I wrote a FindBugs bug detector to look for similar cases: a class with transient fields, but no readObject or readResolve method to restore the field. I had to tune the detector a bit (for example, raise the priority if it is set to a non-default value in the constructor). I'm still doing some tuning, but at the moment the new detector reports warnings in 47 jdk 1.6 b89 classes, 18 of which are confirmed to be bugs. This took me a total of 5 hours of work.
Bugs listed below (these have been reported to Sun); this detector isn't in the current 1.0 release of FindBugs, but is available is the latest CVS snapshot, and will be in the next release.
Bill Pugh
-----
java.security.Timestamp and java.security.CodeSigner:
they have a transient myhash field used to cache the hashCode that is
initialized to -1. If you serialize/deserialize one of these
and invoke hashCode on the result, you'll get an incorrect hashCode of 0.
javax.management.AttributeList
has a transient boolean field tainted. If you add something other than an Attribute
to an AttributeList, serialize/deserialize it, and then invoke asList(), you get back
a List that contains something that isn't an Attribute. If you call asList() on
the original AttributeList, you get an exception.
javax.management.relation.RoleList javax.management.relation.RoleUnresolvedList
problems isomorphic to the above problem
sun.util.BuddhistCalendar
has a transient field yearOffset that is initialized in the constructor. If you
serialize/deserialize a BuddhistCalendar, you get back a broken BuddhistCalendar
that computes dates incorrectly (off by 543 years)
javax.swing.DefaultDesktopManager
has a transient field floatingItems that is initialized to an empty array of Rectangles, and
it sure looks like the code is assuming that floatingItems is assumed to be nonnull, so
if you serialize/deserialize it, it will be broken (of course, I can never be sure if
anybody seriously intends for awt/swing objects to be serialized.
com.sun.rowset.CachedRowSetImpl com.sun.rowset.FilteredRowSetImpl com.sun.rowset.JdbcRowSetImpl com.sun.rowset.JoinRowSetImpl com.sun.rowset.WebRowSetImpl com.sun.rowset.internal.CachedRowSetReader com.sun.rowset.internal.CachedRowSetWriter com.sun.rowset.internal.InsertRow com.sun.rowset.internal.SyncResolverImpl com.sun.rowset.internal.WebRowSetXmlReader com.sun.rowset.internal.WebRowSetXmlWriter com.sun.rowset.providers.RIOptimisticProvider
all initialize in their constructors transient fields pointing to resource bundles
for providing localized error messages, and the resource bundle will be null if the
an object is deserialized and serialized.
javax.smartcardio.CommandAPDU
has 3 transient fields (nc, ne and dataOffset) that are computed by the call to parse in the constructor
from the apdu array. However, if the object is serialized/deserialized, the fields will have their
default values.
We've actually been working pretty hard to avoid developing a software monoculture in the CS department at Maryland. We particularly want to avoid forcing students to use a particular OS, and by spreading around which OS we use in courses, we make it hard to force certain OS's on students.
There are a bunch of campus operated computer labs, running Windows, Solaris, Linux or Mac OS (the campus web page says 9.2, but that has got to be out of date, I hope). The department runs a Linux lab for undergraduate education, and we just purchased 32 iBooks for in-class computer labs for the intro programming courses.
For research and desktop use, we have a pretty broad mix (Solaris, Windows, Linux, OSX).
Of course, the fact the we have so many different operating systems running makes maintance a little more complicated, and that we have to use cross-platform solutions for things like meeting scheduling, IDEs, etc. A little harder, but the consensus is that it is worthwhile.
The benchmarks are poorly designed microbenchmarks. Why do people pay attention to such things? See Cliff Click's talk on "How NOT To Write A Microbenchmark".
We've done some of our own cross-language benchmarking. The NASA Advanced Supercomputing Parallel Benchmarks are problem statements for serious computation science problems, and solutions can be written in any programming language. We implemented the sparse Conjugate Gradient benchmark, and compared Java against fastest Fortran/MPI implementation on a cluster of 32 linux workstations. Java performed at essentially the same speed as Fortran/MPI (actually a little faster on 16 nodes). Although Fortran was slightly faster at the sparse matrix-vector product, Java communications using Java nio was faster than using the LAM implementation of MPI (the MPICH implementation was much worse than the LAM implementation).
Since I taught Sergey when he was an undergraduate at Maryland, and have done some consulting at Google, I can offer some insight on on Forbes article.
The Forbes article is right that Google is very selective in their hiring, and puts a premium on intelligence over experience. However, the claim that you need a degree from a top-10 university is bogus. Actually, one thing that helps a lot is a graduate degree. I believe the current situation is that they have more people on the engineering staff with PhDs than with BS degrees (and more people with Masters degrees than either).
One of the interesting things about the Google engineering team is the number of people who had previously done research in topics such as compiler optimization than have no relation to Google's business. They just hire smart people.
I understand that a number of people are upset by recent changes in Google's ranking scheme and the fact that it isn't public or open source. The thing you have to understand is that Google will be forever in a war with the people doing "Search Engine Optimization". These people don't care about having Google return the best result for "ceiling fan", they just want their web site selling ceiling fans to be on the first page.
The initial papers on the Page Rank algorithm assumed a web that was unaffected by the page ranking algorithm. Now, with Google being a dominate search engine, a substantial part of the web is designed to influence Google's search ranking. Figuring out a search ranking algorithm that works well in that context is very hard, and would be impossible if it was public or open source. The SEO people would 0wn it in a moment.
A problem I've noted with Google in the past few years is that a search for anything that people are trying to sell, like "ceiling fans", mostly returned links to web stores selling that product. The newest ranking for "ceiling fans" includes other links as well, such as informative web sites on installation, manufacturers and energy conservation. So it seems like an improvement to me.
Clearly, managing a company that is growing like Google is growing is a challenge. But I'm not sure anyone else could do it better.
None of this is really needed. The hijackings on 9/11 worked because everyone "knew" that when a plane was hijacked, it was flown somewhere, demands were negotiated, and most of the time no one got hurt.
Now things are different. We saw that with flight UA 93. Both crew and passengers will flight to the death and/or crash the plane to prevent anyone from taking control of a plane by force.
There are lots of other things to be worried about, but terrorists commandeering planes isn't one of them.
I was surprised to see Judge-for-yourself.com listed as a company being sued. It seems to be the worst search engine in existence.
Try entering any technical term, like "NP complete" or "quantum physics".
15. eBay - Online Auctions Find quantum physics or over 1,000,000 other items at eBay.com
25. FIND "quantum physics" at SUZY SEZ Window shopping on the web? Suzy Sez is like a stroll down 5th Avenue. From antiques to fine wines Suzy Sez brings together the finest merchants on the web!
Slashdot Mirror
As an example of turning bug instances into bug patterns, I always read through the list of bugs fixed in each version of the jdk1.6.0 builds. In build 89, a bug was fixed in the serialization of ArrayBlockingQueue.
I wrote a FindBugs bug detector to look for similar cases: a class with transient fields, but no readObject or readResolve method to restore the field. I had to tune the detector a bit (for example, raise the priority if it is set to a non-default value in the constructor). I'm still doing some tuning, but at the moment the new detector reports warnings in 47 jdk 1.6 b89 classes, 18 of which are confirmed to be bugs. This took me a total of 5 hours of work.
Bugs listed below (these have been reported to Sun); this detector isn't in the current 1.0 release of FindBugs, but is available is the latest CVS snapshot, and will be in the next release.
Bill Pugh
-----
java.security.Timestamp and java.security.CodeSigner:
they have a transient myhash field used to cache the hashCode that is
initialized to -1. If you serialize/deserialize one of these
and invoke hashCode on the result, you'll get an incorrect hashCode of 0.
javax.management.AttributeList
has a transient boolean field tainted. If you add something other than an Attribute
to an AttributeList, serialize/deserialize it, and then invoke asList(), you get back
a List that contains something that isn't an Attribute. If you call asList() on
the original AttributeList, you get an exception.
javax.management.relation.RoleList
javax.management.relation.RoleUnresolvedList
problems isomorphic to the above problem
sun.util.BuddhistCalendar
has a transient field yearOffset that is initialized in the constructor. If you
serialize/deserialize a BuddhistCalendar, you get back a broken BuddhistCalendar
that computes dates incorrectly (off by 543 years)
javax.swing.DefaultDesktopManager
has a transient field floatingItems that is initialized to an empty array of Rectangles, and
it sure looks like the code is assuming that floatingItems is assumed to be nonnull, so
if you serialize/deserialize it, it will be broken (of course, I can never be sure if
anybody seriously intends for awt/swing objects to be serialized.
com.sun.rowset.CachedRowSetImpl
com.sun.rowset.FilteredRowSetImpl
com.sun.rowset.JdbcRowSetImpl
com.sun.rowset.JoinRowSetImpl
com.sun.rowset.WebRowSetImpl
com.sun.rowset.internal.CachedRowSetReader
com.sun.rowset.internal.CachedRowSetWriter
com.sun.rowset.internal.InsertRow
com.sun.rowset.internal.SyncResolverImpl
com.sun.rowset.internal.WebRowSetXmlReader
com.sun.rowset.internal.WebRowSetXmlWriter
com.sun.rowset.providers.RIOptimisticProvider
all initialize in their constructors transient fields pointing to resource bundles
for providing localized error messages, and the resource bundle will be null if the
an object is deserialized and serialized.
javax.smartcardio.CommandAPDU
has 3 transient fields (nc, ne and dataOffset) that are computed by the call to parse in the constructor
from the apdu array. However, if the object is serialized/deserialized, the fields will have their
default values.
We've actually been working pretty hard to avoid developing a software monoculture in the CS department at Maryland. We particularly want to avoid forcing students to use a particular OS, and by spreading around which OS we use in courses, we make it hard to force certain OS's on students.
There are a bunch of campus operated computer labs, running Windows, Solaris, Linux or Mac OS (the campus web page says 9.2, but that has got to be out of date, I hope). The department runs a Linux lab for undergraduate education, and we just purchased 32 iBooks for in-class computer labs for the intro programming courses.
For research and desktop use, we have a pretty broad mix (Solaris, Windows, Linux, OSX).
Of course, the fact the we have so many different operating systems running makes maintance a little more complicated, and that we have to use cross-platform solutions for things like meeting scheduling, IDEs, etc. A little harder, but the consensus is that it is worthwhile.
The benchmarks are poorly designed microbenchmarks. Why do people pay attention to such things? See Cliff Click's talk on "How NOT To Write A Microbenchmark".
We've done some of our own cross-language benchmarking. The NASA Advanced Supercomputing Parallel Benchmarks are problem statements for serious computation science problems, and solutions can be written in any programming language. We implemented the sparse Conjugate Gradient benchmark, and compared Java against fastest Fortran/MPI implementation on a cluster of 32 linux workstations. Java performed at essentially the same speed as Fortran/MPI (actually a little faster on 16 nodes). Although Fortran was slightly faster at the sparse matrix-vector product, Java communications using Java nio was faster than using the LAM implementation of MPI (the MPICH implementation was much worse than the LAM implementation).
Since I taught Sergey when he was an undergraduate at Maryland, and have done some consulting at Google, I can offer some insight on on Forbes article.
The Forbes article is right that Google is very selective in their hiring, and puts a premium on intelligence over experience. However, the claim that you need a degree from a top-10 university is bogus. Actually, one thing that helps a lot is a graduate degree. I believe the current situation is that they have more people on the engineering staff with PhDs than with BS degrees (and more people with Masters degrees than either).
One of the interesting things about the Google engineering team is the number of people who had previously done research in topics such as compiler optimization than have no relation to Google's business. They just hire smart people.
I understand that a number of people are upset by recent changes in Google's ranking scheme and the fact that it isn't public or open source. The thing you have to understand is that Google will be forever in a war with the people doing "Search Engine Optimization". These people don't care about having Google return the best result for "ceiling fan", they just want their web site selling ceiling fans to be on the first page.
The initial papers on the Page Rank algorithm assumed a web that was unaffected by the page ranking algorithm. Now, with Google being a dominate search engine, a substantial part of the web is designed to influence Google's search ranking. Figuring out a search ranking algorithm that works well in that context is very hard, and would be impossible if it was public or open source. The SEO people would 0wn it in a moment.
A problem I've noted with Google in the past few years is that a search for anything that people are trying to sell, like "ceiling fans", mostly returned links to web stores selling that product. The newest ranking for "ceiling fans" includes other links as well, such as informative web sites on installation, manufacturers and energy conservation. So it seems like an improvement to me.
Clearly, managing a company that is growing like Google is growing is a challenge. But I'm not sure anyone else could do it better.
None of this is really needed. The hijackings on 9/11 worked because everyone "knew" that when a plane was hijacked, it was flown somewhere, demands were negotiated, and most of the time no one got hurt.
Now things are different. We saw that with flight UA 93. Both crew and passengers will flight to the death and/or crash the plane to prevent anyone from taking control of a plane by force.
There are lots of other things to be worried about, but terrorists commandeering planes isn't one of them.
This is not a new trailer. It has been out for quite a while, at least a month, but probably several.
Try entering any technical term, like "NP complete" or "quantum physics".
Find quantum physics or over 1,000,000 other items at eBay.com
Window shopping on the web? Suzy Sez is like a stroll down 5th Avenue. From antiques to fine wines Suzy Sez brings together the finest merchants on the web!