Quarkus 2.12.3, Payara Platform updates, Micronaut 3.7.0, GraalVM Native Build Tools 0.9.14, JobRunr 5.2.0, PrimeFaces point releases, Failsafe 3.3.0, Apache Groovy 3.0.13 and Apache Log4j2 2.19.0.

OpenJDK

JEP 430, String Templates (Preview), was promoted from its JEP Draft 8273943 to Candidate status. This preview JEP, under the auspices of Project Amber, proposes to enhance the Java programming language with string templates, string literals containing embedded expressions, that are interpreted at runtime where the embedded expressions are evaluated and verified.

JDK 19

Oracle has released version 19 of the Java programming language and virtual machine this past week, which ships with a final feature set of seven JEPs. More details may be found in this InfoQ news story.

Amazon Corretto

Amazon has released Amazon Corretto 19, their downstream distribution of OpenJDK 19, that is available on Linux, Windows, and macOS. Developers may download this latest version from this site.

Liberica JDK

Similarly, BellSoft has released LibericaJDK 19, their downstream distribution of JDK 19. Developers may download this latest version from this site.

JDK 20

Build 16 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 15 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 20, developers are encouraged to report bugs via the Java Bug Database.

Jakarta EE

The Jakarta EE Working Group has released Jakarta EE 10, the third major, and fourth overall, release since Oracle donated Java EE 8 to the Eclipse Foundation in 2017. This release provides new functionality in over 20 component specifications through version updates. Also new for Jakarta EE 10 is the Core profile that joins the existing Platform and Web profiles, all of which have compatible implementations. InfoQ will follow up with a more detailed news story.

Spring Framework

It was a very busy week for the Spring teams as they released point and milestone versions for a number of their projects along with publishing a common vulnerability and exposure (CVE).

The Spring Data REST team has published CVE-2022-31679, Potential Unintended Data Exposure for Resource Exposed by Spring Data REST, a vulnerability in which an attacker can craft HTTP requests that expose hidden entity attributes within applications that allow HTTP PATCH access to resources exposed by Spring Data REST.

Versions 2.7.4 and 2.6.12 of Spring Boot were made available to the Java community. Both versions support JDK 19 and feature numerous bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 5.3.23, Hibernate 5.6.11.Final, Netty 4.1.82.Final, Rector 2020.0.23, Groovy 3.0.13, Dropwizard Metrics 4.2.12 and Postgresql 42.3.7. More details on each release may be found in the release notes for version 2.7.4 and version 2.6.12.

On the road to Spring Boot 3.0, the fifth milestone release was made available with notable new features such as: improved Ahead-of-Time processing and native image support; improved sanitation of actuator endpoints; and a reinstatement of support for Eclipse Jersey after fixing an issue with the common-core module. Further details on this release may be found in the release notes.

Versions 2022.0.0-M6, 2021.2.3, and 2021.1.7 of Spring Data have been released that ship with bug fixes and dependency upgrades to the corresponding versions of Spring Data sub-projects such as: Spring Data REST, Spring Data JPA, Spring Data MongoDB, Spring Data for Apache Cassandra, Spring Data Neo4j and Spring Data KeyValue. These releases also include the fix to address the aforementioned CVE-2022-31679 vulnerability.

Versions 6.0.0-M7 and 5.8.0-M3 of Spring Security have been released. New features in version 6.0.0-M7 include: support for native-image in the @PreAuthorize annotation; a performance enhancement in the HttpSessionRequestCache class; and the removal of the FilterSecurityInterceptor class, now deprecated, from the WebSecurity class in favor of the AuthorizationFilter class. New features for version 5.8.0-M3 include: new interfaces for CSRF request processing; AspectJ support to the @EnableMethodSecurity annotation; and support for lazy reading of an implementation of the CsrfToken interface by the LazyCsrfTokenRepository class to complement the existing lazy saving of a token. It is worth noting that there are breaking changes for version 6.0.0-M7. More details on these releases may be found in the release notes for version 6.0.0-M7 and version 5.8.0-M3.

The second milestone release of Spring Cloud Dataflow 2.10.0 has been made available featuring dependency upgrades to Spring Boot 2.7.3, Spring Framework 5.3.22 and Spring Cloud 2021.0.3. Support for MySQL 5.7+, using the MariaDB JDBC driver, has been restored after it was briefly removed in Spring Cloud Dataflow 2.10.0-M1. Further details on this release may be found in the release notes.

Versions 5.0.0-M6 and 4.3.7 of Spring Batch have been released. Version 4.3.7 delivers bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 5.3.23; Spring Data 2.5.12; Spring Integration 5.5.15; and Spring Kafka 2.7.14. Version 5.0.0-M6 delivers new features such as: support for native-image in the AbstractJobRepositoryFactoryBean class; support to configure the transaction manager in the SimpleJobOperator and SimpleJobExplorer classes; and revisit the configuration of infrastructure beans with the @EnableBatchProcessing annotation. More details on these releases may be found in the release notes for version 5.0.0-M6 and version 4.3.7.

The second milestone release of Spring Authorization Server 1.0.0 merges enhancements from 0.4.x release train along with dependency upgrades to Spring Framework 6.0.0-M6, Spring Security 6.0.0-M7, mockito-core 4.8.0, jackson-bom 2.13.4 and nimbus-jose-jwt 9.24.4. Further details on this release may be found in the release notes.

The third milestone release of Spring Session 2022.0.0 has been made available that ships with updates to sub-projects: Spring Session Core 3.0.0-M4, Spring Session Data Redis 3.0.0-M4, Spring Session JDBC 3.0.0-M4, and Spring Session Hazelcast 3.0.0-M4.

Similarly, the second milestone release of Spring Authorization Server 0.4.0 ships with new features such as: the ability to add implementations of the AuthenticationProvider and AuthenticationConverter interfaces as an alternative to overriding default ones; and a check to verify that the client secret has not expired in ClientSecretAuthenticationProvider class. More details may be found in the release notes.

Versions 6.0.0-M5 and 5.5.15 of Spring Integration have been made available. Version 5.5.15 features critical bug fixes and resolutions to deprecations of upstream dependencies. Notable changes in version 6.0.0-M5 include: support for Spring AOT, GraphQL and Apache Camel; the removal of the Remote Method Invocation (RMI) module in favor of more secure protocols; a new PostgresSubscribableChannel class to rely on the native PostgreSQL push notifications; and a new ClientManager interface to allow sharing the same MQTT client for different channel adapters. Developers are encouraged to read this migration guide for breaking changes and more details.

Spring for Apache Pulsar 0.1.0-M1, an experimental Spring project, has been released featuring numerous bug fixes and improvements. This version is based on JDK 17, Spring Boot 3.0.0-M5 and Spring Framework 6.0.0-M5. Further details on this release may be found in the release notes.

Spring for GraphQL 1.0.2 has been released that ships with new features such as: support for the @Arguments annotation with Java’s Map interface; support for path variables for redirect to a GraphiQL path; and new introspect controller methods on startup to determine if they need validation. More details on this release may be found in the release notes.

The first milestone release of Spring for GraphQL 1.1 was made available featuring support for JDK 17, Jakarta EE, and a Spring Framework 6.0 baseline. There was also an upgrade to GraphQL Java 19.x, the Java implementation of GraphQL, and new Micrometer Context Propagation library that replaces their internally developed context propagation mechanism.

Quarkus

Quarkus 2.12.3.Final has been released featuring: a dependency upgrade to Hibernate Search 6.1.7.Final; fixes for the request context leak in the Funqy Knative runtime and the MongoDB driver failing a DNS Lookup; and properly support generic bounds for implementations of the ParamConverterProvider interface. Further details on this release may be found in the release notes.

Payara

Payara has released their September 2022 edition of the Payara Platform. Payara 6 Community Alpha 4 provides preview support for Jakarta EE 10 and includes 15 bug fixes, six component upgrades, three improvements and two security fixes. Payara is targeting a beta release for the Payara 6 Community edition to pass the Jakarta EE TCK. More details on this release may be found in the release notes.

Payara Enterprise 5.43.0 brings four bug fixes, a component upgrade to Eclipse Jersey 2.36, and an improvement to support an OpenID Connect token issuer field in Active Directory Federation Services (ADFS). Further details on this release may be found in the release notes.

Micronaut

The Micronaut Foundation has released Micronaut Framework 3.7.0 featuring improvements to numerous modules such as Micronaut for Spring, Micronaut Gradle Plugin, Micronaut GCP, Micronaut Test and Micronaut Reactor. This version also introduces two new modules, Micronaut CRaC and Micronaut Object Storage, to provide support for the Coordinated Restore at Checkpoint (CRaC) and a uniform API to create, read and delete objects within major cloud providers, respectively. More details on this release may be found in the release notes.

Oracle Labs

On the road to version 1.0, Oracle Labs has released version 0.9.14 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides improvements such as: argument files are now stored in the build directory of the Gradle Plugin and the target directory of the Maven Plugin to address the workaround for an absolute path issue on Windows with older versions of GraalVM; and adding a native:compile forking goal that can be initiated from the command line such as mvn native:compile. Further details on this release may be found in the changelog.

Oracle Labs has also provided a community roadmap for features in upcoming GraalVM releases planned for October 2022 and January 2023 along with features planned beyond that timeframe.

JobRunr

Ronald Dehuysser, founder and primary developer of JobRunr, a utility to perform background processing in Java, has released version 5.2.0 that deliver improvements such as: the recurring jobs dashboard is now paged; and the query that returns counters for the dashboard and metrics uses 2-10 times less CPU cycles. More details on this release may be found In the release notes.

PrimeFaces

PrimeFaces, a provider of open-source UI component libraries, has provided point releases of versions 7.0.29, 8.0.21, 10.0.16 and 11.0.8. New features and enhancements include: a new source attribute to Confirm component; an upgrade to Moment.js 2.29.4 that addresses CVE-2022-31129, a vulnerability in which users who pass user-provided strings without sanity length checks to the moment() constructor being vulnerable to regular expression denial of service (ReDoS) attacks; and adding an autoMonthFormat attribute to the DatePicker component.

Failsafe

Failsafe, a lightweight, zero-dependency library for handling failures in Java 8+, has released version 3.3.0 featuring API changes such as: the getStartTime() method defined in the ExecutionContext interface now returns an instance of type Instant rather than an instance of type Duration; and similarly, the getStartTime() defined in ExecutionEvent class now returns an instance of type Optional rather than an instance of type Duration. Also, the getFailure(), getLastFailure(), recordFailure() and similar methods for recording exceptions, deprecated in a previous version, were removed in this release. Developers should use the getException(), getLastException(), recordException() and similar methods. Further details on this release may be found in the changelog.

Apache Software Foundation

Apache Groovy 3.0.13 has been released featuring 44 bug fixes, improvements and a dependency upgrade to Spock 2.2. More details on this release may be found in the changelog.

Apache Log4j 2.19.0 has been released that ships with new features that add: support for SLF4J2 stack-valued MDC class; and an implementation of the SLF4J2 fluent API.

Article originally posted on InfoQ. Visit InfoQ

The latest release of Android Studio, dubbed Dolphin, improves Jetpack Compose screen previews, extends Wear OS support, and introduces Gradle Managed Virtual Devices to simplify test automation.

Jetpack Compose screen preview gets three new features: multipreview annotations, an animation inspector, and recomposition counts. Multipreview annotations aim to reduce boilerplate code through preview definitions that specify which devices to generate previews for, the fonts and themes to use, and so on. Annotations can then be reused to avoid copy-pasting the definitions themselves, as developers had to do until now. The following snippet shows how you can define a FontScalePreviews annotation and use it in a preview composable:

@Preview(
    name = "small font",
    group = "font scales",
    fontScale = 0.5f
)
@Preview(
    name = "large font",
    group = "font scales",
    fontScale = 1.5f
)
annotation class FontScalePreviews

...

@FontScalePreviews
@Composable
fun HelloWorldPreview() {
    Text("Hello World")
}

The animation preview inspector helps previewing and fine-tuning animations by allowing you to freeze an animation or run it frame-by-frame.

The Compose recomposition count, available in the Layout Inspector, shows how often a view is recomposed, that is re-rendered. This can help identify cases where too frequent recomposition may negatively impact performance.

Gradle Managed Virtual Devices is a new feature that aims to make it easier to manage and setup emulators using for testing. Instead of having to manually execute all required steps to provision an emulator for testing, you can now describe which virtual devices you want in your build.gradle file. The tool will then download the corresponding SDK, if necessary, provision and set up the emulator, and run your tests. This is how you can use this feature inside gradle.build:

android {
    managedDevices {
        devices {
            pixel2api30 (com.android.build.api.dsl.ManagedVirtualDevice) {
                device = "Pixel 2"
                apiLevel = 30
                systemImageSource = "google-atd"
            }
            ...
        }
    }
}

As mentioned, Wear OS support is also enhanced in Android Studio Dolphin. This includes a new Wear OS Emulator Pairing Assistant which helps managing and pairing multiple Wear OS devices; improved emulation toolbar which better aligns to physical devices and makes it possible to emulate palm gestures and tilting; and, better support for launching a Wear OS app into the exact state you expect it to be directly from the IDE.

As a final note, Android Studio Dolphin updates its compiler toolchain to IntelliJ 2021.3, which includes a number of improvements including better Kotlin debugging, improved suggestions, and remote coding support.

Android Studio Dolphin can be downloaded from Google Android website or installed directly from a previous version.

Article originally posted on Database Journal – Daily Database Management & Administration News and Tutorials. Visit Database Journal – Daily Database Management & Administration News and Tutorials

Structured Query Language – also known as SQL – is one of the most widely used programming languages in the world. Without a doubt, it is the most widely used language for querying relational database management systems (RDBMS) around the globe. As languages go, SQL is fairly straightforward to learn, with concise and clear-cut syntax and straightforward logic elements. As the de facto standard language for database queries, there is no shortage of learning resources for database programmers and database administrators to learn SQL. In this tutorial, we list the top online courses to learn SQL.

Online Courses to Learn SQL

Structure Query Language comes in many flavors – from straight SQL to derivatives like MySQL, Transactional SQL (also known as T-SQL), and PostgreSQL – to name but a few. These different flavors have their own rules and syntax and work with different database systems. Because of that, the courses listed in this database tutorial cover not just vanilla SQL, but MySQL, PostgreSQL, T-SQL, and MS SQL. The online courses are for database admins, database developers, and web developers who create database-driven web apps, and anyone who needs to programmatically (or manually) query relational tables.

MySQL and SQL for Beginners from TechRepublic Academy

The MySQL and SQL for Beginners database administration course from TechRepublic Academy starts off our list because it tackles two of the most powerful database technologies: the SQL language and the ever-popular MySQL database system. The course is 18 hours long and features 136 separate lectures, taught by expert software developer, John Purcell.

Students will learn basic SQL syntax and commands, including how to query, update, and manipulate information in MySQL databases. They will further learn how to configure and setup a MySQL relational database, including how to secure a database and create users. Additional database management principles like transactions, database isolation, triggers, views, and stored procedures will also be discussed.

Another great thing about this course is that it sets would-be database administrators and database programmers up to learn other relational database models and platforms, like advanced SQL, Oracle, and more. Further, it comes with a certificate of completion, which is a nice addition to your resume and LinkedIn profile.

You can learn more about this online MySQL and SQL course by visiting its TechRepublic Academy page: MySQL and SQL for Beginners.

Database Administration Super Bundle from TechRepublic Academy

The Database Administration Super Bundle is not simply a single online course, but, instead, a bundle of 9 separate – though interweaved – courses covering a plethora of SQL and database management topics through 468 individual lessons. It takes an estimated 85 hours to complete the bundle, which may sound daunting at first, but keep in mind that the courses are on-demand and you can take them at your leisure and whatever pacing you desire.

The bundle begins by showcasing NoSQL and how to use it to model data, build complicated and powerful web applications, and work with the MongoDB database system. NoSQL design, data aggregation, syntax, and general concepts will be taught. How to use Node.js and MongoDB, including installation and configuration, are also part of the course.

Course number two covers working with MySQL databases to create web applications. Basic database administration techniques and database structure are talked about. A walkthrough of MySQL tools is also included. From there, the bundle returns to MongoDB and the theory of constructing dynamic web apps. GridFS and the PHP and Python programming languages are also included. Database concepts like optimization, replication, and sharding are explored as well.

Part four of the database course bundle takes an 18 hour deep dive into enterprise data integration and data analytics with Informatica. Great detail about the usage and functions of Informatica is uncovered, as well as database architecture, ETL tools, database design, and workflows.

Part five is all about data visualization, using the powerful database tool Tableau. From there, part six curtails into Microsoft SQL Server administration. Part seven builds even further upon this branch of database administration, as students go from MS SQL novices to MS SQL “ninjas” and advanced users.

Finally, the last two courses in this bundle cover advanced database programming and administration topics including predictive modeling, regression models, database analytics, and database project management principles, including Six Sigma, lean, and other project management methodologies.

You can learn more or sign up for this online database course by visiting its listing on TechRepublic Academy: Database Administration Super Bundle.

The Microsoft SQL Server and T-SQL Course for Beginners

If you are looking to work in an organization that works in a Microsoft-related environment, the Microsoft SQL Server and T-SQL Course for Beginners might be right up your alley. The course is a gentle introduction to SQL and Microsoft SQL Server, weighing in at a light four hours for completion. It starts with an overview of common misconceptions about databases and the SQL language and then moves on to setting up SQL Server and SSMS. From there, pupils learn how data is stored in MS SQL and go over a variety of different, practical, and real-world SQL scenarios you might encounter.

Students taking this MS SQL online course will also learn Data Definition Language (DDL) commands, Data Manipulation Language (DML) commands, and Data Control Language (DCL) commands – all of which are used to manipulate data and table structures in RDBMS.

To learn more about this online database management course, visit its listing page on TechRepublic Academy: The Microsoft SQL Server and T-SQL Course for Beginners.

Article originally posted on InfoQ. Visit InfoQ

By identifying usage trends, you can proactively adjust load, scaling, and routing to better handle the load on particular parts of the globe when you know it will peak there, says Craig Risi. Data about how users interact with your application can be used to design future features that better mimic these patterns and ensure that new features have a better chance of solving real user problems and getting suitably adopted.

Risi will talk about using data to predict future usage at Agile Testing Days 2022. This conference will be held November 21-24 in Potsdam, Germany.

According to Risi, having data from actual usage patterns and understanding which paths in a website are used most often can help to determine the correct load requirements and decide on future work that should be developed based on what is important to your clients.

Another area of data to monitor is system errors and the issues raised by the users through the support teams, as Risi explains:

Having a look at system errors and then trying to understand them helps to prevent them from happening in the future. And as for issues that users experience, it’s a good way to understand potential modifications or defects that need to get addressed and then prioritize that in the development cycles to give a better user experience. Even if it’s a minor thing, if many users are complaining about it, then it’s worthwhile to change it. This has the added benefit of showing customers that you take their feedback seriously and they are more likely to keep using your applications as a result.

According to Risi, most software issues don’t just happen. There were events, whether it be user, data, security, or performance related that caused them to happen. Some of these might be odd anomalies and obvious errors that need to be fixed, but by understanding clients’ usage and overall system performance, and the events that lead up to performance and security issues, you will be able to both change your software to better support these needs and identify potential issues before they arise:

I have found this especially true of performance issues where you can monitor different aspects of system performance and very reliably identify when system performance is tracking towards bottleneck or failure and be able to prevent this from happening. Either by adjusting the load or fixing the issue immediately.

InfoQ interviewed Craig Risi about using data to increase user experience.

InfoQ: How do you use data to understand how the system behaves and how users experience it?

Craig Risi: We can track the actual performance of the underlying software and servers, depending on laid across different times of day and the year. Here you can measure actual response times of services, DB requests, and UI rendering. This is measured in conjunction with things like CPU and memory usage of the underlying VMs or servers to help identify how the application and code perform in certain conditions and identify where further optimization can be made while being able to correctly predict load requirements for the future.

This is not a removal of traditional performance testing, but is done in conjunction with it. Most performance and laid testing deals with expected usage are laid across specialized conditions and environments, which may not always be indicative of actual usage. So monitoring this gives a better idea of what is actually happening with the performance of the software and system and should help shape the future direction of performance testing, along with system optimization.

InfoQ: What benefits did you get from gathering and using data?

Risi: It taught me an awful lot about how users use our system, understanding what is important to the client, and also getting a better insight into how our different development teams work.

I was able to first adjust our development schedule to focus on things that mattered to our clients and would provide a better user experience.

And in understanding our issues and what is causing them, I was able to drive big organisational change in the way teams and the company operated which helped to improve our development processes, testing apps and prevent issues from occurring. This was especially effective in new teams which had yet to establish a good working pattern, but could leverage these learnings from other teams to prevent them from occurring in their own code.

Article originally posted on InfoQ. Visit InfoQ

Oracle has released version 19 of the Java programming language and virtual machine. The seven JEPs in this final feature set include:

The feature cadence for Java 19 is similar to that of the nine new features in JDK 18, but lower than the: 14 features in JDK 17; 17 features in JDK16; 14 features in JDK 15; and 16 features in JDK 14.

This release features JEPs that provide continued contribution toward Project Amber, Project Loom and Project Panama along with a new feature that ports the JDK to the Linux/RISC-V instruction set. We examine a few of these new features here. It is worth noting that there were no JEPs representing Project Valhalla in JDK 19.

Project Panama

JEP 424 and JEP 426 fall under the auspices of Project Panama, a project designed to improve and enrich interoperability between the JVM and well-defined “foreign,” i.e., non-Java, APIs that will most-likely include interfaces commonly used within C libraries.

JEP 424, Foreign Function & Memory API (Preview), introduces an API for Java applications to interoperate with code and data outside of the Java runtime by efficiently invoking foreign functions and by safely accessing foreign memory that is not managed by the JVM. This JEP evolves: JEP 419, Foreign Function & Memory API (Second Incubator), delivered in JDK 18; and JEP 412, Foreign Function & Memory API (Incubator), delivered in JDK 17; to incorporate improvements based on Java community feedback.

JEP 426, Vector API (Fourth Incubator), incorporates enhancements in response to feedback from the previous three rounds of incubation: JEP 417, Vector API (Third Incubator) (delivered in JDK 18), JEP 414, Vector API (Second Incubator) (delivered in JDK 17), and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. JEP 426 proposes to enhance the Vector API to load and store vectors to and from a MemorySegment as defined by JEP 424, Foreign Function & Memory API (Preview).

A working application on how to implement the Foreign Function & Memory API may be found in this GitHub repository by Carl Dea, senior developer advocate at Azul.

Project Loom

JEP 425 and JEP 428 fall under the auspices of Project Loom, a project designed to explore, incubate and deliver Java VM features and APIs built for the purpose of supporting easy-to-use, high-throughput lightweight concurrency and new programming models. This would be accomplished via virtual threads, delimited continuations and tail calls.

JEP 425, Virtual Threads (Preview), introduces virtual threads, lightweight threads that dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications, to the Java platform.

JEP 428, Structured Concurrency (Incubator), proposes to simplify multithreaded programming by introducing a library to treat multiple tasks running in different threads as a single unit of work. This can streamline error handling and cancellation, improve reliability, and enhance observability.

Working applications on how to implement the Virtual Threads and Structured Concurrency APIs may be found in: this GitHub repository by Nicolai Parlog, Java developer advocate at Oracle; and this GitHub repository by Bazlur Rahman, Senior Software Engineer at Contrast Security.

Project Amber

JEP 405 and JEP 427 fall under the auspices of Project Amber, a project designed to explore and incubate smaller Java language features to improve productivity.

JEP 405, Record Patterns (Preview), proposes to enhance the language with record patterns to deconstruct record values. Record patterns may be used in conjunction with type patterns to “enable a powerful, declarative, and composable form of data navigation and processing.” Type patterns were recently extended for use in switch case labels via JEP 406, Pattern Matching for switch (Preview) (delivered in JDK 17), and JEP 420, Pattern Matching for switch (Second Preview) (delivered in JDK 18).

JEP 427, Pattern Matching for switch (Third Preview), incorporates enhancements in response to feedback from the previous two rounds of preview: JEP 406, Pattern Matching for switch (Preview) (delivered in JDK 17), and JEP 420, Pattern Matching for switch (Second Preview) (delivered in JDK 18). Changes from JEP 420 include: guarded patterns are replaced with when clauses in switch blocks; and runtime semantics of a pattern switch are more closely aligned with legacy switch semantics when the value of the selector expression is null.

A working application on how to implement the Record Patterns and Pattern Matching for switch APIs may be found in this GitHub repository, java-19 folder, by Wesley Egberto, Java technical lead at Global Points.

JDK 20

No JEPs have been Targeted or Integrated for inclusion in JDK 20 at this time. However, based on recently submitted JEP drafts and JEP candidates, we have surmised which JEPs have the potential to be included in JDK 20 in this more detailed news story.

The formal release date for JDK 20 has not yet been announced, but it is expected to be delivered in mid-March 2023 as per the six-month release cadence. Developers can anticipate a feature freeze in mid-December 2022.

JDK 19 may now be downloaded from Oracle with binaries from other vendors expected to become available in the coming days.