<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

Tim OBrien

Recent Posts by Tim OBrien:

That's Billion with a B: Is Java Having an "Outlook" Moment?

I'm a broken record, I know, but every month that goes by we get more and more news that suggests that Java developers (and the companies that support Java) are slow to wake up to these threats.

You remember Outlook, maybe some of you are unlucky enough to still use Outlook, but for Microsoft, Outlook was a multi-year security embarrasment. From 1999 to around 2005 it felt like Outlook was having a security vulnerability every other minute. Back then, there were so many that, in technical circles, Outlook became something of a joke to anyone who valued security. In fact, you could make a compelling argument that Outlook's multi-year security challenges were the weak point in the armor that provided an opening to Google's GMail (and once you've decoupled from Outlook, why not try that Macbook Pro you've been eyeing).

If this trend in Java doesn't stop - if we don't stop experiencing billion-user, level 10 CVSS security exploits every other week in Java - all the inertia in the world won't stop a shift to another language or another platform. Check out this news that just crossed the wire yesterday from Softpedia:

The Cloud is Running toward BSD-style Licenses, are you?

The New York Times had a great article this weekend that explored some of the disconnect in the industry. In "Power, Pollution and the Internet", James Glanz writes: "[the] foundation of the information industry is sharply at odds with its image of sleek efficiency and environmental friendliness." This article is interesting in that it calls out the industry for creating an unsustainable power drain that is based on some awful environmental choices. From the article: "Of all the things the Internet was expected to become, it is safe to say that a seed for the proliferation of backup diesel generators was not one of them."

This piece made me stop and think about trends over the last decade. While the New York Times is focused on the environmental cost, I'm more interested in how this shift to Infrastructure-as-a-Service and deployment on cloud-based infrastructure is affecting open source licenses. The trend might not be readily apparent if you don't know what to pay attention to. Here's an attempt of making sense of licensing trends...

What Enterprise Architects and Time Travelers have in Common

Note: This post was inspired by Manfred's post "You don't do repository driven development? Where have you been?". It immediately made me think of Star Trek...

When I roll up to a new client in desperate need of build help, there's always a chance I'll have a "Scotty moment" - a moment when I pick up the mouse and attempt to ask an Apple II to synthesize transparent Aluminum. ("Computer, bring up the repository and scan for vulnerabilities.") If you don't get the reference, I'll walk you over to IMDB and point you towards the movie Star Trek IV. In Star Trek IV, James T. Kirk and company travel back in time to 1986 in a "bird of prey" to rescue a humpback whale which is being summoned by a mysterious alien probe in the year 2286. Leonard Nimoy directed Star Trek IV and it had a comedic "fish out of water" feeling to it that made it appeal to a wider audience.

Don't Do it Wrong: Put that Puppet in a Box and Use Nexus for Devops

Companies all over the place are trying to convert existing deployment scripts over to automated systems like Puppet and Chef. Many of the systems I've seen in the past few months have very complex codebases, builds that take 40 minutes to execute, and deployments that span hundreds of VM instances on public clouds like Amazon EC2 or private clouds using technologies like VMWare. Tools like Puppet and Chef are emerging as market leaders and the shift to large-scale automation is being driven by increasingly heterogeneous applications architectures and the arrival of open source "cloud APIs" such as Openstack.

In other words, everyone is scaling horizontally and everyone needs a repeatable, automated process to set up instances, deploy software, and perform tasks that were previously manual. Everyone seems to agree that the boundary between development and operations requires automation - it is time to stop wasting good operations and development talent on manual deployments. This trend is called Devops, and in this article I'm going to talk about where Nexus should fit into your automation effort.

Remember when Hackers Ignored Java? Those days are over... FBI Hacked via AtomicReferenceArray

Earlier this year, I wrote a piece about how it was only a matter of time until Java became a popular vector for attacks. The response to that particular article was a lot of fun for me. Let's just say a number of high-profile, open source Java folks jumped up and down and shouted FUD. My conclusion: just talking about security to developers earns an almost immediate negative reaction. They don't want to think about it.

Download it All at Once: A Maven Idea

Consider, for a moment, your big corporate project that you work with every day. I know. It's huge. I see several of these projects on a constant basis. Maybe you have one big project with multi-modules. Maybe you have a more mature approach that splits up a very large project into several multi-module projects. Whatever it is, there's a chance that you also work in the kind of environment that has a huge build with hundreds of dependencies that spans tens of thousands of lines of code. Your build spends most of the day juggling dependencies, both internal and external

...and, the build takes forever the first time you run it. Correction, the build takes forever every time you run it because it is just that big, and because you have the sort of environment that demands you always check for snapshot updates. Welcome to the reality of using Maven on a very large-scale project.

Nexus 2.1.2 Update Available Now: Minor Features and Fixes for both OSS and Pro

We've cut another Nexus release: version 2.1.2 of both OSS and Pro contains several minor bug fixes.