The Cafes

Lately I’ve heard developers claim that it’s now OK to avoid specifying the character set when creating an InputStreamReader or String, or otherwise converting bytes into characters because Java now (JDK 18 and later) uses UTF-8 as its default character encoding regardless of platform.

Except we do still need to do it, for two independent reasons:
Read the rest of this entry »

I’ve released version 1.4.0 of XOM, my open source library for processing XML with Java. It’s available from the usual places including Maven Central (xom:xom:1.4.0) and https://xom.nu/. This is the first release coded with LLM assistance.
Read the rest of this entry »

Often in a code review I’ll point out that public signatures are being changed, and we can’t do that in a minor release. Then the author will reply that it’s OK because it’s an internal only API, or an impl API, or both so it’s OK. No one is depending on it. And then this happens:

Error:  Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.14.0:compile (default-compile) on project mvnd-daemon: Compilation failure
Error:  /Users/runner/work/maven-mvnd/maven-mvnd/daemon/src/main/java/org/mvndaemon/mvnd/syncontext/DaemonNamedLockFactoryAdapterFactoryImpl.java:[48,9] no suitable constructor found for NamedLockFactoryAdapterFactoryImpl(java.util.Map,java.lang.String,java.util.Map,java.lang.String,org.eclipse.aether.impl.RepositorySystemLifecycle)
Error:      constructor org.eclipse.aether.internal.impl.synccontext.named.NamedLockFactoryAdapterFactoryImpl.NamedLockFactoryAdapterFactoryImpl(java.util.Map,java.util.Map,java.util.Map,org.eclipse.aether.impl.RepositorySystemLifecycle) is not applicable
Error:        (actual and formal argument lists differ in length)
Error:      constructor org.eclipse.aether.internal.impl.synccontext.named.NamedLockFactoryAdapterFactoryImpl.NamedLockFactoryAdapterFactoryImpl(java.util.Map,java.lang.String,java.util.Map,java.lang.String,java.util.Map,org.eclipse.aether.impl.RepositorySystemLifecycle) is not applicable
Error:        (actual and formal argument lists differ in length)
Error:  -> [Help 1]

Hyrum’s Law applies. From JLBP-3:
Read the rest of this entry »

I’ve released version 1.0.1 of the proper nouns library.

This is a new free-as-in-speech Java library that I wrote — Well I sort of wrote it. Truthfully GitHub copilot and whatever LLM model is sitting behind it wrote quite a bit of it. But anyway proper nouns is a library I wrote to scratch an itch. You feed it a word, and the library tells you if the word is very likely to be a name and very unlikely to not be a name so, for instance, it will tell you that Robert is a name and April is a name, but it will not tell you that Dawn is a name because dawn is also commonly used as a simple noun in English. It will tell you that Smith is a name because although smith is a perfectly valid common noun, it’s far more commonly seen as a name in the 21st century.
Read the rest of this entry »

I’ve heard from way too many projects that they can’t sign their applications and binaries. This isn’t true. What it really means is that it’s a hassle for them to do so, or costs them a few bucks. In 2025 this is not OK. Code signing, developer attestation, and reproducible builds are mandatory. Open source is not an excuse. The problems of supply chain attacks and malware are far too serious to allow unsigned, unattested software on our devices. Letting projects bypass necessary security practices because they’re open source and no one pays them is like letting home gardeners pour poisonous pesticides into the water supply. If a hobby project can’t be bothered to navigate code signing requirements, then it shouldn’t be allowed on other people’s computers, any more than we allow home built autos that don’t meet mandatory safety requirements on the public highways or hobbyist drones to fly around airports. There are costs associated with production software, and if you’re not able to pay those costs, don’t ship.

Of course, it’s not just open source developers that have to do this. It’s all software, closed source commercial and enterprise included. And it’s not just a question of ticking the checkboxes. You have to do this right. Recently I’ve noticed a common UI problem in a lot of commercial software when it comes to app signing. Take a look. Do you see it?

Read the rest of this entry »