Mystery Memory Leaks and JNI

Java libraries that invoke native code (i.e. code written in C/C++ and compiled for a specific platform) via the Java Native Interface (JNI) can allocate memory that is nearly invisible to standard JVM monitoring tools. This creates the potential for very mysterious memory leaks because JNI does not automatically garbage collect or track the non-JVM memory resources allocated on the native side.

»
Author's profile picture Joe Kutner

Update Your Java Dependencies Early and Often

Did you know version 2.8.8 of Jackson Databind (a popular JSON library) has a deserialization vulnerability that can be used to execute any code or command on your system? If you’re using this version you need to update your app immediately.

»
Author's profile picture Joe Kutner

Draining Servlet Requests

Restarts happen, but your users shouldn’t notice them. Every user request should run to completion before the server processing them shuts itself down. This is known as draining requests, and it’s described in the Disposability principle of the 12-factor app. At a high level, here’s what should happen:

»
Author's profile picture Joe Kutner

Oh the Places Your Java Memory Goes

Java heap memory does not make up 100-percent of a JVM process’s memory allocation. There are many categories of non-heap memory in a JVM process that often account for more RAM than the heap when they are summed up. It’s possible to set your maximum heap size to 512 MB, -Xmx512m, and have your process consume more than 1 gigabyte of RAM in total.

»
Author's profile picture Joe Kutner

Deploying Kotlin on Heroku with Ktor

Kotlin reminds me of a young Harry Potter. It’s fresh, full of zeal, and has the support of a great institution. Harry had Hogworts, but Kotlin has the entire JVM ecosystem to nurture its growth.

»
Author's profile picture Joe Kutner

Locking Dependency Versions in Gradle

The ./gradlew build command should produce the exact same output each time you run it–even when you run it on someone else’s computer. But the use of dependency version ranges in Gradle makes it possible for ./gradlew build to resolve different versions of dependencies during each execution, which makes the output of your builds unpredictable.

»
Author's profile picture Joe Kutner

Integrating Firebase with Heroku to Send Custom Notifications

Google’s Firebase Realtime Database makes a great backend for mobile apps. It can sync data across clients in realtime, and remains available when your app goes offline.

»
Author's profile picture Joe Kutner

Managing Users in an Android App with Stormpath and Heroku

In the previous post, you learned how to add a database to your backend service and consume it with Retrofit in an Android app. But you exposed the services without any authentication or authorization. In this post, you’ll learn how to protected those services and add a complete user mangement system to your app with Stormpath.

»
Author's profile picture Joe Kutner

Using Database-backed RESTful Services on Heroku with Android

In my last post, you learned how to invoke a service from an Android app with Retrofit. Now you’ll extend that example to consume RESTful JSON-based services that are backed by a database on the server.

»
Author's profile picture Joe Kutner

Creating Backend APIs for Android Apps with Heroku and Retrofit

This post walks you through the process of creating a backend server API for an Android app, running that API on Heroku, and invoking it from Android with Square Retrofit.

»
Author's profile picture Joe Kutner

Memory Logging with the Heroku Java Agent

The Heroku Java Agent is a lightweight tool you can attach to a running Java process to log heap and non-heap memory usage. It is a simple, but powerful reporting mechanism that can provide essential information at critical moments.

»
Author's profile picture Joe Kutner

Creating Java TrustStores and KeyStores from Environment Variables

Java apps have traditionally managed TrustStores and KeyStores as regular files on the filesystem in JKS format with keytool. This mechanism was fine when the state-of-the-art in system administration required copying files from server to server. But in the era of the cloud, our apps need a better system.

»
Author's profile picture Joe Kutner

Customizing JRuby Cipher Suites

A flurry of security vulnerabilities in the last couple of years have accelerated the deprecation of many cryptographic protocols and cipher suites. As a result, you might have run into this error if you use JRuby:

»
Author's profile picture Joe Kutner

Using SSL with the Postgres JDBC Driver

The PostgreSQL JDBC Driver defaults to using an unencrypted connection. At Heroku, this presented a problem when we decided to move certain database types to dedicated single-tenant instances. Our hope was to improve performance for our customers without them needing to change a single line of code. But the new database instances required an SSL connection, which meant our customers would need to adjust their database configuration before we could migrate them.

»
Author's profile picture Joe Kutner

Improving Java Start-Up Time

The performance of the JVM can’t be beat, unless you’re talking about its start-up time. The JVM isn’t known for being fast to boot, and many application frameworks have only made the situation worse.

»
Author's profile picture Joe Kutner