- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
I like turtles.
Admin
I use this feature all the time for communicating from applet to server. It's a very easy way to let a client build up a bunch of state, and pass it to a server (over tcp stream). Keeps you from having to build any of your own object serdes code when you want to pass structured data between different vm instances.
captcha: craaazy (maybe I am, but this seems straightforward to me)
Admin
What you'll come to find is that, in Java, things which are a bad idea, tend to be a pain to implement. That is largely by design.
For instance, when you extend a class, you are inheriting not only methods but also all of the contracts honored by that class. The whole point of inheritance and polymorphism is that instances of your class should be suitable and safe replacements for instances of the superclass.
So when you extend a Serializable class, you are expected to uphold the Serializable contract, because an instance of your class can be passed anywhere an instance of the superclass is expected.
Extending a class just to use its functionality, when a simple aggregate relationship would do, is not especially good practice. (Unfortunately, it is nearly universal among Swing programs.)
Admin
Neat! They should add a prize (like gambling in vegas or lotto tickets) if you manage to open a file! The odds of actually matching serial versions are what... like ... 1 in 4.3billion?
Admin
you can manually enter the version number in the project properties. (Major, Minor, Rev) Can't assign it to a random 64 bit integer though... (is java running 64 bit longs yet? I wasnt sure). Actually... I like the way that .NET handles it better... becuase you can set it to auto-increment... and it is all integrated into deployment packages.
Admin
This kind of technique would make it so that, if a client were using dynamic class loading, the client would only be able to exchange the same data with a service that it received from the service during that service's lifetime. That said, I'm guessing that a service that had that kind requirement must be full of WTF's.
Admin
This is all well and good except for one little thing: java.lang.Exception is Serializable by default, thus forcing Serializable onto every exception you want to throw. And because Java forces exceptions into a fixed hierarchy of classes (Throwable, Exception, etc.) with hardcoded behavior, you have to use that class hierarchy for your own exceptions. Whether you want them to be serialized or not.
I can see an argument for serializing exceptions sometimes, but it's not something you always want to do. And that's why my exception classes often have a dummy serial number to shut the compiler up.
Admin
Admin
Admin
Admin
One would really have to think one or two times about the design of such a solution. If you just transmit data through the class, no problem. If the class is more powerful, then "Can it be abused?"
consider
public class Insecure implements Serializable { private String stuff; public void doStuff() { Process proc = Runtime.getRuntime().exec(stuff); } }The example is absurd, certainly. But I think many people might miss the implications of desearilizing from an external and untrusted source.
Admin
For those of us who don't randomly reassign system functions for the hell of it, that's:
(Math.random()<0.5 ? '-' : '') + Math.round(Math.pow(10,17)*Math.random()) + 'L'
Admin
Admin
As MyAbacusHasAVirus said, this could be used to keep memory usage down. Sort of like a page file; the memory contents would only be valid for a certain run of the application. Otherwise, it would be invalid data; so don't let it be re-instated after it's been shut down. But loading and saving data to the HDD while the app is still running, then there'd be nothing wrong with it.
CAPTCHA: Who gives a fuck what it is.
Admin
If there's a better way of doing this, I'm all for hearing about it. I learned how to program in Java by buying the Flanagan book and reading the first three or four chapters, so I'm sure I missed something or another along the way. My first efforts weren't particularly pretty but I think I'm getting there. . .
Admin
For all of you C# programmers who missed the point, (I don't blame you, java Serialization is slightly counter-intuitive) the best comparison is C-style binary reading and writing. Saving a data structure in binary and then adding a field to it can cause unpredictable results when reading that data. This mechanism gives the developer control over when the read library should even try.
Also, It's not so much a true interface as a message to the compiler to allow it to be used in ways similar to directly reading and writing data structures as binary in C. This is what makes it confusing.
It may not be the case (see above) but this would make sense for resticting serialization to the same JVM. System.currentTimeMillis() is a better choice but the principle still stands. Consider a program that virtually never closes like a server. Some data may need to be stored for long periods of time to the file system or to a database (see Blob in jdbc) without being kept in active memory.
All session data for example must be serializable so that it can be garbage collected between requests. A server may spend .0001% percent of its time servicing requests from a particular session so why keep its data around in main memory the rest of the time?
Admin
CAPTCHA: fkwitfkwitfkwiti'mafkwitwhotypes intheircaptchastringfkwitfkwit
Admin
Hardly. Any web app run in a standard container will have multiple class loaders. And class GCing doesn't typically happen unless memory is scarce, but unless you start the JVM with the appropriate args, you can't count on the class not being cleaned up.
Admin
A better idea would be to use some reproducible but distinct values for your instances, so that if they go down unexpectedly they don't lose anything they had written out. An even better idea would be to do it a completely different way, since serialVersionUID isn't made for that purpose.
Still, I suppose it's an improvement over the guy who wanted to know how to alter the class' serialVersionUID at runtime to match that of the object he was trying to load so that it would "fix the loading failure".
Admin
Replying to Blaufish: I'm definitely aware of the potential risk. I'm only using this in a context where there's no security issue (no escapeable strings, just basic structured data with very predictable structure processing).
Really, as someone else pointed out, it's no different from any other data transmission mechanism: you must ensure that you either don't trust the data, or don't need to.
Admin
What's really interesting is that JBoss used it in a DTO test case:
in testsuite/src/main/org/jboss/test/scoped/interfaces/dto/SimpleResponseDTO.java from http://anonsvn.jboss.org/repos/jbossas/trunk -
package org.jboss.test.scoped.interfaces.dto; import java.io.Serializable; import java.util.Random; public class SimpleResponseDTO implements Serializable { private static final long serialVersionUID = 1L; // private static final long serialVersionUID = new Random().nextLong();Admin
java is probably the worst language known to man.
Admin
Your class might not be serializable, but its parent might be.
Admin
Admin
In general, you should not extend a class unless you need to. Subclass when you must, not whenever you can.
I know most books contain examples that consist of extending Frame or JFrame or JPanel. Those books are wrong. (Printed Java material tends to contain a lot of inaccuracies....)
What should you do instead? How about just making a JPanel and putting things in it? The JPanel you build should be a field in your class (which you may or may not wish to make available via a public get-method). Nothing more.
Admin
WTF?*
Dude, let the Operating System swap the program out do disk if it becomes idle for a long time. There shouldn't be a much of a need for a "Sleep Mode".
The OS is there for a reason. If you look back at what DOS programs had to do on their own, you'll see why.
Admin
Unfortunately, todays operating system's virtual memory models are incompatible with garbage collected memory models. If your app needs more memory than is physically available, you need to do the swapping yourself (there are some caching frameworks around which can 'overflow to disk'). Otherwise, the first full garbage collection will effectively halt your machine.
However, if the swapped data is private to the process / VM, you'd usually create and open the swap file exclusively. No need for random serialVersionUIDs.
Admin
If your IDE is Eclipse, it will generate one for you (choice of default or generated) if you hover over the highlighted part and select one of the options. It handily provides a Javadoc comment for you to write 'to shut up IDE/compiler' in, too.
Eclipse is lovely. Especially ctrl+a ctrl+i. I just can't use that shortcut enough.