Share this page!

Bruno Borges Profile picture
Twitter logo
15 Dec, 4 tweets, 2 min read
TIL #Log4j depends on some Java SE modules that IMO shouldn't.

- java.desktop
- java.management

IMO, all logging frameworks (core functionalities) should depend only on java.base and java.logging.

Anything else should be a separate extension/artifact.

#Java #OpenJDK
While 'java.naming' is also a dependency, #Log4j works fine without it.

It won't operate at all if java.desktop and java.management are missing.

Removing 'java.naming' module from a jlinked runtime is the ultimate protection against JNDI attacks in Java.
Of course, all this is understandable given these are logging frameworks that predate Java 9.

But as we think forward and evaluate new major versions and libraries, we should be mindful of using only what we need.
Feedback formally registered: issues.apache.org/jira/browse/LO…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Bruno Borges

Bruno Borges Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @brunoborges

Bruno Borges Profile picture
20 Nov
This week we helped a customer who was facing an issue with timezones.

Sit tight.

It's fun.

1/n
Customer reported that when they started using MS Build of OpenJDK, date/time data was being inserted with the wrong time. A close look showed that the timezone was GMT-0.

Weird. But not difficult to solve. Add the following to the Dockerfile:

ENV TZ "America/Sao_Paulo"

2/n
Now the date/time was *almost* correct: there was still a shift of one hour. Fuck you, Daylight Saving Time policies.

We checked IANA and it was up to date.

What was going on???

3/n
Read 10 tweets
Bruno Borges Profile picture
26 Feb
Our research of #Java on #Kubernetes is pointing us into looking at:

- ActiveProcessorCount
- Default GC
- Default Heap Sizing

Here are some facts: 1/n
ActiveProcessorCount currently matches cpu_quota: up to 1000m, 1 proc. 1001-2000m, 2 procs, and so on.

This sounds reasonable, but as we've learned, CFS control does not limit CPU count, only CPU time. Multiple native threads may execute in parallel, until the quota is reached.
JVM Ergonomics also selects G1GC by default only when the JVM sees more than 1792 MB of available memory, and 2 available processors (2000m+ in k8s). Otherwise it picks SerialGC.

Thus why so many devs force -XX:+UseG1GC in well constrained containers.
Read 10 tweets
Bruno Borges Profile picture
24 Feb
Not only #Java developers are deploying their microservices to #Kubernetes with 1 vCPU only (1000m), there may be multiple pods on the same nodes since podAntiAffinity is unlikely to be common practice when scaling, to get an even distribution.
So, instead of having a bigger pod (2000m-4000m) on a node, there are two or more 1000m pods on a node.

For web apps, I think this setup is very unlikely to be reasonable.
I hope I am wrong and that my lame knowledge of Kubernetes followed by my hate towards YAML is as bad as this hypothesis.
Read 5 tweets
Bruno Borges Profile picture
23 Jan 19
#Java's death will be due to SEO mess, lack of centralized docs, outdated tutorials & no one-stop-shop place to find it all

- go.java
- openjdk.java.net
- oracle.com/java
- java.oracle.com
- java.com
- docs.oracle.com/javase/
- go.java

This site was supposed to be the answer, but it only raises even more questions. The information here is mostly marketing-related, and has pointers to other online locations, outside go.java.

Potential: very high.
Reality: waste of TLD.
- openjdk.java.net

The Java source, no doubt. Yet, devs who want to just learn/code Java apps will only find binaries downloads. Nothing else serves the average Java software developer. "Developer's Guide" is for contributors.

Potential: high.
Reality: confusion.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @brunoborges has new unrolls!

Check out other threads from @brunoborges!

Read all threads by @brunoborges

:(