Java is sandboxed sort of, but it has RMI which sole purpose is to include untrusted unsigned c code. Corporations love it as it means +COM ojbect access for excel, but it also means a cracker can put whatever he wants in it. As Sun/Oracle try to sandbox and limit RMI it then breaks apps and teh corps end up whininng and locking down insecure old versions of it so their shitware apps work as they do with sticking with IE 6 as well.
This part of your post has wrong information. RMI is remote method invocation, has no relationship to execute c code. May be you are referring to JNI, Java Native Interface. I don't think you can execute native code in an unsigned applet. Why would anyone use it for accesing an excel spreedsheet is beyond me given that there are excelent pure java libraries for doing so. Perhaps some company used Java and a COM bridge in the IE6 age when there where few alternatives and now is reticent to re implement it. Maybe this case could help convince them of the error of their ways.
Yeah, the Java updater likes to enable itself in your browser for future exploiting.
That's why the best advice is "remove Java".
After that uninstall your browsers. A user could be catch in a hoax using it or install malware with them. Then uninstall your OS. It can catch viruses, botnet and other malware, you know? That's why them send security updates all the time. If you are very security conscious after all above smash your CPU. You'll be safe then. Time to start your smartphone and... wait a minute...
Perhaps to determine which graphic card you have it has to execute something in your pc. I don't think browsers give that kind of information by themselves yet. Which alternative is there? execute a native application?
Someday I would like to know why people compares Java to COBOL. I haven't met yet someone that make that assertion and have experience in both. I did. I resigned to my COBOL job -may years ago- because I didn't want to have to look at a COBOL program never again. And I say that Java IS NOT COBOL in any technical aspect.
People still confuse Java and JavaScript because they both have Java in the name......why are you amazed?
Well, I believed that people at slashdot has interest in computers and such, so they would better informed on technical things than the average internet user. It seems I forgot this is not 'news for nerds' anymore.
I am surprised that you find it amazing that list of obscure lumps of software all beginning with the word java confuse people.
I had expected the slashdot community not to make that kind of mistakes. Wrong assumption it seams.
Do you find it more, or less amazing that java (perhaps java dash some-obscure-addendum) has eclipsed flash and windows as the malware enabler of choice?
More. I must confess I hadn't expected it at all. I started to be aware of serious security problems with the series of exploits for the Java implementation for Apple platform, 1 or 2 years ago. I don't know if it something that Oracle is doing particularly wrong in the last years or if it is just that hackers are more active lately. Oracle will have to strengthen seriously Java for any kind of remote exploits or disable the plugin for default.
17 years ago java(-.*)* was unleashed, heralded as the saviour of robustness, security and apple pie at only the cost of a few âoemooreâ(TM)s incrementsâ and uniformly ugly interfaces. Now we have this steaming pile.
I don't understand exactly what your point is. Java has a lot of good things and also has its problems. The security problems -as serious as it is- don't invalidate other benefits of the language or the platform, for example for server applications, IDEs, tools, etc.
Now we have a feature to disable it. I bet that âfeatureâ(TM) becomes target #1 of the next wave of malware, so well intentioned people will only think they have disabled it?
As may happen with any other platform. I think it is positive that Oracle acknowledges somewhat that there is a general problem and implements an option to disable the Java plugin. I have at work and at home several Java programs that are not applets and is good to be able to use them without being forced to be open to these kind of security problems.
the latest java updates have a feature to disable the Java Plugin. From the original article: "As several readers have noted, Java 7 Update 10 ships with a feature that makes it far simpler to unplug Java from the browser than in previous. Oracle’s instructions for using that feature are here, and the folks at DHS’s U.S.-CERT are now recommending this method as well."
It amazes me how many people confuses the java runtime, sdk and the java pluging (that is the component that executes applets in browsers).
It's part of the standard, and I know, cause I helped write it.
A-HA! There's the culprit!
It's not just him. I was there as well. The difference is that over several years roaming IEEE 802, I managed to remove more text from the specs than I added. This is probably my biggest contribution to society.
I was going to say that RedLeg comment was very cool but yours is awesome;-)
For example, with.NET you can use Visual Studio and with Java you can use IntelliJ IDEA. Both of them will give you powerful refactoring capabilities and help you navigate unfamiliar code.
And both of those will let an amateur spit out craploads of poor code. Easy to use developer tools lower the bar for generating code quickly, not well written code.
No. Eclipse Java IDE doesn't generate code AFAIK. And refactoring is a very good tool. I don't think Visual Studio either.
I'm simply convinced that there is no way this massive universe is here without there being a practical way to travel it. There absolutely has to be a way.
Seriously if you need 4Gb+ and a 64bit OS to use a fricking browser? And what's worse is you consider that normal? Then maybe the problem isn't the system, its the program. Its a browser not Far Cry II folks.
But but it has the Internet INSIDE! If you don't give it all your memory the Internet may crash!
If they use the Smarter-C-than-C parts of C++ it's fine. Just don't start going overboard with modern C++ style, bloatware with templates and generics, autopointers, overloaded operators and functions, etc, then it's great. Use it as C with better type checking and easier modularization and the C diehards will approve.
Ah, it seems a common case. Some brands of device and networks appliances seem to have used Java applets for management in the first half of 2000 (or programmed like they were stuck at that age) and then didn't keep with technology advances. Somewhat more modern Java versions let the programmer specify the Java version in the applet tag allowing each applet use different java versions. I wonder if it is possible to use some browser plugin like monkeygrease (for firefox) to change the applet tag dinamically allowing the use of this method in your case?
We had an incident a couple of years ago were all our apps (four jboss instances) started running in java 6 32-bits instead of the java 5 64-bits they were always tested and run because of an error on the data center provider who maintained the operating system installed and changed the system default version of java. We didn't even notice the change except that a third-party native shared object (a dll in linux) started to fail, because it was compiled in C for 64-bits. Modern Java reasonably written has wonderful compatibility and portability.
Slashdot Mirror
Javascript has NOTHING to do with java.
Actually, they're both rather mediocre programming languages in their own miserable ways. They have that in common.
Please, provide your examples of which are good languages in your opinion.
I, for one, think that Java is good enough for the job.
Java is sandboxed sort of, but it has RMI which sole purpose is to include untrusted unsigned c code. Corporations love it as it means +COM ojbect access for excel, but it also means a cracker can put whatever he wants in it. As Sun/Oracle try to sandbox and limit RMI it then breaks apps and teh corps end up whininng and locking down insecure old versions of it so their shitware apps work as they do with sticking with IE 6 as well.
This part of your post has wrong information. RMI is remote method invocation, has no relationship to execute c code. May be you are referring to JNI, Java Native Interface. I don't think you can execute native code in an unsigned applet. Why would anyone use it for accesing an excel spreedsheet is beyond me given that there are excelent pure java libraries for doing so.
Perhaps some company used Java and a COM bridge in the IE6 age when there where few alternatives and now is reticent to re implement it. Maybe this case could help convince them of the error of their ways.
Yeah, the Java updater likes to enable itself in your browser for future exploiting.
That's why the best advice is "remove Java".
After that uninstall your browsers. A user could be catch in a hoax using it or install malware with them.
Then uninstall your OS. It can catch viruses, botnet and other malware, you know? That's why them send security updates all the time.
If you are very security conscious after all above smash your CPU.
You'll be safe then. Time to start your smartphone and... wait a minute...
Perhaps to determine which graphic card you have it has to execute something in your pc. I don't think browsers give that kind of information by themselves yet. Which alternative is there? execute a native application?
Perhaps enterprises and developers has some responsibility in this. Just saying.
Someday I would like to know why people compares Java to COBOL. I haven't met yet someone that make that assertion and have experience in both.
I did. I resigned to my COBOL job -may years ago- because I didn't want to have to look at a COBOL program never again. And I say that Java IS NOT COBOL in any technical aspect.
People still confuse Java and JavaScript because they both have Java in the name......why are you amazed?
Well, I believed that people at slashdot has interest in computers and such, so they would better informed on technical things than the average internet user. It seems I forgot this is not 'news for nerds' anymore.
I am surprised that you find it amazing that list of obscure lumps of software all beginning with the word java confuse people.
I had expected the slashdot community not to make that kind of mistakes. Wrong assumption it seams.
Do you find it more, or less amazing that java (perhaps java dash some-obscure-addendum) has eclipsed flash and windows as the malware enabler of choice?
More. I must confess I hadn't expected it at all. I started to be aware of serious security problems with the series of exploits for the Java implementation for Apple platform, 1 or 2 years ago.
I don't know if it something that Oracle is doing particularly wrong in the last years or if it is just that hackers are more active lately. Oracle will have to strengthen seriously Java for any kind of remote exploits or disable the plugin for default.
17 years ago java(-.*)* was unleashed, heralded as the saviour of robustness, security and apple pie at only the cost of a few âoemooreâ(TM)s incrementsâ and uniformly ugly interfaces. Now we have this steaming pile.
I don't understand exactly what your point is. Java has a lot of good things and also has its problems. The security problems -as serious as it is- don't invalidate other benefits of the language or the platform, for example for server applications, IDEs, tools, etc.
Now we have a feature to disable it. I bet that âfeatureâ(TM) becomes target #1 of the next wave of malware, so well intentioned people will only think they have disabled it?
As may happen with any other platform. I think it is positive that Oracle acknowledges somewhat that there is a general problem and implements an option to disable the Java plugin. I have at work and at home several Java programs that are not applets and is good to be able to use them without being forced to be open to these kind of security problems.
the latest java updates have a feature to disable the Java Plugin. From the original article:
"As several readers have noted, Java 7 Update 10 ships with a feature that makes it far simpler to unplug Java from the browser than in previous. Oracle’s instructions for using that feature are here, and the folks at DHS’s U.S.-CERT are now recommending this method as well."
It amazes me how many people confuses the java runtime, sdk and the java pluging (that is the component that executes applets in browsers).
No, Who's on first. What's on second, I don't know is on third.
This is Quantum physics you know? Who is on first and on second and on third, unless you collapse his wave function.
It's part of the standard, and I know, cause I helped write it.
A-HA! There's the culprit!
It's not just him. I was there as well. The difference is that over several years roaming IEEE 802, I managed to remove more text from the specs than I added. This is probably my biggest contribution to society.
I was going to say that RedLeg comment was very cool but yours is awesome ;-)
For example, with .NET you can use Visual Studio and with Java you can use IntelliJ IDEA. Both of them will give you powerful refactoring capabilities and help you navigate unfamiliar code.
And both of those will let an amateur spit out craploads of poor code. Easy to use developer tools lower the bar for generating code quickly, not well written code.
No. Eclipse Java IDE doesn't generate code AFAIK. And refactoring is a very good tool. I don't think Visual Studio either.
easy, just send them more people.
I'm simply convinced that there is no way this massive universe is here without there being a practical way to travel it. There absolutely has to be a way.
So you are an Intelligent Design believer?
That would be Intelligent Traveling believer.
of couse not! that would create a paradox that can destroy your post!
I'm using version Mosaic 2.0.
Seriously if you need 4Gb+ and a 64bit OS to use a fricking browser? And what's worse is you consider that normal? Then maybe the problem isn't the system, its the program. Its a browser not Far Cry II folks.
But but it has the Internet INSIDE! If you don't give it all your memory the Internet may crash!
Why are you using WinRar when 7zip exists?
Why anyone is still using the RAR format is beyond me.
Silent updates you say? I don't remember hearing about them... ;-)
Could be a local hangout.
I don't know, I don't use Google+.
A better X would be cool. However Wayland is not that.
Since nobody else has gotten any better ideas and because sometimes you need to break some old things to do new things it seems this is the new X.
If they use the Smarter-C-than-C parts of C++ it's fine. Just don't start going overboard with modern C++ style, bloatware with templates and generics, autopointers, overloaded operators and functions, etc, then it's great. Use it as C with better type checking and easier modularization and the C diehards will approve.
Amen to that.
Ah, it seems a common case. Some brands of device and networks appliances seem to have used Java applets for management in the first half of 2000 (or programmed like they were stuck at that age) and then didn't keep with technology advances. Somewhat more modern Java versions let the programmer specify the Java version in the applet tag allowing each applet use different java versions.
I wonder if it is possible to use some browser plugin like monkeygrease (for firefox) to change the applet tag dinamically allowing the use of this method in your case?
Are you talking about real cases?
We had an incident a couple of years ago were all our apps (four jboss instances) started running in java 6 32-bits instead of the java 5 64-bits they were always tested and run because of an error on the data center provider who maintained the operating system installed and changed the system default version of java.
We didn't even notice the change except that a third-party native shared object (a dll in linux) started to fail, because it was compiled in C for 64-bits.
Modern Java reasonably written has wonderful compatibility and portability.