Just enforce a formatter on commit. If the formatted code is any different from the original file, abort the commit. Git makes this kind of thing easy. It also means the repository is always in a sane state. A simple script can reformat all changed files trivially before a commit operation.
It's a bit worse than that. The article, and exploit, refers to the enterprise platform, but community editions are also vulnerable - and many people run the non-Redhat paid versions for a variety of reasons (not just businesses trying to be cheap). The only supported community release is JBoss 7 and the console works differently there.
In 4.0.x the console was unsecured - fine, this is no longer a supported Enterprise platform.
In 4.2.x onwards, the console shipped secured to a degree. The vulnerability is in that the default config only secured GET and POST requests, and the worm exploits this. The fix is to remove the GET and POST constraints such that all methods are protected.
Around 1999/2000 I remember seeing a guy talking on his phone very loudly about some deal he was handling, while walking out of a major London tube station. Then his phone rang and he couldn't figure out how to answer it. Many people laughed quite loudly.
You can access the equivalent for SWT fairly easily, and there are implementations of Graphics2D that proxy to the underlying SWT GC if you want to use Graphics2D, eg in the JFreeChart experimental jar (we do this for some of our custom drawn components, simply because it means we can use them in SWT and Swing with a bit of glue code).
With the latest Java releases (you are running the latest 6.0 release?) you shouldn't be seeing that behaviour. The way applets are handled has totally changed to be more like Webstart, which makes them much more robust. That said, I don't run Firefox, so maybe there is an issue there.
However, most Java applets are badly written. Few people appreciate how to use Swing/AWT properly in an application, let alone in Applets.
SWT is awful. At least Swing is pretty clean, and logical. SWT is often utterly insane - look inside the code for proof of that. Swing is also totally extensible. SWT is not (the number of classes that state the class is not final but must not be extended is quite impressive). I say this as someone working on a small (450k semicolons) SWT/RCP application which integrates components written in Swing, JOGL and Processing.org.
And replace it with what? The only real alternative is SWT, and that's awful to work with. At least Swing is a nice framework, and anyway, Swing apps can look nice, the main problem being that most developers don't bother to find out how (and that most Swing guides / books are wrong in many ways).
Developers naturally want to build interfaces that are almost a one-to-one mapping to their (flexible?) API. This isn't necessarily what users expect.
IMO you can only build an appropriate user interface for a particular problem if you are an expert in that field yourself - the best advice I've been given is to learn the trade of your users first, then try and build the UI you would want as someone working in that trade.
I've yet to see a playbook in the store, yet alone in the wild, and the rumours from RIM employees are a firesale soon. This latest revelation is more kindling and parafin to the bonfire IMO.
Playbook could have been so good given its architecture and security features, but instead they ruined it with that cheesy "Flash!" advertisement on TV. Every person I know that was aware of the product instantly pigeon-holed it as a bit too geeky. Ho humm.
Except that this is talking primarily about embedded contractors, so it doesn't reduce headcount - you still have the same number of people on your premises, just split over two different budgets. As a contractor I can tell you there is definitely more flexibility to drop staff at a whim - my notice period was recently reduced to *one* week, as opposed to the staff who have a twelve week notice period.
Oh, and I don't get the extra healthcare, training, car parking (expensive, and a 20 minute walk from the car park), flexitime, pension (final salary), shorter hours, childcare assistance, etc.
I too have worked both sides of the fence. As a contractor I feel more obliged to do things properly, and I am rewarded by being respected on the team I'm on and being one of the "go to" people for the rest of the team. On top of that, by doing things properly I'm keeping myself on my toes and improving my skills. What is the point in muddling through and just bodging everything? I'd go insane if I worked like that...
Yeah. Because it isn't like the people on the East Coast get pissed off at the stuff that's only on the West Coast, is it? Let alone people like me from the UK that can't get to see any of it...
mono brings a partial (and buggy) implementation of.NET to linux, that no corporate IT department will let near their systems because it is practically impossible to get any meaningful support for, and is not endorsed by MS as a.NET implementation. Wake me up if that changes.
Slashdot Mirror
Just enforce a formatter on commit. If the formatted code is any different from the original file, abort the commit. Git makes this kind of thing easy. It also means the repository is always in a sane state. A simple script can reformat all changed files trivially before a commit operation.
It's a bit worse than that. The article, and exploit, refers to the enterprise platform, but community editions are also vulnerable - and many people run the non-Redhat paid versions for a variety of reasons (not just businesses trying to be cheap). The only supported community release is JBoss 7 and the console works differently there.
In 4.0.x the console was unsecured - fine, this is no longer a supported Enterprise platform.
In 4.2.x onwards, the console shipped secured to a degree. The vulnerability is in that the default config only secured GET and POST requests, and the worm exploits this. The fix is to remove the GET and POST constraints such that all methods are protected.
Around 1999/2000 I remember seeing a guy talking on his phone very loudly about some deal he was handling, while walking out of a major London tube station. Then his phone rang and he couldn't figure out how to answer it. Many people laughed quite loudly.
I've bought more monitors in the last 10 years than computers...
WHOOOOOSH
"Own" is arguably redundant, since you start with "your."
That comma is arguably redundant.
"Grammar" capitalized, as it is a part of your proper noun.
Full sentences please.
Right. How many people on 15k a year know what Postscript is, let alone how to edit it?
You can access the equivalent for SWT fairly easily, and there are implementations of Graphics2D that proxy to the underlying SWT GC if you want to use Graphics2D, eg in the JFreeChart experimental jar (we do this for some of our custom drawn components, simply because it means we can use them in SWT and Swing with a bit of glue code).
You think all Mac users should run things in X11? Really?
JavaScript is nothing like Java. We aren't being purists, it's a totally different language, with totally different behaviours and semantics.
Java isn't interpreted, nor is it slow. C++ is *not* elegant either, it is pretty disgusting actually.
I think I have to side with the other poster...
What are you replacing it with?
There is your problem, you are running as root ;-)
But seriously, it looks related to these two bugs - http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6935229 and http://bugs.sun.com/view_bug.do?bug_id=6896647. Try enabling the XX options suggested and see if it fixes them (and upgrade to JDK7 when you can; there are lots of things fixed in JDK7 that annoyingly haven't been backported to 6.0).
With the latest Java releases (you are running the latest 6.0 release?) you shouldn't be seeing that behaviour. The way applets are handled has totally changed to be more like Webstart, which makes them much more robust. That said, I don't run Firefox, so maybe there is an issue there.
However, most Java applets are badly written. Few people appreciate how to use Swing/AWT properly in an application, let alone in Applets.
SWT is awful. At least Swing is pretty clean, and logical. SWT is often utterly insane - look inside the code for proof of that. Swing is also totally extensible. SWT is not (the number of classes that state the class is not final but must not be extended is quite impressive). I say this as someone working on a small (450k semicolons) SWT/RCP application which integrates components written in Swing, JOGL and Processing.org.
And replace it with what? The only real alternative is SWT, and that's awful to work with. At least Swing is a nice framework, and anyway, Swing apps can look nice, the main problem being that most developers don't bother to find out how (and that most Swing guides / books are wrong in many ways).
Developers naturally want to build interfaces that are almost a one-to-one mapping to their (flexible?) API. This isn't necessarily what users expect.
IMO you can only build an appropriate user interface for a particular problem if you are an expert in that field yourself - the best advice I've been given is to learn the trade of your users first, then try and build the UI you would want as someone working in that trade.
Seconded - Designing with the Mind in Mind is very good.
And the last thing.
I've yet to see a playbook in the store, yet alone in the wild, and the rumours from RIM employees are a firesale soon. This latest revelation is more kindling and parafin to the bonfire IMO.
Playbook could have been so good given its architecture and security features, but instead they ruined it with that cheesy "Flash!" advertisement on TV. Every person I know that was aware of the product instantly pigeon-holed it as a bit too geeky. Ho humm.
http://flowingdata.com/2009/11/26/fox-news-makes-the-best-pie-chart-ever/
I love Fox news. I'm so sad I cannot receive it here in the UK!
Except that this is talking primarily about embedded contractors, so it doesn't reduce headcount - you still have the same number of people on your premises, just split over two different budgets. As a contractor I can tell you there is definitely more flexibility to drop staff at a whim - my notice period was recently reduced to *one* week, as opposed to the staff who have a twelve week notice period.
Oh, and I don't get the extra healthcare, training, car parking (expensive, and a 20 minute walk from the car park), flexitime, pension (final salary), shorter hours, childcare assistance, etc.
I too have worked both sides of the fence. As a contractor I feel more obliged to do things properly, and I am rewarded by being respected on the team I'm on and being one of the "go to" people for the rest of the team. On top of that, by doing things properly I'm keeping myself on my toes and improving my skills. What is the point in muddling through and just bodging everything? I'd go insane if I worked like that...
The profound incompetence is a given in politics.
There, fixed it for you.
Yeah. Because it isn't like the people on the East Coast get pissed off at the stuff that's only on the West Coast, is it? Let alone people like me from the UK that can't get to see any of it...
mono brings a partial (and buggy) implementation of .NET to linux, that no corporate IT department will let near their systems because it is practically impossible to get any meaningful support for, and is not endorsed by MS as a .NET implementation. Wake me up if that changes.