×
Java

Java 8 Delayed To Fix Security 135

Posted by Soulskill from the projected-release-2047 dept.
mikejuk writes "Java Development Kit 8, planned for September 2013, is being delayed until next year because of 'a renewed focus on security.' Java has been having security publicity problems recently, but Oracle now seems to be taking them more seriously. Mark Reinhold, chief architect of the Java platform group, said, 'Maintaining the security of the Java Platform always takes priority over developing new features, and so these efforts have inevitably taken engineers away from working on Java 8.' The major change still to be made to Java 8 is Project Lambda, which Reinhold says is 'the sole driving feature of the release.' He laid out alternatives, such as dropping Lambda from this release, but said Oracle has decided instead to wait until Lambda is ready. The revised schedule for JDK 8 has a developer preview scheduled for September, a release candidate scheduled for January 2014, and general availablity scheduled for March 2014. The delay means that Java SE 9 will probably be released in early 2016, rather than late 2015."
Oracle

Oracle Fixes 42 Security Vulnerabilities In Java 211

Posted by samzenpus from the patching-things-up dept.
wiredmikey writes "Oracle released its quarterly Critical Patch Update (CPU) for April, which addressed a whopping 128 security issues across multiple product families. As part of its update, Oracle released a Java SE Critical Patch Update to plug 42 security holes in Java, 19 with base CVE score of 10 (the highest you can go) and 39 related to the Java Web Start plugin which can be remotely exploited without authentication. According to security analyst Wade Williamson, organizations need to realize that Java will continue to pose a significant risk. 'The first step is for an organization to understand precisely where and why Java is needed,' Williamson wrote. 'Based on the rate of newly discovered vulnerabilities, security teams should assume that Java is and will continue to be vulnerable.' Organizations should to take a long, hard look at Java and answer for themselves if it's worth it, Williamson added. Due to the threat posed by a successful attack, Oracle is strongly recommending that organizations apply the security fixes as soon as possible."
Java

Ask Slashdot: Building a Web App Scalable To Hundreds of Thousand of Users? 274

Posted by Soulskill from the get-up-in-that-there-cloud dept.
AleX122 writes "I have an idea for a web app. Things I know: I am not the first person with a brilliant idea. Many others 'inventors' failed and it may happen to me, but without trying the outcome will always be failure. That said, the project will be huge if successful. However, I currently do not have money needed to hire developers. I have pretty solid experience in Java, GWT, HTML, Hibernate/Eclipselink, SQL/PLSQL/Oracle. The downside is project nature. All applications I've developed to date were hosted on single server or in small cluster (2 tomcats with fail-over). The application, if I succeed, will have to serve thousands of users simultaneously. The userbase will come from all over the world. (Consider infrastructure requirements similar to a social network.) My questions: What technologies should I use now to ensure easy scaling for a future traffic increase? I need distributed processing and data storage. I would like to stick to open standards, so Google App Engine or a similar proprietary cloud solution isn't acceptable. Since I do not have the resources to hire a team of developers and I will be the first coder, it would be nice if technology used is Java related. However, when you have a hammer, everything looks like a nail, so I am open to technologies unrelated to Java."
Education

'CodeSpells' Video Game Teaches Children Java Programming 245

Posted by samzenpus from the get-in-upstairs-and-play-your-games dept.
CyberSlugGump writes "Computer scientists at UC San Diego have developed a 3D first-person video game designed to teach young students Java programming. In CodeSpells, a wizard must help a land of gnomes by writing spells in Java. Simple quests teach main Java components such as conditional and loop statements. Research presented March 8 at the 2013 SIGCSE Technical Symposium indicate that a test group of 40 girls aged 10-12 mastered many programming concepts in just one hour of playing."
Software

Apache Terminates Struts 1 61

Posted by timothy from the now-you'll-need-to-improvise dept.
twofishy writes "Struts 1, the venerable Java MVC Web framework, has reached End Of Life status, the Apache foundation has announced. In a sense, the move simply formalises what has already happened, as the Struts team have focused their efforts on version 2; the last release of Struts 1 was version 1.3.10 in December 2008. The change of status does mean however that, whilst the code and documentation will still be available, no further security patches or bug fixes will be issued."
Software

Ask Slashdot: Preparing For the 'App Bubble' To Pop? 240

Posted by Soulskill from the covering-all-your-bases dept.
Niris writes "I am currently a senior in computer science, and am expecting to graduate in December. I have an internship lined up in Android development with medium sized company that builds apps for much larger corporations, and I have recently begun a foray into iOS development. So far my experience with Android ranges from a small mobile game (basically Asteroids), a Japanese language study aid, and a fairly large mobile app for a local non-profit that uses RSS feeds, Google Cloud Messaging and various APIs. I have also recently started working with some machine learning algorithms and sensors/the ADK to start putting together a prototype for a mobile business application for mobile inspectors. My question: is my background diverse enough that I don't have to worry about finding a job if all the predictions that the 'app bubble' will pop soon come true? Is there another, similar area of programming that I should look into in order to have some contingencies in place if things go south? My general interests and experience have so far been in mobile app development with Java and C++ (using the NDK), and some web development on both the client and server side. Thank you!"
Java

Oracle Clings To Java API Copyrights 207

Posted by samzenpus from the hold-on-tight dept.
An anonymous reader writes in with a story about some of the ramifications of the Oracle-Google lawsuit. "You could hear a collective sigh of relief from the software developer world when Judge William Alsup issued his ruling in the Oracle-Google lawsuit. Oracle lost on pretty much every point, but the thing that must have stuck most firmly in Oracle’s throat was this: 'So long as the specific code used to implement a method is different, anyone is free under the Copyright Act to write his or her own code to carry out exactly the same function or specification of any methods used in the Java API. It does not matter that the declaration or method header lines are identical. Under the rules of Java, they must be identical to declare a method specifying the same functionality — even when the implementation is different. When there is only one way to express an idea or function, then everyone is free to do so and no one can monopolize that expression. And, while the Android method and class names could have been different from the names of their counterparts in Java and still have worked, copyright protection never extends to names or short phrases as a matter of law.'"
Java

Everything About Java 8 233

Posted by Soulskill from the building-a-new-generation-of-security-holes dept.
New submitter reygahnci writes "I found a comprehensive summary of the developer-facing changes coming in Java 8 including: improvements to interfaces, functional interfaces, lambdas, functions, streams, parallels, date/time improvements, and more. The article includes example code with realistic examples of use as well as explaining the reasoning behind some of the choices made by the developers who are working on Java 8."
Cloud

Massachusetts May Try To Tax the Cloud 172

Posted by timothy from the if-it-moves-tax-it-if-it's-ephemeral-tax-it dept.
CowboyRobot writes "A proposed tax in Massachusetts may affect software services and Web design and hosting. If approved, the state estimates the tax may bring in a quarter billion dollars in 2014 by expanding its tax on 'canned software' to include some elements of cloud computing. The tax would cover custom-designed software and services based in the cloud. "Custom" software includes the design of Web sites, so the cost to local businesses of a new Web site would increase by 4.5% on contracts to design the site, write Java, PHP or other custom code. The cost of site hosting and bandwidth would also be taxed."
Java

Apple Nabs Java Exploit That Bypassed Disabled Plugin 97

Posted by timothy from the heading-them-off-before-they-head-you-off dept.
Trailrunner7 writes "Apple on Thursday released a large batch of security fixes for its OS X operating system, one of which patches a flaw that allowed Java Web Start applications to run even when users had Java disabled in the browser. There have been a slew of serious vulnerabilities in Java disclosed in the last few months, and security experts have been recommending that users disable Java in their various browsers as a protection mechanism. However, it appears that measure wasn't quite enough to protect users of some versions of OS X."
Programming

Comparing the C++ Standard and Boost 333

Posted by Soulskill from the shaping-an-industry dept.
Nerval's Lobster writes "The one and only Jeff Cogswell is back with an article exploring an issue important to anyone who works with C++. It's been two years since the ISO C++ committee approved the final draft of the newest C++ standard; now that time has passed, he writes, 'we can go back and look at some issues that have affected the language (indeed, ever since the first international standard in 1998) and compare its final result and product to a popular C++ library called Boost.' A lot of development groups have adopted the use of Boost, and still others are considering whether to embrace it: that makes a discussion (and comparison) of its features worthwhile. 'The Standards Committee took some eight years to fight over what should be in the standard, and the compiler vendors had to wait for all that to get ironed out before they could publish an implementation of the Standard Library,' he writes. 'But meanwhile the actual C++ community was moving forward on its own, building better things such as Boost.'"
Image

Book Review: Hadoop Beginner's Guide Screenshot-sm 57

Posted by samzenpus from the read-all-about-it dept.
First time accepted submitter sagecreek writes "Hadoop is an open-source, Java-based framework for large-scale data processing. Typically, it runs on big clusters of computers working together to crunch large chunks of data. You also can run Hadoop in "single-cluster mode" on a Linux machine, Windows PC or Mac, to learn the technology or do testing and debugging. The Hadoop framework, however, is not quickly mastered. Apache's Hadoop wiki cautions: "If you do not know about classpaths, how to compile and debug Java code, step back from Hadoop and learn a bit more about Java before proceeding." But if you are reasonably comfortable with Java, the well-written Hadoop Beginner's Guide by Garry Turkington can help you start mastering this rising star in the Big Data constellation." Read below for the rest of Si's review.
Security

Chrome, Firefox, IE 10, Java, Win 8 All Hacked At Pwn2Own 183

Posted by timothy from the soooory-eh dept.
mask.of.sanity writes "Annual Canadian hack fest Pwn2Own is famous for leaving a trail of bloodied software bits and today it did not disappoint. Security researchers tore holes through all major web browsers, breaking Windows 8 and Java, too (though the latter feat is not remarkable). Thankfully for the rest of us, the cashed-up winners will disclose the holes quietly to Microsoft, Mozilla, Google and Oracle, and the proof of concept attack code will remain in the hands of organisers only."
Java

Oracle Rushes Emergency Java Update To Patch McRAT Vulnerabilities 165

Posted by Unknown Lamer from the brought-to-you-by-c-sharp dept.
msm1267 writes "Oracle has once again released an emergency Java update to patch zero-day vulnerabilities in the browser plug-in, the fifth time it has updated the platform this year. Today's update patches CVE-2013-1493 and CVE-2013-0809, the former was discovered last week being exploited in the wild for Java 6 update 41 through Java 7 update 15. The vulnerability allows for arbitrary memory execution in the Java virtual machine process; attackers exploiting the flaw were able to download the McRAT remote access Trojan."
Java

New Java 0-Day Vulnerability Being Exploited In the Wild 193

Posted by Soulskill from the once-more-unto-the-security-breach dept.
An anonymous reader writes "Here we go again. A new Java 0-day vulnerability is being exploited in the wild. If you use Java, you can either uninstall/disable the plugin to protect your computer or set your security settings to 'High' and attempt to avoid executing malicious applets. This latest flaw was first discovered by security firm FireEye, which says it has already been used 'to attack multiple customers.' The company has found that the flaw can be exploited successfully in browsers that have Java v1.6 Update 41 or Java v1.7 Update 15 installed, the latest versions of Oracle's plugin."
Software

Microsoft, BSA and Others Push For Appeal On Oracle v. Google Ruling 191

Posted by timothy from the poor-innocent-business-model dept.
sl4shd0rk writes "In 2012, Oracle took Google to court over the use of Java in Android. Judge William Alsup brought the ruling that the structure of APIs could not be copyrighted at all. Emerging from the proceedings, it was learned that Alsup himself had some programming background and wasn't bedazzled by Oracle's thin arguments on the range-checking function. The ruling came, programmers rejoiced and Oracle vowed Appeal. It seems that time is coming now, nearly a year later, as Microsoft, BSA, EMC, Netapp, et al. get behind Oracle to overturn Alsup's ruling citing 'destabilization' of the 'entire software industry.'"
Software

Why My Team Went With DynamoDB Over MongoDB 106

Posted by timothy from the mostly-for-the-web-scale-of-it dept.
Nerval's Lobster writes "Software developer Jeff Cogswell, who matched up Java and C# and peeked under the hood of Facebook's Graph Search, is back with a new tale: why his team decided to go with Amazon's DynamoDB over MongoDB when it came to building a highly customized content system, even though his team specialized in MongoDB. While DynamoDB did offer certain advantages, it also came with some significant headaches, including issues with embedded data structures and Amazon's sometimes-confusing billing structure. He offers a walkthrough of his team's tips and tricks, with some helpful advice on avoiding pitfalls for anyone interested in considering DynamoDB. 'Although I'm not thrilled about the additional work we had to do (at times it felt like going back two decades in technology by writing indexes ourselves),' he writes, 'we did end up with some nice reusable code to help us with the serialization and indexes and such, which will make future projects easier.'"
Java

Apple Hit By Hackers Who Targeted Facebook 148

Posted by Soulskill from the getting-hacked-is-now-the-trendy-thing-to-do dept.
snydeq writes "Apple was recently attacked by hackers who infected the Macintosh computers of some employees, the company said on Tuesday in an unprecedented disclosure that described the widest known cyber attacks against Apple-made computers to date, Reuters reports. 'The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. ... A person briefed on the investigation into the attacks said that hundreds of companies, including defense contractors, had been infected with the same malicious software, or malware. The attacks mark the highest-profile cyber attacks to date on businesses running Mac computers.'"
Programming

Why Hasn't 3D Taken Off For the Web? 320

Posted by samzenpus from the adding-some-depth dept.
First time accepted submitter clockwise_music writes "With HTML5 we're closer to the point where a browser can do almost everything that a native app can do. The final frontier is 3D, but WebGL isn't even part of the HTML5 standard, Microsoft refuses to support it, Apple wants to push their native apps and it's not supported in the Android mobile browser. Flash used to be an option but Adobe have dropped mobile support. To reach most people you'd have to learn Javascript, WebGL and Three.js/Scene.js for Chrome/Firefox, then you'd have to learn Actionscript + Flash for the Microsofties, then learn Objective-C for the apple fanboys, then learn Java to write a native app for Android. When will 3D finally become available for all? Do you think it's inevitable or will it never see the light of day?"
Facebook

Facebook Employees' Laptops Compromised; User Data Believed Safe 75

Posted by timothy from the safely-exploited-by-facebook dept.
Trailrunner7 writes "Laptops belonging to several Facebook employees were compromised recently and infected with malware that the company said was installed through the use of a Java zero-day exploit that bypassed the software's sandbox. Facebook claims that no user data was affected by the attack and says that it has been working with law enforcement to investigate the attack, which also affected other unnamed companies. Facebook officials did not identify the specific kind of malware that the attackers installed on the compromised laptops, but said that the employee's machines were infected when they visited a mobile developer Web site that was hosting the Java exploit. When the employees visited the site, the exploit attacked a zero-day vulnerability in Java that was able to bypass the software's sandbox and enable the attackers to install malware. The company said it reported the vulnerability to Oracle, which then patched the Java bug on Feb. 1."

Slashdot Top Deals