Polish Researcher: Oracle Knew For Months About Java Zero-Day

dutchwhizzman writes "Polish security researcher Adam Gowdiak submitted bug reports months ago for the current Java 7 zero-day exploit that's wreaking havoc all over the Internet. It seems that Oracle can't — or won't? — take such reports seriously. Is it really time to ditch Oracle's Java and go for an open source VM?"

Duh

[binarylarry]

You think Uncle Larry gives a fuck?

No. Now pay him his money.

Re:Ditch Java entirely.

[binarylarry]

So your business model is:

1) Ditch Java
2) ???
3) Profit!

You and the underpants gnomes should hook up!

Why are people still using this?

[DrEnter]

Seriously, it isn't even like Java is a particularly good language/environment. Frankly, I would rather deal with architecture issues and multiple platforms and just use C/C++ than put up with Java's issues.

Re:Why are people still using this?

Hey Larry, what's your surname?

Re:Why are people still using this?

[Greyfox]

Native development with applications that retain their state from moment to moment. Now... you kids might have trouble wrapping your heads around this, but imagine for a second that you didn't have a web browser. Ok take a deep breath and don't freak out. Now, you use a GUI library like GTK or QT to provide the interface, instead. The user runs your application on his local system, and all or most of the data is stored locally. So instead of ALL those things, you'd use a user interface library like GTK or QT. They're kind of like Swing or AWT.

So I know what you're thinking; "Well then how do I talk to a database?" Well as it turns out, every database has a library that local applications can use to send SQL queries to the database. It's true! You can also roll a socket protocol to talk to damn near anything else on the internet. You don't even have to use XML if you don't want to!

Now, these applications are linear in execution, so you don't have to maintain a session state or anything like that. When you're in the application, you're just wherever you are in the application. This might take some getting used to.

Now I know what else you're thinking; "But Java is write once run everywhere!" Well your IT department has the same version of Windows installed on every system in your company, so what's the problem? If you use cross-platform libraries like Boost, GTK or QT, odds are good you'll just be able to recompile your binaries if you need to support Linux or OSX, anyway.

Re:Why are people still using this?

P'shaw, all you have to do is use java quickstart. On my PC JQS was somehow performing about 10GB of reads per day. So everything that needed to hit the HDD ran with long random delays. But at least java things started quickly, right?

Re:No

[Blakey+Rat]

Yeah, Lotus Notes "runs" also. Lots of shitty software "runs". My minimum bar isn't "runs" but is "not shitty".

Re:Ditch Java entirely.

[AliasMarlowe]

Everything we do has a business case attached

I'd like to see the formal business case you made for posting on Slashdot.

Well, it was originally a 78 page densely-written scenario analysis document circulated four weeks ago to more than 20 executives and managers. They liked it, so I was authorized to spend a week making 45 slides to reinforce the case, and these were presented two weeks ago to a specially selected focus group of at least 30 managers and engineers. We discussed it for a whole day at the meeting. There were lots of fancy headings, beautiful fonts, pie charts, animations, etc., and I got excited and did a lot of arm-waving which helped persuade the focus group to pass the business case onwards. I'm not sure which team they passed it to, but our processes must be streamlined, because it already got approved today, which was pretty fast.

Anyway here it is, reduced disgracefully down to a single paragraph:
"By encouraging all businesses to waste effort making business cases to justify every decision (including trivial ones), we can cripple our competitors in terms of costs (their management overheads skyrocket), reaction time (all their decisions get delayed), and flexibility (they must omit/neglect some possible decisions). Posting as an AC on Slashdot will advance this goal."