DEV Community: Zeki

Project Loom: New Java Virtual Threads

Zeki — Thu, 20 Jun 2024 12:23:52 +0000

Project Loom: New Java Virtual Threads
By using Java 21 lightweight threads, developers can create high-throughput concurrent applications with less code, easier maintenance, and improved observability.

For many years, the primary way to propose changes to the Java language and the JVM has been through documents called JDK Enhancement Proposals (JEPs). These documents follow a specific format and are submitted to the OpenJDK website.

While JEPs represent individual proposals, they are frequently adopted as groups of related enhancements that form what the Java team refers to as projects. These projects are named rather randomly, sometimes after things (Loom, where threads are turned into cloth) or places (Valhalla, the fabled hall of Norse mythology) or the technology itself (Lambda).

Project Loom’s main objective is to enhance the capabilities of Java for concurrent programming by offering two key features: efficient virtual threads and support for structured concurrency.

Java Platform Threads

Every Java program starts with a single thread, called the main thread. This thread is responsible for executing the code within the main method of your program.

Tasks are executed one after another. The program waits for each task to complete before moving on to the next. This can lead to a less responsive user experience if tasks take a long time (e.g., network requests)

Both asynchronous programming and multithreading are techniques used to achieve some level of concurrency in your code, but they work in fundamentally different ways:

Asynchronous Programming focuses on non-blocking execution of tasks. It initiates tasks without waiting for them to finish and allows the program to continue with other work. This doesn’t necessarily involve multiple threads. It can be implemented even in a single-threaded environment using mechanisms like callbacks and event loops.

While asynchronous programming offers advantages, it can also be challenging. Asynchronous calls disrupt the natural flow of execution, potentially requiring simple 20-line tasks to be split across multiple files and threads. This complexity can significantly increase development time and make it harder to understand the actual program behavior.

Multithreading focuses on concurrent execution of tasks. It creates multiple threads, each running its own instructions, allowing them to potentially execute at the same time (depending on available resources). involves multiple threads running concurrently and focuses on dividing and executing tasks truly in parallel.

While Java Virtual Machine (JVM) plays a crucial role in their creation, execution, and scheduling, Java threads are primarily managed by the underlying operating system’s scheduler.

As a result, Creating and managing threads introduces some overhead due to startup (around 1ms), memory overhead(2MB in stack memory), context switching between different threads when the OS scheduler switches execution. If a system spawns thousands of threads, we are speaking of significant slowdown here.

Multithreading offers potential performance benefits, it introduces additional complexity due to thread management and synchronization.

The question that arises is: how to get the simplicity of synchronous operations with the performance of asynchronous calls?

Why Virtual Threads?

Platform threads are expensive to create because the operating system needs a big chunk of memory just for each thread.

This is because the memory can’t be adjusted, and it all gets used up for the thread’s information and instructions. On top of that, whenever the system needs to switch between threads, it has to move all this memory around, which can be slow.

In addition to above, we have complexity that multiple threads can access and modify the same data (shared resources) simultaneously. This can lead to race conditions, where the outcome depends on unpredictable timing of thread execution.

To simplify things, the easiest way to handle multiple tasks at once in Java seems like assigning each task its own worker. This approach is called “one task per thread”.

However, using such an approach, we can easily reach the limit of the number of threads we can create.

As an example, let’s create a simple maven module in IntelliJ IDEA IDE, called PlatformThreads.

We create a class MyThread creating simple platform thread:

package org.example;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.time.Duration;

public class MyThread extends Thread {
   Logger logger = LoggerFactory.getLogger(MyThread.class);

   public void run(){
       logger.info("{} ", Thread.currentThread());
       try {
           Thread.sleep(Duration.ofSeconds(1L));
       } catch (InterruptedException e) {
           throw new RuntimeException(e);
       }
   }
}

In the Main class we have a method Create_10_000_Threads

package org.example;
public class Main {
   public static void main(String[] args) {
       Create_10_000_Threads();
   }
   private static void Create_10_000_Threads() {
       for (int i = 0; i < 10_000; i++) {
           MyThread myThread = new MyThread();
           myThread.start();
       }
   }
}

If we run this program, very quickly we get following console output:

[0.854s][warning][os,thread] Failed to start the native thread for java.lang.Thread "Thread-4063"
Exception in thread "main" java.lang.OutOfMemoryError: unable to create native thread: possibly out of memory or process/resource limits reached
    at java.base/java.lang.Thread.start0(Native Method)
    at java.base/java.lang.Thread.start(Thread.java:1526)
    at org.example.Main.Create_10_000_Threads(Main.java:9)
    at org.example.Main.main(Main.java:4)
[ERROR] Command execution failed.

This simple example shows how difficult it is to achieve “one task per thread” using traditional multithreading.

Java Virtual Threads

Enter Java Virtual Threads(JEP 425). Introduced in Java 17 with Project Loom, aim to reduce this overhead by being managed within the JVM itself, potentially offering better performance for certain scenarios.

Lets see for example how we can create virtual threads. We created a module in the same project named VirtualThreads.

MyThread class implementing Runnable interface:

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.time.Duration;
public class MyThread implements Runnable{
   Logger logger = LoggerFactory.getLogger(MyThread.class);
   @Override
   public void run() {
       logger.info("{} ", Thread.currentThread());
       try {
           Thread.sleep(Duration.ofSeconds(1L));
       } catch (InterruptedException e) {
           throw new RuntimeException(e);
       }
   }
}

In the main class we have a method that again creates 10 thousand threads, this time virtual ones.

package org.example;

public class Main {
   public static void main(String[] args) {

       Create_10_000_Threads();
   }

   private static void Create_10_000_Threads() {
       for (int i = 0; i < 10_000; i++) {
           Runnable runnable = new MyThread();
           Thread vThread = Thread.ofVirtual().start(runnable);
       }
   }
}

Creating a new virtual thread in Java is as simple as using the Thread.ofVirtual() factory method, passing an implementation of the Runnable interface that defines the code the thread will execute.

This time the program successfully executes with no error.

Unlike Platform Threads, Virtual Threads are created in Heap memory, and assigned to a Carrier Thread (Platform) only if there is work to be done.

              **Virtual threads Architecture**

This way we can create many virtual threads with very low memory footprint and at the same time ensure backward compatibility.

It’s important to note that Project Loom’s virtual threads are designed to be backward compatible with existing Java code. This means your existing threading code will continue to work seamlessly even if you choose to use virtual threads.

In traditional java threads, when a server was waiting for a request, the operating system was also waiting.

Since virtual threads are controlled by JVM and detached from the operation system, JVM is able to assign compute resources when virtual threads are waiting for response.

This significantly improves the efficiency of computing resource usage.

This new approach to concurrency is possible by introducing something called continuations and structured concurrency.

Continuation is a programming technique that allows a program to pause its execution at a specific point and later resume at the same point, carrying the necessary context.

The continuation object is used to restore the thread’s state, allowing it to pick up exactly where it left off without losing any information or progress

Structured concurrency(JEP 453) aims to provide a synchronous-style syntax for working with asynchronous tasks. This approach simplifies writing basic concurrent tasks, making them easier to understand and express for Java developers.

Structured concurrency simplifies managing concurrent tasks by treating groups of related tasks across different threads as a single unit. This approach makes error handling, cancellation, reliability, and observability all easier to manage.

Project Loom’s innovations hold promise for various applications. The potential for vastly improved thread efficiency and reduced resource needs when handling multiple tasks translates to significantly higher throughput for servers. This translates to better response times and improved performance, ultimately benefiting a wide range of existing and future Java applications.

Types of Computer Security Threats

Zeki — Sat, 15 Jun 2024 12:40:26 +0000

From mobile banking to online shopping, from healthcare systems to smart devices, software applications facilitate communication and enhance productivity.
However, this pervasive reliance on software also exposes individuals, businesses, and institutions to a myriad of security threats.

In this article, we delve into the intricate web of security threats that loom over software applications, exploring their nature, impact, and mitigation strategies.

Software security threats encompass a broad spectrum of malicious activities aimed at exploiting vulnerabilities in software applications.
These threats pose significant risks to the confidentiality, integrity, and availability of data and systems.
Understanding the various types of security threats is crucial for developers, businesses, and users to implement effective countermeasures and safeguard against potential breaches.

Malware

Malware, short for malicious software, represents one of the most pervasive and insidious threats to software applications.

viruses, self-replicating programs that spread from one device to another,
worms, viruses exploiting network vulnerabilities to spread,

trojans, disguised as legitimate software to trick you into installing them,
ransomware, Locks your files or system and demands a ransom payment to unlock them, and

spyware, stealing your personal information without your knowledge,
are among the diverse array of malware that can infiltrate systems, compromise data, and disrupt operations.

Phishing emails are one of the most prevalent methods of malware infiltration, attackers craft emails that appear to be from legitimate sources like banks, credit card companies, or even familiar people.
These emails typically urge you to click on malicious links or download infected attachments.
Once clicked, the links can download malware directly, or they might take you to a compromised website booby-trapped with malware.
Unsecured downloads, software vulnerabilities, visiting compromised websites are some other methods for infiltration.
By being aware of these methods and practicing safe computing habits, you can significantly reduce the risk of malware infecting your computer system.

With evolving techniques and distribution methods, malware continues to evolve, posing a persistent challenge to cybersecurity professionals worldwide.

Web Application Vulnerabilities

Web applications, with their ubiquitous presence and dynamic functionality, introduce unique security challenges.
SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and other vulnerabilities expose web applications to exploitation, data breaches, and unauthorized access.

SQL injection (SQLi) is a cyberattack that targets applications connected to databases. It exploits vulnerabilities in how the application handles user input. Attackers can inject malicious SQL code into forms, queries, or other data entry points to manipulate the database.
XSS, which stands for Cross-Site Scripting, is a type of security vulnerability exploited by attackers to inject malicious scripts into websites.
These scripts then run in the victim's web browser, potentially compromising their data or hijacking their session.

CSRF, also known as Cross-Site Request Forgery, is a web security vulnerability that allows attackers to trick users into performing unintended actions on a web application they're already authenticated to.
Imagine you're logged into your bank account (authenticated). An attacker tricks you into visiting a malicious website (crafted to trigger a CSRF attack).
In the background, without your knowledge or consent, this malicious website submits a request to your bank account (using your already authenticated session) - possibly a transfer request to the attacker's account!

Thes attacks exploit website vulnerabilities in the way it handles user input, such as data from comments sections, search bars, or user profiles. This flaw allows the attacker to inject malicious code without the website properly recognizing it.
The attacker also can insert malicious script disguised as regular user input into a vulnerable field on the website. This script could be written in JavaScript, HTML, or other languages that web browsers can understand.
When the victim visits the compromised webpage, their browser unknowingly executes the attacker's script. This can lead to various consequences depending on the attacker's goals.
As the primary interface for user interaction, securing web applications is paramount for protecting sensitive data and preserving user trust.

Network-Based Threats

Network-based threats, such as Denial of service (DoS) and distributed denial of service (DDoS) attacks, target the availability of software applications by overwhelming network resources with malicious traffic.
DDoS stands for Distributed Denial-of-Service. It's a cyberattack that aims to disrupt the normal traffic of a website, service, or network by overwhelming it with a flood of internet requests.
Imagine a traffic jam so severe that no regular traffic can reach its destination. That's what a DDoS attack attempts to do in the digital world.

There are various ways of execution:

Botnet Army, attackers build an army of compromised devices, often called a botnet. These devices can be personal computers, smartphones, or even Internet-of-Things (IoT) gadgets that have been unknowingly infected with malware, giving the attacker control.
Command and Control, attacker remotely controls the botnet, issuing commands to launch the attack.
Flooding the Target, each infected device in the botnet sends a massive amount of fake traffic requests to the target website or service. This can be pings, HTTP requests, or other types of traffic.

A man-in-the-middle (MITM) attack is a cyberattack where the attacker secretly inserts themselves into the communication between two parties, allowing them to eavesdrop on the conversation or even alter the messages being exchanged. It's like a hidden listener on a phone call, able to hear both sides and potentially tamper with what's being said.

The attacker positions themself between the victim and the legitimate website or service they are trying to communicate with.
This can be achieved through various methods like:
Unsecured Wi-Fi Networks, attackers can set up fake Wi-Fi hotspots that appear legitimate, tricking users into connecting. Once connected, the attacker can intercept traffic between the user's device and the internet.
DNS Spoofing, the attacker redirects the victim's traffic to a malicious website that impersonates the real one.
ARP Spoofing, in a local network, the attacker tricks other devices into believing their machine is the intended recipient, allowing them to intercept communication.

Insider Threats

Insider threats emanate from individuals within organizations who misuse their access privileges to compromise security. Whether through malicious intent, negligence, or coercion, insiders can steal sensitive data, sabotage systems, or facilitate external attacks.
Detecting and mitigating insider threats requires a combination of technical controls, policy enforcement, and employee education to safeguard against internal risks.
Turncoats: These individuals intentionally steal data, sabotage systems, or commit fraud for personal gain, revenge, or to benefit a competitor.
Disgruntled Employees: Employees who are unhappy with the company, facing termination, or have personal grievances might resort to malicious actions as a form of retaliation.
Careless Users: Employees who lack proper cybersecurity awareness or training might accidentally expose sensitive data through phishing attacks, weak passwords, or sharing information with unauthorized individuals.
Bypassing Security Controls: Intentionally or unintentionally circumventing security measures due to convenience or a lack of understanding about their importance.

These insiders can misuse their access intentionally (malicious) or unintentionally (negligent) to harm the organization.

Internet of Things (IoT)

The proliferation of Internet-connected devices in the IoT ecosystem introduces new avenues for security threats.
Insecure IoT devices, lacking robust authentication, encryption, and update mechanisms, are susceptible to exploitation by malicious actors.
Internet of Things (IoT) devices, while bringing convenience and automation to our lives, introduce new security challenges.
These devices are often vulnerable due to several factors:
Limited Resources: Many IoT devices are designed with low power consumption and minimal cost in mind. This often leads to limited processing power, memory, and storage which can restrict robust security features.
Pre-configured Software and Firmware: Manufacturers sometimes pre-install software and firmware with default settings or weak passwords, making them easy targets for attackers to exploit known vulnerabilities.
Neglecting Updates: Unlike traditional computers, IoT devices may not have easy-to-use update mechanisms or automatic update functionality. Users might neglect to install critical security patches, leaving devices vulnerable to new threats.
Insecure Communication Protocols: Some IoT devices rely on outdated or unencrypted communication protocols, allowing attackers to intercept or manipulate data transmissions.
Lack of Device Management: Organizations might struggle to keep track of all their IoT devices, making it difficult to enforce security policies, deploy updates, or monitor for suspicious activity.

Compromised IoT devices can not only jeopardize user privacy and safety but also pose broader risks to critical infrastructure and public safety. Securing the IoT requires collaboration among manufacturers, regulators, and consumers to establish baseline security standards and best practices.

Social Engineering

Despite advancements in cybersecurity awareness and education, social engineering remains a potent threat vector.
Social engineering is a deceptive technique used by attackers to manipulate individuals into divulging sensitive information, performing actions, or bypassing security measures. Unlike traditional hacking methods that rely on exploiting technical vulnerabilities, social engineering exploits human psychology and trust to achieve malicious objectives. It preys on emotions such as curiosity, fear, urgency, or greed to persuade targets to comply with the attacker's requests.
Phishing, pretexting, baiting, and other social engineering tactics prey on trust, curiosity, and ignorance to deceive users into divulging sensitive information or performing actions that compromise security.
Phishing is a technique when attackers send fraudulent emails, messages, or websites that mimic legitimate entities to trick recipients into disclosing personal information such as login credentials, credit card numbers, or account details.
Pretexting is creating a fabricated scenario or pretext to manipulate targets into providing information or performing actions. This may involve impersonating authority figures, such as IT support personnel or company executives, to gain trust and elicit sensitive information.

Attackers may impersonate trusted individuals or organizations, such as coworkers, IT staff, or service providers, to deceive targets into complying with their requests.

Attackers may offer enticing incentives, such as free downloads, prizes, or rewards, to lure targets into clicking on malicious links or downloading malware-infected files in a technique called baiting.
Social engineering attacks can have serious consequences, including data breaches, identity theft, financial loss, and reputational damage. To mitigate the risks of social engineering, organizations should invest in employee training and awareness programs to recognize and resist manipulation tactics. Additionally, implementing multi-factor authentication, establishing clear communication protocols, and maintaining a culture of skepticism can help defend against social engineering attacks.

Emerging Threats

Emerging threats, such as zero-day exploits and advanced persistent threats (APTs), exploit unknown vulnerabilities to evade detection and bypass traditional security measures.
Zero-day exploits, also written as 0-day exploits, are a serious cybersecurity threat. They exploit vulnerabilities in software, hardware, or firmware that are unknown to the vendor or developer. This means there's no patch or security fix available yet, leaving systems vulnerable until a solution is developed.
Advanced persistent threats (APTs) are sophisticated cyberattacks unlike your typical hit-and-run malware infections. APT actors are well-funded and highly skilled groups (often state-sponsored) who target specific organizations for long-term strategic goals, such as stealing intellectual property, disrupting operations, or conducting espionage.
A proactive approach to threat intelligence, vulnerability management, and patching is essential for mitigating emerging security risks.

Conclusion

In conclusion, the landscape of security threats to software applications is dynamic, multifaceted, and constantly evolving. From traditional malware to emerging zero-day exploits, the breadth and complexity of security challenges demand vigilance, collaboration, and innovation.
By adopting a holistic approach to cybersecurity, integrating robust technical controls, proactive threat intelligence, and user awareness, organizations can mitigate risks and fortify their defenses against evolving threats. Ultimately, safeguarding software applications is not merely a technological endeavor but a shared responsibility to protect digital assets, preserve trust, and uphold the integrity of the interconnected world we inhabit.

How to secure your mobile device?

Zeki — Thu, 23 May 2024 11:30:53 +0000

Our mobile devices have become an indispensable part of our lives. From communication and entertainment to banking and work tasks, these pocket-sized powerhouses hold a wealth of personal information.

However, this convenience comes with a cost — the vulnerability of our data to cyberattacks.

Actions can be taken to fortify the security of our mobile devices and those actions can be divided into three broad categories: various actions to make our device more immune to attacks, protect our data, and be mindful when online.

Fortify the Defense of your Device:

Lock it down:
Opt for longer, complex passwords or PINs with a mix of uppercase and lowercase letters, numbers, and symbols, fingerprint, or facial recognition to secure your device’s lock screen.

This prevents unauthorized access to your data and apps.

Keep software updated:
Regularly update your operating system and app software to patch vulnerabilities and security holes. Outdated software is more susceptible to attacks.

Consider a mobile security app:
These apps scan your device for malicious software (malware) like viruses, spyware, and ransomware. They can quarantine or remove threats detected on your device.

Anti theft features help you locate, lock, or wipe your device remotely in case of loss or theft. Some apps can even trigger an alarm on your missing device.

Certain mobile security apps offer secure web browsing capabilities. This can involve features like blocking malicious websites, preventing phishing attempts, and protecting your online privacy.

Some apps monitor for data breaches that might expose your login credentials leaked from other online services. They can alert you if your information is compromised.

Security apps can offer additional features like malware scanning, anti-theft protection, and secure browsing.

By using a reputable app alongside other security practices like strong passwords and keeping your software updated, you can significantly improve your mobile device’s security posture.

Be cautious with downloads:
Only download apps from trusted sources like official app stores (Google Play Store, Apple App Store).

Avoid downloading apps from untrusted third-party app stores or websites. These sources may harbor malware-laden apps disguised as legitimate ones.

Take time to read the app description to understand its purpose and functionalities. Look for reviews from other users to gauge the app’s legitimacy and user experience. Negative reviews mentioning security concerns or suspicious behavior are red flags.

Before downloading an app, pay close attention to the permissions it requests. Does a photo editing app need access to your location or microphone? If an app requests permissions that seem unrelated to its core functionality, be cautious. Only grant permissions genuinely necessary for the app to work.

Generally, apps with fewer permission requests pose a lower security risk.

Protect your Data:

Turn off file sharing:
Bluetooth file sharing and Wi-Fi Direct features allow file sharing between devices in close proximity.

However, leaving them enabled creates open doors for unauthorized access, especially on unsecure public Wi-Fi networks. Disable them when not actively sharing files.

Before sharing any file, ask yourself if the information it contains is sensitive. Financial documents, personal photos, or confidential work documents require extra caution.

Limit file sharing to trusted individuals or recipients. Avoid sharing files with people you don’t know well or on unreliable platforms.

Encrypt your data:
Consider encrypting your device’s storage if your device offers this option. Encryption scrambles your data, making it unreadable if stolen.

While full-device encryption is ideal, some mobile devices might not offer it, or you might only want to encrypt specific files for additional protection.

Several third-party apps offer file encryption functionalities. These apps allow you to create password-protected vaults for your sensitive files.

Research reputable apps with good reviews before installing them.

Beware of phishing scams:
Don’t click on suspicious links or attachments in text messages or emails. These scams can be used to steal your personal information or infect your device with malware.

Phishing messages often contain links or attachments that appear legitimate but can lead to malicious websites or download malware. Be wary of clicking on anything in unsolicited messages, even if they seem to come from familiar sources like banks or social media platforms.

Use strong passwords and enable two-factor authentication (2FA):
This adds an extra layer of security by requiring a second verification code when logging into accounts. Avoid using the same password for multiple accounts.

Online Vigilance:

Use secure Wi-Fi
Avoid using public Wi-Fi networks for sensitive activities like online banking or entering passwords. If you must use public Wi-Fi, consider using a VPN (Virtual Private Network) to encrypt your internet traffic.

Review privacy settings
Review and adjust privacy settings for your apps and social media accounts. Limit the amount of information shared publicly and be mindful of the permissions granted to apps.

Backup your data:
Regularly back up your data to a secure cloud storage service or an external hard drive. This ensures you don’t lose your important information if your device is lost, stolen, or damaged.

Be mindful of what you share:
Think before you share anything online, especially sensitive information. Once something is online, it can be difficult to completely erase it.

Bonus Security Tips:

Enable “Find My Device” (Android) or “Find My iPhone” (Apple) to locate your lost or stolen device remotely, and even erase data if necessary.
Disable autofill features for usernames and passwords on browsers and apps. This reduces the risk of someone else accessing your login credentials.
Review downloaded permissions: When downloading a new app, scrutinize the permissions it requests. Only grant access to features the app genuinely needs to function.
By understanding the risks and adopting responsible practices, we can transform our mobile devices from potential vulnerabilities into secure fortresses in the digital age.

Transformation of Privacy in the Digital Age

Zeki — Thu, 23 May 2024 11:17:33 +0000

Privacy, once a concept centered around physical space and control over personal information, has undergone a dramatic transformation in the digital age.

Historically, privacy was primarily concerned with protecting physical space and belongings. This included the right to be free from unwarranted physical intrusion, the ability to control who has access to our physical possessions, and the expectation of privacy in our homes and personal communications (like sealed letters).

The digital age has revolutionized communication, access to information, and the way we conduct business and socialize.

Yet, this interconnectedness comes at a cost — gradual chipping away of our privacy.

Our personal data, from social media interactions to geolocation information, creates a digital footprint, and is constantly being collected, analyzed, and used in ways that were unimaginable in the pre-digital era.

The digital age transforms our lives, improves our communication, accelerates technology development and has many other positive effects.

All these positive effects taken into account, we need to strike a balance between privacy protection and technological advancements.

This article delves into the intricate relationship between privacy and technology in the digital age, exploring the challenges we face, potential solutions, and the need for a nuanced approach to navigate this ever-evolving landscape.

Dataveillance

Being a portmanteau of data and surveillance, dataveillance refers to the monitoring and collection of our personal data through our online activities and interactions. It’s essentially a form of surveillance that happens in the digital world, as opposed to traditional physical surveillance methods.

Every online interaction we have — from browsing history to emails — leaves a digital trail. This data is collected by a vast network of actors, including social media giants, search engines, online retailers, and even governments.

The lack of transparency surrounding these practices creates a pervasive sense of unease.

Dataveillance can be useful for collecting and verifying data in ways that are beneficial. For instance, personal dataveillance can be utilized by financial institutions to track fraudulent purchases on credit card accounts

While it offers potential benefits for personalization and analytics, it also raises significant concerns about privacy and security.

By understanding how dataveillance works and the potential risks involved, we can make informed choices about our online activities and advocate for stronger data protection measures.

Commoditization of data

A key component of the digital economy is the commoditization of data.

A valuable asset that is bought and sold to produce targeted advertising revenue is personal information.

Our personal data is being utilized to forecast and affect our desires, creating a culture of surveillance capitalism and a constant sense of being watched and monitored.

We commonly refer to the continuous flow of data produced by our internet activities as “datafication.” This data can provide a comprehensive picture of our lives by containing anything from purchase records to location data.

Companies and governments can now more easily than ever keep an eye on our online activities thanks to cookies, browser fingerprinting, and other tracking technology. This presents questions regarding the possibility of abuse and deception.

Although data commodification has drawbacks, it might also have some advantages.

Users can receive more relevant advertisements by using data. Businesses (reaching a better targeted audience) and consumers (seeing adverts for things they might actually be interested in) can both benefit from this.

Online experiences can be made more personalized by using data, which can be used to customize search results, news feeds, and product recommendations on shopping websites. Online conversations may become more productive and pleasurable as a result.

Innovation and the creation of new goods and services can result from data analysis. For instance, examining user data from fitness trackers might help develop more individualized workout regimens and wellness guidelines.

Data can be used for research and development in various fields, leading to breakthroughs in healthcare, education, and other sectors.

Shifting Expectations

Social media platforms and online services thrive on user data.

While users often seek convenient and personalized online experiences, these conveniences often come at the cost of reduced privacy.

Unfortunately, many platforms capitalize on a culture of oversharing, blurring the lines between public and private spheres. This makes it increasingly difficult for individuals to maintain a sense of personal privacy — especially for younger generations who have grown up in a hyper-connected world.

In today’s digital world, having a strong online presence is often seen as advantageous. This can create pressure to curate a public persona and share personal information to build a following or establish credibility.

In the digital realm, privacy encompasses a broad spectrum. It includes control over our personal information, the right to be forgotten, the ability to exist online anonymously, and the right to dictate how our online personas are portrayed.

Constant surveillance and data collection can have a chilling effect on free speech and self-expression, as individuals fear judgment or ostracization for their online activities. Additionally, data breaches and identity theft pose a growing threat, exposing us to financial loss and emotional distress.

While existing anonymously is seen as a fundamental human right, it can also pose significant dangers.

Anonymity can embolden individuals to engage in cyberbullying, harassment, and online abuse. They may feel less accountable for their actions and be more likely to target others with offensive or threatening messages.

It can make it easier to spread misinformation and hate speech online without facing consequences. It allows individuals to hide behind fake profiles, making it difficult to track down the source of the information.

The ability to operate anonymously online can facilitate criminal activity such as online fraud, hacking, and identity theft. Criminals can hide their identities and evade detection more easily.

Taking control

However, there is no need to resign ourselves to a dystopian future devoid of privacy. Fortunately, there are steps we can take to reclaim some control over our digital footprints.

One approach is to be more mindful of the information we share online. This includes reviewing privacy settings on social media platforms and other online services, limiting what information is publicly visible, and using privacy-focused tools like browser extensions that block tracking cookies.

Security hygiene is also crucial. We can protect ourselves by using strong, unique passwords and enabling two-factor authentication to add an extra layer of security to our accounts.

Additionally, being cautious about what information we share on public Wi-Fi networks and refraining from downloading files from untrusted sources can significantly reduce our risk of exposure to malware or data breaches.

Supporting legislation that promotes data privacy rights and empowers individuals to control their information is essential. The European Union’s General Data Protection Regulation (GDPR) is a prime example, granting individuals the right to access, rectify, or erase their personal data.

Advocating for similar regulations in other parts of the world can provide users with a much-needed legal framework to protect their privacy in the digital age.

Technology companies also have a responsibility to be more transparent about their data collection practices and provide users with meaningful control over their information.

Privacy-focused features, such as the ability to easily delete data or opt out of targeted advertising, should be readily available and user-friendly. Additionally, investing in robust security measures and adhering to ethical data practices can build trust and foster a more responsible data ecosystem.

The Future of Privacy

Data protection regulations like the EU’s GDPR are a step towards empowering individuals to control their data. These regulations are likely to evolve and shape the way online platforms handle user privacy in the future.

Technologies like blockchain and secure enclaves are being developed to give users more control over their data. These technologies have the potential to reshape the way personal information is stored and accessed in the digital world.

The transformation of privacy in the digital age is an ongoing process. As technology continues to evolve, we need to find ways to balance innovation with the right to privacy. This requires collaboration between individuals, policymakers, and technology companies to create a digital ecosystem that respects our right to control our personal information.

Finding a balance between innovation and privacy is critical.

We must strive for a digital future where advancements in technology coexist with a healthy respect for personal privacy. This can be achieved through a multi-pronged approach involving individual vigilance, robust legal frameworks, and ethical corporate practices.

Ultimately, safeguarding privacy in the digital age requires ongoing dialogue and collaboration between policymakers, technology companies, and users themselves.

We must recognize that privacy is not a luxury, but a fundamental human right that needs to be protected in the digital realm.

Understanding Java: Pass by Value vs. Pass by Reference

Zeki — Sun, 19 May 2024 20:50:35 +0000

In the realm of Java programming, the debate surrounding whether Java is pass-by-reference or pass-by-value often sparks confusion among developers.

At first glance, it might seem straightforward, but delving deeper reveals nuances that can reshape one’s understanding of how Java handles data passing. In this article, we’ll unravel the intricacies of Java’s pass-by-reference and pass-by-value mechanisms, exploring what they mean, how they function in Java, and the implications they carry for writing robust and efficient code.

Java Value Types

Value types represent data that is stored directly in memory. When you declare a variable of a value type, the variable contains the actual data itself, not a reference to the data stored elsewhere in memory. Java’s primitive data types, such as int, double, char, boolean, etc., are examples of value types.

value types are:

Stored Directly: The actual value is stored directly in memory.
Fast Access: Accessing and manipulating value types is typically faster because the data is stored inline with the variable.
Immutable: Primitive types in Java are immutable, meaning their values cannot be changed once they are assigned.
Pass by Value: When passed as arguments to methods, copies of the value are passed, rather than references.

Java Reference Types

Reference types, on the other hand, represent data that is stored elsewhere in memory, and variables of reference types hold references (memory addresses) to that data. Reference types include objects, arrays, and instances of classes.

Characteristics of Reference Types:

Stored Indirectly: Variables store references to the data, not the data itself.
Slower Access: Accessing and manipulating reference types typically involves an extra level of indirection, which can be slower than accessing value types directly.
Mutable: Objects and arrays are mutable, meaning their contents can be changed after creation.
Pass by Value (of Reference): When passed as arguments to methods, copies of the reference (memory address) are passed, not the actual object.
Demystifying Pass-by-Value
In Java, it’s important to understand that primitive types (such as int, double, char, etc.) are passed by value, meaning a copy of the value is passed to the method. However, when it comes to objects, what’s passed by value is the reference to the object, not the object itself.

This can sometimes lead to confusion, as it might appear that objects are passed by reference. However, in reality, Java strictly passes references by value.

Let’s start by clarifying the concept of pass-by-value. In Java, when you pass a variable to a method, you’re not passing the actual object itself.

Instead, you’re passing a copy of the value of the variable. This means that any modifications made to the parameter inside the method do not affect the original variable outside the method’s scope.

Consider the following snippet:

`public class Main {

public static void main(String[] args) {

    int x = 10;

    modifyValue(x);

    System.out.println(x); // Output: 10

}

public static void modifyValue(int num) {

    num = 20;

}

In above example, even though the value of x is modified within the modifyValue method, it doesn’t alter the original value of x outside the method.

This behavior exemplifies the pass-by-value nature of primitive types in Java.

In the following example, a StringBuilder object sb is created in the main method and passed to the manipulateStringBuilder method.

However, what’s passed to the method is the reference to the StringBuilder object, not the object itself.

This reference is passed by value, meaning a copy of the reference is made and passed to the method. Inside the manipulateStringBuilder method, modifications are made to the same StringBuilder object that sb references, and these modifications are reflected outside the method.

public class Main {

public static void main(String[] args) {

    StringBuilder sb = new StringBuilder("Hello");

    manipulateStringBuilder(sb);

    System.out.println(sb); // Output: Hello World

}

public static void manipulateStringBuilder(StringBuilder builder) {

    builder.append(" World");

}

}
Above example demonstrates the pass-by-value nature of object references in Java.

Navigating Pass-by-Reference Illusion
Now, let’s address the common misconception of Java being pass-by-reference.

While it’s true that when you pass an object to a method, you’re passing a reference to that object, it’s crucial to understand that this reference itself is passed by value.

Consider the following scenario involving an object:

public class Main {

public static void main(String[] args) {

    StringBuilder sb = new StringBuilder("Hello");

    manipulateStringBuilder(sb);

    System.out.println(sb); // Output: Hello World

}

public static void manipulateStringBuilder(StringBuilder builder) {

    builder.append(" World");

}

}
Here, manipulateStringBuilder receives a copy of the reference to the StringBuilder object sb. Any modifications made to the object through this reference are reflected outside the method.

However, if the method were to assign a new object to the parameter, it wouldn’t affect the original object.

public class Main {

public static void main(String[] args) {

    StringBuilder sb = new StringBuilder("Hello");

    manipulateStringBuilder(sb);

    System.out.println(sb); // Output: Hello

}

public static void manipulateStringBuilder(StringBuilder builder) {

    builder = new StringBuilder("New StringBuilder");

}

}
In this scenario, reassigning builder to a new StringBuilder object doesn’t alter the original object sb.

This behavior aligns with Java’s pass-by-value principle, where only the value of the reference is copied and passed, not the object itself.

How to Pass by Reference in Java?

If you want to modify the reference itself, such as assigning a new object to it, you can’t achieve this using standard Java mechanisms.

Java strictly passes references by value, so reassigning the reference inside a method does not affect the original reference outside the method.

To achieve a behavior closer to pass by reference, you can wrap the object inside a container object (like an array or a single-element array) or use Java’s AtomicReference class.

import java.util.concurrent.atomic.AtomicReference;

public class Main {

public static void main(String[] args) {

    AtomicReference<StringBuilder> atomicSb = new AtomicReference<>(new StringBuilder("Hello"));

    // Pass the AtomicReference to a method

    manipulateStringBuilder(atomicSb);

    // Get the modified StringBuilder

    StringBuilder sb = atomicSb.get();

    System.out.println(sb); // Output: Hello World

}

public static void manipulateStringBuilder(AtomicReference<StringBuilder> atomicSb) {

    // Retrieve the StringBuilder from the AtomicReference

    StringBuilder sb = atomicSb.get();

    // Modify the StringBuilder

    sb.append(" World");

    // Update the AtomicReference with the modified StringBuilder

    atomicSb.set(sb);

}

}
In the above example, an AtomicReference object atomicSb is created with an initial value of a StringBuilder containing “Hello”.

The manipulateStringBuilder method is then called, passing atomicSb as an argument. Inside the method, the StringBuilder object is retrieved from the AtomicReference, modified by appending ” World” to it, and then set back into the AtomicReference.

These approaches often introduce complexity and are not commonly used in everyday Java programming. In most cases, leveraging Java’s pass-by-value semantics and manipulating object state through references suffices for achieving the desired behavior.

Implications for Java Development
Understanding the nuances of pass-by-value and pass-by-reference in Java is crucial for writing efficient and bug-free code.

Here are some implications to consider:

Immutable Objects: Immutable objects, such as Strings, behave differently when passed to methods. Since their values cannot be changed, any modifications result in a new object being created. This behavior aligns perfectly with Java’s pass-by-value mechanism.
Mutable Objects: When dealing with mutable objects, developers must be mindful of unintended side effects. Since modifications to mutable objects within methods affect the original objects, it’s essential to document and manage such changes carefully to maintain code clarity and predictability.
Performance Considerations: Java’s pass-by-value approach can have performance implications, especially when dealing with large objects. Passing objects by value means that copies of the reference are made, but the underlying object remains unchanged. This can lead to increased memory consumption and potential performance overhead, particularly in scenarios involving frequent method calls with large objects.
Functional Programming Paradigm: In functional programming, immutability is a key concept. Java’s pass-by-value nature aligns well with this paradigm, as it discourages in-place modifications and encourages a more functional style of programming, where objects are treated as immutable entities.

Conclusion

In conclusion, while the debate over whether Java is pass-by-reference or pass-by-value may seem trivial at first, understanding the nuances of these mechanisms is crucial for writing robust and efficient code.

Java’s pass-by-value approach, where copies of variable values are passed to methods, ensures predictability and clarity in code behavior.

The reference nature of objects can sometimes lead to confusion, emphasizing the importance of grasping the distinction between passing by value and passing by reference. By embracing these concepts and their implications, developers can leverage Java’s strengths to write cleaner, more maintainable code that stands the test of time.

What are your thoughts for this debate? you can write in the comments below.

Previously published On My Blog where you can find more articles about Java and Spring Framework

For more in-depth discussions follow me on:

Spring Security with Oauth 2.0

Zeki — Wed, 15 May 2024 15:41:35 +0000

Spring Security, a popular security framework for Java applications, integrates seamlessly with OAuth 2.0, an industry-standard authorization protocol. This combination empowers developers to implement secure and user-friendly login experiences in their web applications.

What is Oauth 2.0?

OAuth 2.0 is an authorization framework that enables third-party applications to access a user’s resources without divulging the user’s credentials.

It provides a standardized way for users to grant limited access to their resources stored on one site (the resource server) to another site (the client application), without sharing their credentials.

OAuth 2.0 works by facilitating the exchange of tokens between the client application, the resource server, and an authorization server.

The main components of OAuth 2.0 are:

Resource Owner: The user who owns the resources being accessed. For example, a user’s photos on a photo-sharing website.
Client: The application that wants to access the user’s resources. This could be a web application, mobile app, or desktop application.
Resource Server: The server hosting the user’s resources. It verifies and provides access to the requested resources based on the tokens provided by the client.
Authorization Server: The server responsible for authenticating the user and issuing access tokens to the client after the user grants consent.
OAuth 2.0 operates using different grant types(permissions), each suited for specific use cases, including:

Authorization Code Grant: Suitable for web applications where the client can securely store a client secret.
Implicit Grant: Designed for client-side applications, such as JavaScript apps running in a web browser.
Client Credentials Grant: Used when the client application is the resource owner and doesn’t need user consent.
Resource Owner Password Credentials Grant: Allows the client to authenticate with the resource owner’s credentials directly.
OAuth 2.0 is widely adopted across various platforms and services, including social media platforms, cloud services, and APIs, enabling secure and controlled access to user data while maintaining user privacy and security.

Oauth 2.0 Practical Example

Imagine you’re building a fitness app that wants to access a user’s workout data stored on a separate fitness tracker platform.

User Initiates Login: The user wants to connect your fitness app to their fitness tracker account. They click a “Connect with Fitness Tracker” button within your app.
Authorization Request: The authorization server displays a login page to the user. Once the user logs in successfully, the server presents a consent screen asking the user if they want to grant your app access to their workout data.
User Grants Consent: If the user agrees, they click “Allow” on the consent screen. This indicates their approval for your app to access their data.
Authorization Code Issued: Upon user consent, the authorization server generates a unique authorization code and redirects the user’s browser back to your app. This code is like a temporary key that your app can exchange for an access token.
Token Request to Token Endpoint: Your app sends a request to the fitness tracker platform’s token endpoint.
Access Token Granted: The token endpoint verifies the authorization code and your app’s credentials. If everything is valid, it generates an access token and (optionally) a refresh token and sends them back to your app.
Request Resources: Your app stores the access token securely and uses it to make API calls to the fitness tracker platform to retrieve the user’s workout data.
Token Validated: Resource Server validate access token again Auth. Server.
Resources Returned: With the access token, your app can now access the user’s workout data from the fitness tracker platform and display it within your app.

Spring Security

Spring Security is a powerful and customizable authentication and access control framework for Java applications, particularly those built using the Spring Framework.

It provides comprehensive security features to address authentication, authorization, session management, and protection against common security threats.

The main requirement to run Spring Security is a Java 8 or higher Runtime Environment (JRE). Spring Security is designed to be self-contained within your application, so you don’t need any additional configuration on the JRE itself.

Spring Security utilizes a filter chain, a series of filters, to intercept and process incoming HTTP requests in a web application.

This chain acts like a security assembly line, with each filter performing a specific task related to authentication and authorization.

The AuthenticationManager serves as the heart of authentication in Spring Security. It acts as a central coordinator, delegating the verification process to specific providers while maintaining a clean separation of concerns. This approach offers flexibility and simplifies managing authentication logic within your secure Spring applications.

UserDetailsService is a core interface that acts as the bridge between your application and the source of user authentication information. It’s responsible for loading a user’s details (username, password, authorities) when presented with a username during the authentication process

Spring Security Context, in the context of Spring Security, is a fundamental component that holds information about the currently authenticated user. It acts like a temporary storage unit for security details specific to the current thread or request.

Authentication
Spring Security provides comprehensive support for authentication. Authentication refers to the process of verifying someone’s claimed identity. Spring Security offers robust support for various authentication mechanisms, including form-based authentication, HTTP basic authentication, OAuth, OpenID, and more.

It integrates seamlessly with user databases, LDAP servers, and third-party authentication providers.

Authorization
Spring Security provides comprehensive support for authorization. Authorization is determining who is allowed to access a particular resource. With Spring Security, you can define fine-grained access control rules to restrict or permit access to different parts of your application based on roles, privileges, or other criteria.

It supports role-based access control (RBAC), expression-based access control, and method-level security.

Session Management
Spring Security provides features for managing user sessions securely, including session fixation protection, session concurrency control, and session timeout handling. It ensures that sessions are managed securely to prevent session-related attacks.

Security Threats Protection
Spring Security includes built-in protection against common security vulnerabilities, such as cross-site request forgery (CSRF), cross-site scripting (XSS), clickjacking, and session fixation attacks. It helps developers build applications that are resilient to security threats.

Spring Framework Integration
Spring Security seamlessly integrates with other components of the Spring ecosystem, such as Spring MVC, Spring Boot, and Spring Data. This integration simplifies the implementation of security features and enables developers to leverage the power of both Spring Security and other Spring modules.

Customization
Spring Security is highly customizable and extensible, allowing developers to tailor security configurations to meet the specific requirements of their applications. It provides extension points for integrating custom authentication providers, access decision voters, and security filters.

Overall, Spring Security is a comprehensive and flexible security framework that empowers developers to build secure, resilient, and compliant Java applications with ease. Whether you’re developing a web application, a RESTful API, or a microservices architecture, Spring Security provides the necessary tools and capabilities to ensure the security of your application and protect your users’ data.

Spring Boot Oauth 2.0 Google Login

In this section, we’ll create a minimal application that uses Google for authentication. Spring Boot’s auto configuration capabilities significantly simplify this step.

Setup the Project
Visit start.spring.io to create a new Spring Boot project.
Select Maven as your build tool and Java as your language.
Name your project, like Google Login.
Choose JDK 21 (or the latest available).
Add dependencies: web and oauth2-client. Spring Security will be added as a transitive dependency.
Generate and download the project. This will provide a zip file.
To make the application secure, you can simply add Spring Security as a dependency. Since you’re wanting to do a “social” login (delegate to Google), you include the Spring Security OAuth 2.0 Client starter.

Create google oauth credentials
Firstly, follow this Google Help to create Google OAuth Client ID in order to get the access keys of Google single sign on API (Client ID and Client Secret).

Provide a descriptive name and a brief explanation of what your app does.

Enter the URL of your application’s main page (e.g., http://localhost:8080 in this example).

Redirect URL is where users will be redirected after logging in with Google. Enter the specific path for your application’s login callback, for example, http://localhost:8080/login/oauth2/code/google.

This URL is a handshake between your app and Google. After users log in with Google credentials, they’ll be sent back to this specific URL within your application to confirm their login and grant access.

Then, to make the link to Google, add the following to your application.yml:

spring: security: oauth2: client: registration: google: clientId: google-client-id clientSecret: google-client-secret scope: - email - profile

Simply use the OAuth 2.0 credentials you created in previous step, replacing google-client-id with the client id and google-client-secret with the client secret.

Save the changes you made to your app and restart your application.

Now, when you visit your app’s home page at http://localhost:8080, you should see a login screen for Google account.

Go through the Google login process, granting any permissions your app needs.

After successfully logging in, you’ll be automatically directed back to your app’s home page, and you should be logged in!

How Does it Work?

Following the OAuth 2.0 standard, your app functions as a client application.

It uses the “authorization code grant” flow to obtain an access token from Google Console, which acts as the authorization server.

Once you’ve logged in with Google account, your app receives a special access token.

This access token facilitates secure communication between your app and Google Console, acting also as a resource server.

The app can then use the token to request specific user information authorized during the login process. It can only access the specific details you approved during login, such as your email and profile.

Conclusion

Spring Security OAuth2.0 empowers developers to implement secure and user-friendly login experiences in their applications.

It leverages the OAuth2.0 standard, enabling users to sign in with existing credentials from various providers like Google, GitHub, or Facebook. This not only simplifies the login process but also eliminates the need to manage user passwords within your application, enhancing overall security.

OAuth2.0’s token-based approach facilitates secure access control between different microservices. Secure communication and authorization between microservices within a larger application.

An OAuth2-based microservices architecture can be structured with a single client application for user interaction.

This client communicates with multiple backend resource servers offering RESTful APIs. A separate authorization server, managed by a third party, handles user authentication and authorization for secure access to resources.

Furthermore, Spring Boot’s autoconfiguration features make setting up Spring Security OAuth2.0 a breeze. Developers can focus on core application functionalities, while the framework handles the complexities of OAuth2.0 communication.

In conclusion, Spring Security OAuth2.0 offers a compelling solution for integrating secure and efficient user login into your web applications.

It simplifies the process, strengthens security, and provides a flexible solution for a variety of authentication providers.

Previously published On My Blog where you can find more articles about Java and Spring Framework

For more in-depth discussions follow me on:

Java vs. Kotlin – A Guide for Modern Developers

Zeki — Mon, 13 May 2024 10:46:59 +0000

Debate
In the world of Android development, a heated debate often arises: Java vs. Kotlin.

While both languages compile to run on the Java Virtual Machine, their strengths differ. Choosing between Java and Kotlin hinges on your project’s needs.

Java, the long-standing champion, boasts an extensive library collection and mature ecosystem. Kotlin, the energetic challenger, brings a modern twist with its concise syntax and focus on developer experience.

This article explores the advantages and disadvantages of different programming languages to help you choose the best fit

History of Kotlin

In 2010, JetBrains, a software development company known for creating IntelliJ IDEA, started developing Kotlin under the name Project Kotlin.

Kotlin aimed to be easier to write and read than Java while integrate seamlessly with existing Java projects.

In February 2012, JetBrains open-sourced Kotlin under the Apache 2 license, allowing for wider community involvement and development.

Early on, Kotlin started gaining traction among developers who appreciated its concise syntax, null safety features, and interoperability with Java.

The first official stable release of Kotlin arrived in February 2016(Kotlin 1.0). This marked a significant milestone and ensured backwards compatibility for future versions.

In 2017, Google announced Kotlin as a first-class language for Android app development alongside Java. This significantly boosted Kotlin’s adoption within the Android development community.

Since then, Kotlin has seen continuous growth in popularity across various development domains beyond Android, including web development, server-side development, and data analysis.

Kotlin’s Syntax

Kotlin’s “static sugar” refers to features in the language that make code more concise, readable, and easier to maintain, without fundamentally changing its functionality. These features don’t alter the underlying behavior of the program but improve the developer experience by reducing boilerplate code and making the logic more explicit.

Type Inference

Type mismatches can lead to runtime errors that can be challenging to identify and fix. Type inference helps catch these errors early in the development process, during compilation. This improves code quality and prevents potential issues in production environments.

While both Java and Kotlin offer some level of type inference, Kotlin’s type inference is generally considered more powerful and flexible.

When variable and expression types are explicit in the code, it becomes easier for developers to understand the purpose of each piece of code and make modifications when needed

Kotlin can often infer the data type of a variable based on its initialization value. This eliminates the need for explicit type declarations in many cases, making code less verbose.

Java’s type inference is primarily limited to local variable declarations where the compiler can determine the type based on the assigned value.

Kotlin uses type inference extensively for various scenarios, including local variables, function return types, complex expressions, collections, and even lambdas.

Let’s take an example of Kotlins when{} block is essentially an advanced form of the switch-case statement known from Java.

val grade = when (score) {

in 90..100 -> "A"

in 80..89 -> "B"

else -> "C"

}
Type is inferred as String based on the possible outcomes within the when expression (all String literals).

Lambda Expressions with Collections:

val numbers = listOf(1, 2, 3, 4, 5)

val doubledNumbers = numbers.map { number -> number * 2 }
Type inference considers the lambda parameter (number) as Int and the return value as the result of the multiplication (also Int)

val evenNumbers = numbers.filter { it % 2 == 0 }
Type inference considers the lambda parameter (it) as Int based on the collection content (numbers) and the operation involving Ints

In these examples, the compiler analyzes the entire expression, including nested structures and conditional logic, to infer the most appropriate type for the final result. This allows for concise and expressive code without the need for explicit type declarations in many cases.

Default Parameters

Kotlin allows functions to have default parameter values. This reduces the need for extensive conditional checks within functions to handle cases where specific parameters might be omitted during the call.

For example:

fun greet(name: String, title: String = "Mr./Ms.") {

println("Hello, $title $name!")

}
Null Safety

Kotlin enforces null safety by design. This means variables must be explicitly declared as nullable if they might hold no value. This eliminates the need for frequent null checks and conditional statements typically used in Java to avoid null pointer exceptions.

Java does offer Optional as a way to handle null values, but it’s not quite the same as Kotlin’s enforced null safety.

While Optional helps manage null values, it requires developers to explicitly handle the empty state using methods like isPresent() and get(). This can add boilerplate code and still requires checking for null within these methods.

For example:

Java (using Optional)

Optional name = getCustomerName();

if (name.isPresent()) {

System.out.println("Hello, " + name.get() + "!");

} else {

System.out.println("Customer name is unknown.");

}
Kotlin Only executes if name is not null

val name: String? = getCustomerName()

name?.let { println("Hello, $it!") }
Data Classes

Data classes in Kotlin are a special type of class designed to hold data and provide a concise way to represent them. They are particularly useful for situations where you need to create classes that primarily focus on storing and manipulating data. Here are some key characteristics of data classes in Kotlin:

When you define a data class, the Kotlin compiler automatically generates several methods for you, eliminating the need to write them yourself

These methods include:

toString(): Returns a human-readable string representation of the object, including its class name and property values.
equals(): Compares two objects for equality based on their property values.
hashCode(): Generates a hash code for the object, which is useful for storing data in collections that use hash-based algorithms.
copy(): Creates a new copy of the object with potentially modified properties.
Data classes are declared using the data keyword followed by the class name and its properties within curly braces.

data class Person(val name: String, val age: Int)
Java records (introduced in Java 16) offer a way to define classes that primarily focus on holding data. But there are differences:

Kotlin Data Classes: Mutable by default, but can be made immutable by declaring properties as val (read-only) or using copy constructors.
Java Records: All fields are final and immutable by design.
Kotlin Data Classes: Enforces null safety by design. Variables must be explicitly declared as nullable (String?) if they might hold no value.
Java Records: No built-in null safety. Variables can be null without explicit declaration.
Kotlin Data Classes: Allow defining default values for properties within the class constructor.
Java Records: Don’t support default parameter values.
Modern Features

Kotlin extension functions are a powerful feature that allows you to add new functionality to existing classes without modifying the original class itself.

You can extend functionality without altering the original class definition, which is beneficial for working with third-party libraries or frameworks.

fun String.reversed(): String {

return this.reversed() // Using the built-in reversed function on the String receiver

}

val message = "Hello, world!"

val reversedMessage = message.reversed()

println(reversedMessage) // Output: !dlrow ,olleH
Kotlin extension functions are a versatile tool for extending the capabilities of existing classes and promoting clean, maintainable, and expressive code.

Kotlin lambdas, also known as anonymous functions, are a powerful feature that allows you to define concise blocks of code that can be passed around like values.

While both Java and Kotlin support lambdas, Kotlin lambdas offer a more concise, readable, and potentially more powerful approach due to their additional features.

Here are some key characteristics of Kotlin lambdas:

Improved Code Readability: Lambdas can make code more concise and readable, especially when dealing with short, well-defined functions.
Higher-Order Functions: Kotlin allows functions to take other functions as arguments (higher-order functions). Lambdas are perfect for implementing this concept and expressing logic in a more functional style.
Collections and Iterations: Lambdas are heavily used with collections in Kotlin for filtering, mapping, and other operations. They provide a clean way to define the logic for these operations within the context of the collection.
Receiver functions: Can directly access the object they’re operating on.
Example:

val sum = { x: Int, y: Int -> x + y } // Lambda with two arguments and a return statement

val result = sum(5, 3) // Calling the lambda and passing arguments

println(result) // Output: 8
Java does offer lambdas (anonymous functions), but there are some key differences in their syntax, features, and usage:

A lambda with a receiver function is similar to a regular lambda, but with an additional object specified before the curly braces using an arrow ->. This object becomes the receiver for the lambda body.

Kotlin

objectName.methodName { receiver ->

// Lambda body with access to "receiver"

}
In contrast, Java lambdas don’t have built-in receiver support.

You might need to pass the object as an argument explicitly within the lambda, making the code less concise and potentially less readable.

Conclusion

Kotlin offers a more concise syntax compared to Java. This means you can write the same functionality with fewer lines of code in Kotlin, making it easier to read and maintain.

Java is notorious for NullPointerException errors, which can cause crashes. Kotlin enforces null safety at compile time, preventing these errors and making your code more robust.

Kotlin code can seamlessly integrate with existing Java code, making it easy to adopt Kotlin gradually within a project.

On the other side, if you’re working on a massive Java codebase, transitioning entirely to Kotlin might be a significant undertaking.

Java’s maturity and vast ecosystem of libraries and frameworks can be advantageous in such cases.Overall, both Java and Kotlin are powerful languages. The choice between them depends on your specific project requirements, team expertise, and desired level of code conciseness and safety features.

Previously published On My Blog where you can find more articles about Java and Spring Framework

For more in-depth discussions follow me on:

Java 21: Path to Generational ZGC

Zeki — Thu, 09 May 2024 09:51:13 +0000

ZGC, or the Z Garbage Collector, is a relatively new option in the world of Java garbage collection.

The garbage collector (GC) cleans up unused objects, freeing up memory for new ones. But just keeping track of free space isn’t enough. Over time, memory becomes fragmented (scattered) as objects are created and deleted. To prevent this, the JVM might also compact memory, rearranging things to create larger contiguous blocks of free space for future allocations.

While the details can get technical, garbage collection (GC) boils down to three key tasks: finding unused objects, freeing their memory, and organizing that free memory.

Different GC algorithms handle these tasks in unique ways, especially when it comes to organizing memory. Some wait until absolutely necessary to reorganize, while others tackle it in larger chunks or by moving small bits at a time. These different approaches are what make some GC algorithms faster or slower for specific situations.

One tricky aspect of GC is that sometimes it needs to move objects around in memory. This can be a problem because if an application thread is trying to use an object at the same time it’s being moved, things can go wrong. To prevent this, GC pauses all application threads for a short moment while it relocates objects.

This is known as stop-the-world pauses.

Most garbage collectors organize memory in a similar way, even though the specifics might vary slightly.

They typically split the memory area used by objects (called the heap) into different sections based on how long objects have typically lived. These sections are called generations.These are called the old (or tenured) generation and the young generation. The young generation is further divided into sections known as eden and the survivor spaces The rationale for having separate generations is that many objects are used for a very short period of time.

The CMS collector

The CMS collector was the first concurrent collector. Like other algorithms, CMS stops all application threads during a minor GC, which it performs with multiple Threads.

The Concurrent Mark Sweep (CMS) collector (also referred to as the concurrent low pause collector) collects the tenured generation. It attempts to minimize the pauses due to garbage collection by doing most of the garbage collection work concurrently with the application threads. Normally the concurrent low pause collector does not copy or compact the live objects. A garbage collection is done without moving the live objects. If fragmentation becomes a problem, we need to allocate a larger heap.

It aimed to minimize pauses during garbage collection cycles, making it suitable for applications that require low latency (minimal lag or delay). Instead of stopping all application threads CMS attempted to run concurrently with application threads. It identified unused objects (marking) while the application continued to run. Later, in a separate stop-the-world pause (sweeping), it reclaimed the memory occupied by those unused objects.

One of the limitations of CMS was so called “floating garbage”, namely, marking and sweeping happened at different times, some objects might become unreachable during the application’s execution but still be marked as reachable during the initial marking phase, which weren’t reclaimed until the next collection cycle.

In addition to this, running garbage collection concurrently with application threads could consume more processing power.

The Garbage First(G1) Garbage Collector

G1 GC, or Garbage-First Garbage Collector, is a relatively new type of garbage collector introduced in Java 7 Update 4 and became the default collector in Java 9. It’s designed to address some limitations of previous collectors and offer several advantages:

The memory area used by objects (called the heap) is divided into smaller regions. Each region can be part of the young generation (for new objects) or the old generation (for long-lived objects).

G1 prioritizes collecting regions in the young generation first, as they tend to have more garbage. However, it can also collect parts of the old generation if necessary. This allows G1 to focus on collecting only the regions that are most likely to contain garbage, improving efficiency.

While G1 primarily works concurrently with application threads (meaning it can run garbage collection tasks while your program is still running), it might use brief stop-the-world pauses in specific situations. These pauses are typically much shorter than with older collectors.

The Z Garbage Collector

ZGC, or Z Garbage Collector, is a relatively new and experimental collector introduced in Java 11 (JEP 333), as an optional feature. It became production-ready in Java 15 and boasts some impressive capabilities:

ZGC is built for applications that need lightning-fast performance. It keeps pauses below 10 milliseconds and can handle massive amounts of memory, making it ideal for real-time systems and big data processing.

ZGC is not the default collector in Java and needs to be explicitly enabled (-XX:+UseZGC.). The most important tuning option for ZGC is setting the max heap size (-Xmx)

ZGC generally performs better with more memory. However, it’s important to strike a balance and avoid wasting resources.

Beyond setting the memory size, ZGC gives you some control over its cleaning process. You can adjust the number of concurrent garbage collection threads (using the -XX:ConcGCThreads option) to potentially fine-tune performance.

You can adjust how much processing power the GC uses. Too much CPU time for the GC can slow down your application, while too little can lead to a buildup of unused data. It’s about finding the right balance.

With Java 21, it has evolved into a generational GC (JEP 439).

To use GenZGC requires passing two VM arguments

-XX:+UseZGC -XX:+ZGenerational

The Generational ZGC aims to improve application performance, extending the existing ZGC by maintaining separate generations for young and old objects.

The goal is to add these benefits on top of what the non-generational approach already offers: lightning-fast pauses (less than a millisecond!), support for incredibly large heaps (think terabytes!), and minimal setup required.

Important design concepts that distinguish Generational ZGC from non-generational ZGC, and from other garbage collectors:

No multi-mapped memory

Classic ZGC employs a technique called multi-mapping where multiple virtual memory ranges map to the same physical memory range.

Generational ZGC relied on a traditional approach where each virtual memory range in the heap had a one-to-one correspondence with a physical memory range.

Optimized barriers

Store barriers are a fundamental concept in garbage collection (GC). They are small pieces of code inserted by the compiler or the runtime system during program execution. Their purpose is to ensure that the garbage collector has a consistent view of the memory used by your program’s objects.

Generational ZGC (ZGC) employs several techniques to optimize store barriers, aiming to minimize their performance impact while maintaining accurate garbage collection.

Double-buffered remembered sets

Double-buffered remembered sets are a specific optimization technique used in garbage collection, particularly within Z Garbage Collector (ZGC) introduced in Java. They play a crucial role in efficiently tracking references between generations of objects and minimizing the overhead associated with store barriers.

Relocations without additional heap memory

This refers to a technique that allows the GC to move (or relocate) objects within the existing heap space during a collection cycle without needing to allocate additional memory. This is particularly beneficial for improving efficiency and reducing pauses in low-latency garbage collection scenarios.

Dense heap regions

These are regions in the heap that contain a high proportion of live objects (objects that are still being used by the program). They are essentially “packed” with objects that haven’t been garbage collected yet.

During garbage collection cycles, ZGC analyzes the density of each heap region. This analysis helps ZGC decide the most efficient way to handle each region.

Large objects

ZGC already handles large objects well.In Generational ZGC takes this a step further by allowing large objects to be allocated in the young generation. Given that regions can be aged without relocating them, there is no need to allocate large objects in the old generation just to prevent expensive relocations. Instead, they can be collected in the young generation if they are short-lived or be cheaply promoted to the old generation if they are long-lived.

References between generations

Generational ZGC avoids constantly tracking young-to-old references by piggybacking on young generation collections. This combined approach efficiently identifies and preserves objects still needed by the program across generations.

How to Choose Your JVM GC

Choosing the right garbage collector (GC) for your Java application involves understanding your specific needs and the characteristics of different GC algorithms offered by the JVM.

In most cases, G1GC is a good starting point as it offers a balance between performance and pause times.

If your primary concern is high memory throughput, and pauses are acceptable, Parallel GC might be a good choice. For ultra-low latency requirements, explore ZGC (consider its experimental nature).

You can fine-tune the behavior of some GC algorithms using JVM flags. However, it’s generally recommended to start with default settings and adjust only if necessary

Use profiling tools to analyze your application’s memory usage patterns and GC behavior.

This can help you identify potential bottlenecks and refine your GC selection.

Previously published On My Blog where you can find more articles about Java and Spring Framework

For more in-depth discussions follow me on:

JAVA: Past and Present

Zeki — Thu, 09 May 2024 09:43:56 +0000

James Gosling, Mike Sheridan, and Patrick Naughton initiated the Java language project in June 1991. They envisioned a language that was portable, object-oriented, and could be used to develop a wide range of applications

Previously published On My Blog where you can find more articles about Java and Spring Framework

The language needed to use the principle of a virtual machine to make it compact and portable. It needed to be based on the current object-oriented language, C++.

The project went ahead under the name “green” and the language was based on an old model of USCD Pascal, which makes it possible to generate interpretive code.

In 1993, the language was renamed “Oak” and was oriented towards the object model that more closely matched the culture of in-house developers than the Pascal procedural model.

The portability and compact nature of Oak made it the perfect candidate for use on the Internet, which was well known for its slow speed and heterogeneity on connected machines. It took nearly two years to adapt Oak, and in January 1995, after long brainstorming sessions and coffee breaks, Sun renamed Oak Java.

On May 23, 1995, during the SunWorld Exposition, the technological achievements of Java language were presented to the public and brought quick success.

Created with the slogan Write once, run anywhere (WORA), meant that a Java program could be developed on any device, compiled into a standard called bytecode, and be expected to run on any device equipped with a Java Runtime Environment (JRE).

JRE is a concrete platform implementation of a set of specifications that formally define what is required to run Java applications.

This set of specifications is called a Java virtual machine (JVM).

This meant that engineers could develop programs written in Java language that would run on every platform that implements, platform specific JRE i.e. JVM.

The way allowed Java to solve portability problems is that output of Java compiler is not platform specific compile code, it is a set of instructions called bytecode executed by Java Virtual Machine (JVM) which is part of Java Runtime Environment installed on a specific platform.

In general, when a program is compiled to an intermediate form and then interpreted by a virtual machine, it runs slower than it would run if compiled to executable code. To provide a performance boost, HotSpot technology was introduced. HotSpot provides a Just-In-Time (JIT) compiler for bytecode. JIT compiler, compiles parts of bytecode into native code, as it is needed, during execution.

Java almost immediately captivated the hearts of developers due to its portability and large set of built-in libraries and became popular for mainstream programming. Java evolved to three core technology packages (JVM, JRE and JDK, a superset of JRE) that represented both the platform and the programming language.

The JVM provided the foundation for executing Java bytecode, the JRE provided the runtime environment for Java applications, and the JDK provided the tools for developing Java applications. This modular architecture made Java highly adaptable to various development environments and deployment scenarios.

Java: The Platform

Besides JVM implementation, JRE contains other supporting tools to get most of your java applications, such as:

Development toolkits
Frameworks for Graphical User Interface (GUI) called Abstract Windowing Toolkit (AWT) and Swing.
Integration libraries
Java IDL, to support distributed objects written in Java Programming language, Java Database Connectivity (JDBC), tool for applications to access remote databases

Java Naming and Directory Interface (JNDI), a directory service that lets clients create portable applications that fetch information from external databases using naming rules.

Language and utility libraries
Set of packages that are fundamental for designing Java applications (such as collections and concurrency framework), management and monitoring.
Deployment solutions
Technologies that simplify release changes and updates to user applications.

JRE Implementation of JVM runs on top of the operating system and takes user compiled code, links it with above mentioned libraries and starts the JVM to run it.

The JRE uses three core components to work

ClassLoader
The Java ClassLoader dynamically loads all class files necessary into the Java Virtual Machine (JVM)
Bytecode Verifier
They bytecode verifier checks the format and accuracy of the Java code before loading it into the JVM
Interpreter
Creates the JVM instance that runs the program

Java Development Kit (JDK) is a superset of JRE(tool for running Java code) that provides tools necessary to write and develop Java applications.

We can say that JDK is a concrete implementation of Java platform specifications and contains all that is needed to develop and run Java applications.

Product name for JDK is Java Standard Edition (JSE).

Java Enterprise Edition (JEE) is extending JSE with a set of specifications for enterprise functionalities such as web services, distributed computing, reading and writing to databases in a transactional way.

Oracle Corporation is the current owner of the official implementation of the Java SE platform, following their acquisition of Sun Microsystems on January 27, 2010.

On September 12, 2017 Oracle announced that it would submit the JEE to Eclipse Foundation.

The platform was renamed from JEE to JakartaEE.

Java: The Language

Sun Microsystems released the first public implementation as Java 1.0 in 1996.

Since the first release of Java, there have been many additional features added to the language. Now Java is being used in Windows applications, Web applications, enterprise applications, mobile applications, cards, etc, Each new version adds new features.

The Java Programming Language is a general-purpose, concurrent, strongly typed, class-based object-oriented language. It is normally compiled to the bytecode instruction set and binary format defined in the Java Virtual Machine Specification.

Although fundamental principles of java are portability and security, other factors played important role also in invention and development of java, such as:

Robustness
There are two main reasons for program failure: memory management mistakes and run time errors. Java addresses these problems by providing automatic memory cleaning of unused objects, called garbage collection and object oriented exception handling for runtime errors. In a Java application all runtime errors should be managed by the program.
Familiarity and Simplicity
Java was designed to be easy to learn, assuming that you have some programming experience. It was easy to move to java if you have some previous experience in C++.
Object Orientation
Java strongly supports Object-Oriented Programming concepts such as encapsulation, abstraction, and inheritance.

All the instructions and data in a Java program have to be added inside a class or object.

Multithreading
Java was written to be able to deal with multiple things simultaneously by defining multiple threads. Java runtime system implements multi process synchronization thas enables you to focus on behavior of your program instead of multitasking system
Distributedness
Java was designed to be able run in a distributed environment like the internet. Java also supports Remote method invocation(RMI) to be able invoke methods across networks.
Dynamicity
With runtime type information java is able dynamically link new class libraries, objects and methods.

In the past, major Java releases were typically separated by two or more years. However, subsequent to the release of JDK 9, the time between major Java releases has decreased. Today, the expected time between releases is just six months.

At the heart of Java development is Java Community Processes (JCP), established in 1998, a formalized mechanism that allows interested parties to develop standard technical specifications for Java technology.

The JCP formalizes how new features and changes to Java are proposed via Java Specification Requests (JSRs). It contains proposed changes, additions, or improvements to the Java technology platform. The JCP itself is described by a JSR. As of 2020, JSR 387 describes the current version (2.11) of the JCP.

Every JSR enters a review process. This is a multistage process wherein the changes proposed in the JSR are gradually considered more seriously, modified, anguished over, and eventually adopted.

JEP is a JDK Enhancement Proposal. JEP proposes experimental ideas that are channeled into becoming JSR.

New features of Java are delivered via JDK projects. When a proposal is mature it is considered for implementation in a JDK project.

A JDK project is a broad range of implemented JEPs, including one or more groups responsible for various areas of the Java platform.

The most important active JDK projects are: Amber, Loom, Panama and Valhalla

Project Amber is incubator of smaller Java features intended to be part of future Java releases
Project Loom is an effort to replace the old Java threading model that relies on underlying OS threads by creating virtual threads.
Project Panama is an effort to improve Java communication with non-Java APIs through Java Native Interface(JNI) by introducing some foundational components.
Project Valhalla’s aim is bringing between primitive and custom types. By unifying Java’s types it will be possible to apply generics to both classes and primitives gaining performance benefits.
There have been many releases of Java language since 1995.

We can say that Java 8 released in 2014 was the most significant release of Java that put it on the track of one of the most important programming languages.

Its main new features were Lambda expressions and stream API putting it closer to the functional programming paradigm.

Since Java 9, there have been new releases of Java every six months. However not every release of java gets Long Time Support (LTS).

Currently Long time supported versions of Java are 11, 17 and 21, the last version released on September 21st 2023.

Java: Perspectives

Java’s strict specifications and standardized development practices ensure consistency and interoperability across different development teams and environments. This consistency is crucial for building and maintaining complex microservices architectures.

Because of its well defined JVM, with the advent of cloud computing, containerised development using technologies such as Docker and Kubernetes, is well suited for microservices architectures and various serverless approaches.

Java is used for mobile application development for building Android applications, which are used by billions of people worldwide. Java is also used in the development of cross-platform mobile applications using tools such as Xamarin and PhoneGap.

Mobile and desktop game development is an area where Java is a popular choice.

With the popular Spring framework’s implementation of JEE specifications, we can say that Java is the language of choice when it comes to development of enterprise applications and microservices architecture.

In 1995, Java introduced two revolutionary concepts that became inevitable principles of modern software development: portability and memory management.

Those two principles still play a fundamental role in the invention of new technologies and ways of software development.

What do you think about Java Language prospects? You can write your thoughts in comments below.

For more in-depth discussions follow me on: