This article suggests that this theory is already refuted. Perhaps the Nature article has been several months in the pipeline and isn't up to date. Any physicists can comment?
It isn't as widely known but you can make a private Java install just by copying the JRE directory. For example if you want your application not to depend on the system version. It works ok in Linux and in Windows.
C is a PITA for high level work. And I would use C++ anyway; less buffers overruns, more libraries, more type checking. Just the same things I like in Java. Just is better done in Java. Not that Java doesn't have its problems also.
Clearly, they didn't prioritize things high enough. Meanwhile, what makes you think that magically, all 50 patches became ready for release on exactly the same day? Prior to the release, not a word out of them to even demonstrate an awareness of the severity of the problem.
that is usually the case with security issues. Nothing is announced until the release. For java some issues the details are not made public even after.
then please provide examples. I have never seen Java to delete anything, even old deprecated methods. In my experience is a developer problem most of the time.
At least ActiveX has signed controls as of IE 6 SP1 which the browser will refuse to run anything unsigned.
Unsigned applets run in a sandbox with limited privileges since java 1.3 at least. That's from year 2000. With the last version you can disable applet execution and set a security level for unsigned applets. I agree that perhaps the default should be to disable applets.
the universe does have a center, at the observer. most of the universe has already exceeded light speed with regards to us, we'll never see or travel to most of it.
By the same reasoning we should believe in a Ptolemaic system, given that we obviously are at the center of the solar system.
Parent of who? And what is flawed by design? if you mean Java then we could possibly apply the same analysis to almost every technology on the Internet.
My thoughts exactly. Has really Oracle dropped the ball or is just too much attention from hackers or bad luck? Does really Java has a worst security record than other software (browsers, OSs, PHP)? Or is just that the Java exploit got much more press than others in the past?
I think he meant Kobol, the originating planet of the thirteen tribes.... Took a lot longer than 5 years to die but then again, the Galactica found it in ruin and didn't stay for archeological studies...
Remember, if you use Kobol in a project the gods will punish you.
For example, Java might have been a great idea, if it's main purpose was to enable applications... not games... to write once, run anywhere. This is largely being replaced with Javascript which is easier for people to understand because it lacks all the class bullshit that nobody understands.
You know, for most people actually using Java it works well for applications to write one, run anywhere, it's easy enough to understand, have an extensive library and even some commercial games are written in it (Rune, Minescape). The principal source of complexity is in the number of different frameworks available, but don't we like alternatives here in Slashdot? I think it is being reemplaced by Javascript in the front end mostly because of other issues, namely Java requires a relatively big runtime to deploy, user interfaces are not as easy as in other languages nor as pretty by default and the general movement from desktop to the web.
Slashdot Mirror
This article suggests that this theory is already refuted. Perhaps the Nature article has been several months in the pipeline and isn't up to date.
Any physicists can comment?
Me neither. Can you tell me which was the option to keep my reading synchronized between all my devices?
Perhaps it wasn't. I just wanted to note that it is common policy.
it is, if the alternative is irrecuperable data corruption.
mod +1 informative please.
It isn't as widely known but you can make a private Java install just by copying the JRE directory. For example if you want your application not to depend on the system version. It works ok in Linux and in Windows.
Java SE 7 has on average experienced 110 vulnerabilities per year. .NET Framework 4 has on average experienced 11 vulnerabilities per year.
That is ten times more vulnerabilities in a Java base class library which does even cover the same functionality as the .NET Framework does.
So basically you are saying that Microsoft is ten times less efficient to find security bugs? I'm shocked!
Really? desktop applications?
C is a PITA for high level work. And I would use C++ anyway; less buffers overruns, more libraries, more type checking. Just the same things I like in Java. Just is better done in Java. Not that Java doesn't have its problems also.
since when? gmail was said to be in java and google has many open source java tools like gwt, guava and others.
Does one of those patches s/GPL/BSD/g and release all the patents?
You are joking right? Sun open sourced java under GPL in 2006. Most java bashers in slahsdot seem to ignore that.
Clearly, they didn't prioritize things high enough. Meanwhile, what makes you think that magically, all 50 patches became ready for release on exactly the same day? Prior to the release, not a word out of them to even demonstrate an awareness of the severity of the problem.
that is usually the case with security issues. Nothing is announced until the release. For java some issues the details are not made public even after.
Was it because something was deleted as GP says?
anything can broke with a new version, thats what testing is for.
then please provide examples. I have never seen Java to delete anything, even old deprecated methods.
In my experience is a developer problem most of the time.
That seem more a problem with the applications than with Java. Can you mention real examples?
At least ActiveX has signed controls as of IE 6 SP1 which the browser will refuse to run anything unsigned.
Unsigned applets run in a sandbox with limited privileges since java 1.3 at least. That's from year 2000. With the last version you can disable applet execution and set a security level for unsigned applets.
I agree that perhaps the default should be to disable applets.
the universe does have a center, at the observer. most of the universe has already exceeded light speed with regards to us, we'll never see or travel to most of it.
By the same reasoning we should believe in a Ptolemaic system, given that we obviously are at the center of the solar system.
I have seen things like that in real life. Perhaps not all in the same app but near enough. I really hate to use applets in that way.
Parent of who?
And what is flawed by design? if you mean Java then we could possibly apply the same analysis to almost every technology on the Internet.
Sorry, I can't help it. I just had to answer it.
The same way that I must say this: you have a four-digit id! awesome! :-)
My thoughts exactly. Has really Oracle dropped the ball or is just too much attention from hackers or bad luck? Does really Java has a worst security record than other software (browsers, OSs, PHP)? Or is just that the Java exploit got much more press than others in the past?
I'm not sure but I think any version resets some configurations. For example I have to disable the auto update feature after installing.
Wrong answer!
no, COBOL was written before software security was invented.
I think he meant Kobol, the originating planet of the thirteen tribes.... Took a lot longer than 5 years to die but then again, the Galactica found it in ruin and didn't stay for archeological studies...
Remember, if you use Kobol in a project the gods will punish you.
For example, Java might have been a great idea, if it's main purpose was to enable applications... not games... to write once, run anywhere. This is largely being replaced with Javascript which is easier for people to understand because it lacks all the class bullshit that nobody understands.
You know, for most people actually using Java it works well for applications to write one, run anywhere, it's easy enough to understand, have an extensive library and even some commercial games are written in it (Rune, Minescape).
The principal source of complexity is in the number of different frameworks available, but don't we like alternatives here in Slashdot?
I think it is being reemplaced by Javascript in the front end mostly because of other issues, namely Java requires a relatively big runtime to deploy, user interfaces are not as easy as in other languages nor as pretty by default and the general movement from desktop to the web.