Mime4j used by Android’s e-mail client

It just came to my attention that Google uses Mime4j in the e-mail client which is part of Android. The Mime4j project was initiated by myself and Joe Cheng and was initially hosted at Sourceforge.net. At Trillian we use it in SpamDrain to scan e-mail messages for spam and viruses.

The Mime4j project was later moved to Apache and is now a subproject of the Apache James project. Sadly, I haven’t had time lately to be as involved in the project as I once was. However, it seems as if Google is using a very old version of Mime4j. My Sourceforge.net username (ntherning) is still all over the source code :-) .

Seriously, I hope they will upgrade to a more recent version of Mime4j soon. A lot has happened with the code after some of the extremely talented people of the Apache James project got their hands on the code.

Java, SecureRandom and /dev/random gotchas

After running flawlessly for several months a Java server applications we’re using in SpamDrain started to lock up very frequently. A thread dump taken during such a lock up revealed that all the handler threads were stuck inside a call to java.security.SecureRandom.nextInt(). By reading the source code of the SHA1PRNG SecureRandom implementation I figured out that it uses /dev/random under Linux for its source of random numbers. This was the cause of the lock ups.

Continue reading