Again, is anyone from the Blackdown guys here, how could explain what is needed?
We have a special license agreement with Sun. If you want to know about the current state about FreeBSD porting activities please contact one of the developers. (Send me a note if you can't find their addresses.)
The only problem with Java on Linux is the Blackdown JDK isn't as well maintained as all that. Their JDK1.1 compiler segfaults with
RH7, meaning I can't compile applets on this machine (because most browsers only inherently have 1.1 support). I am an avid Linux
user (been my desktop for two and a half years now) and would have to say that Java is pretty great.
That's bug in RedHat's glibc (they actually shipped a broken beta release). Upgrade to
glibc-2.1.94 or higher.
I read the BrownOffice Site but it didn't say if it was all cross platformed. Does it effect every version? Windows, Linux, Solaris, etc? or just what it seems to be is the Linux implementation...
The exploit uses some classes from netscape's java40.jar file (netscape.net.URLConnection and netscape.net.URLInputStream). These classes are part of all netscape versions. The classes have some native methods but it's very likely that this native code is shared between platforms too. So, I think all platforms are affected (though I've only tested the exploit on Linux).
and does this mean it's resident in Mozilla too?
No, Mozilla doesn't use Netscape's VM. Mozilla uses an external JVM (e.g. the one form Sun) which usually doesn't have these netscape.net.* classes
No, the plug-in is *not* vulnerable. The plug-in only gets activated when the HTML code uses a special tag (not by a plain applet tag).
Also, the exploit uses classes from netscapes java40.jar (netscape.net.URLConnection and netscape.net.URLInputStream), these classes are *not* available in the plug-in.
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://www.blackdown.org/java-linux.html
JVM'01: http://www.usenix.org/events/jvm01/
Re:Sun's one-track mind I don't know the exact det
on
JavaOne report
·
· Score: 1
I don't know the exact details, but it's basically that any implementation of Swing made after even looking at Sun's documentation falls under Sun's licensing restrictions. According to those rules, there is no such thing as a "clean-room implementation".
That's not correct. Reading the API documentation does not keep you from making a clean-room implementation.
Just to clarify this: The announced Java3D version is made by Blackdown. The version you use is Java3D 1.1.3 (and we have a final version of that right now). The version mentioned at JavaOne was Java3D 1.2, we have a working build of 1.2 but I want to do some additional testing before making a final release. Stay tuned.
I think there is one more good thing about it. Java source from Sun depends on Motif and now it can be compiled agains The Real Thing. Not that it was not possible with LessTiff, but it might give some warm fuzzies.
If you intend to do serious work on the Java code you should think about helping Blackdown.
They can't give you the source, except under the terms of the supposedly unacceptable Sun Community licence. If you are willing to sign up under Sun's requirements, feel free to join the Blackdown project and work on the Alpha port.
An Alpha guy would be very welcome on the team. Currently we have no Alpha porters, so we will provide Java2 v1.3 only on Intel, PPC, Sparc(64), ARM, MIPS, m68k.
> > blackdown's 1.2 uses --native threads. > > If you start java with the -native flag, it warns that native threads are not ? supported in this release. > > I haven't had any problems with it though.
That's Sun's JDK which has a very outdated version of our native threads implementation. Try the Blackdown JDK, it uses native threads by default.
If you take a look at our status page, you'll see that we support non-intel architectures like sparc, ppc, m68k, arm,... For a comparison of JVMs take a look at the latest VolanoMark results. (The Blackdown JDK does quite well).
Slashdot Mirror
Juergen
Blackdown Java-Linux
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://www.blackdown.org/java-linux.html
JVM'01: http://www.usenix.org/events/jvm01/
Juergen
Blackdown Java-Linux Team
--
Juergen Kreileder, Blackdown Java-Linux Team
http://www.blackdown.org/java-linux.html
JVM'01: http://www.usenix.org/events/jvm01/
No, the plug-in is *not* vulnerable. The plug-in only gets activated when the HTML code uses a special tag (not by a plain applet tag).
Also, the exploit uses classes from netscapes java40.jar (netscape.net.URLConnection and netscape.net.URLInputStream), these classes are *not* available in the plug-in.
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://www.blackdown.org/java-linux.html
JVM'01: http://www.usenix.org/events/jvm01/
Juergen, Blackdown Java-Linux
Just to clarify this: The announced Java3D version is made by Blackdown. The version you use is Java3D 1.1.3 (and we have a final version of that right now). The version mentioned at JavaOne was Java3D 1.2, we have a working build of 1.2 but I want to do some additional testing before making a final release. Stay tuned.
Juergen -- Blackdown Java-Linux
Juergen
--
Blackdown Java-Linux
Juergen
--
Blackdown Java-Linux
An Alpha guy would be very welcome on the team. Currently we have no Alpha porters, so we will provide Java2 v1.3 only on Intel, PPC, Sparc(64), ARM, MIPS, m68k.
Juergen
--
Blackdown Java-Linux
> > blackdown's 1.2 uses --native threads.
>
> If you start java with the -native flag, it warns that native threads are not ? supported in this release.
>
> I haven't had any problems with it though.
That's Sun's JDK which has a very outdated version of our native threads implementation. Try the Blackdown JDK, it uses native threads by default.
Juergen
--
Blackdown Java-Linux
For a comparison of JVMs take a look at the latest VolanoMark results. (The Blackdown JDK does quite well).
Juergen