Java

Oracle Clings To Java API Copyrights 207

Posted by samzenpus from the hold-on-tight dept.
An anonymous reader writes in with a story about some of the ramifications of the Oracle-Google lawsuit. "You could hear a collective sigh of relief from the software developer world when Judge William Alsup issued his ruling in the Oracle-Google lawsuit. Oracle lost on pretty much every point, but the thing that must have stuck most firmly in Oracle’s throat was this: 'So long as the specific code used to implement a method is different, anyone is free under the Copyright Act to write his or her own code to carry out exactly the same function or specification of any methods used in the Java API. It does not matter that the declaration or method header lines are identical. Under the rules of Java, they must be identical to declare a method specifying the same functionality — even when the implementation is different. When there is only one way to express an idea or function, then everyone is free to do so and no one can monopolize that expression. And, while the Android method and class names could have been different from the names of their counterparts in Java and still have worked, copyright protection never extends to names or short phrases as a matter of law.'"
Java

Everything About Java 8 233

Posted by Soulskill from the building-a-new-generation-of-security-holes dept.
New submitter reygahnci writes "I found a comprehensive summary of the developer-facing changes coming in Java 8 including: improvements to interfaces, functional interfaces, lambdas, functions, streams, parallels, date/time improvements, and more. The article includes example code with realistic examples of use as well as explaining the reasoning behind some of the choices made by the developers who are working on Java 8."
Cloud

Massachusetts May Try To Tax the Cloud 172

Posted by timothy from the if-it-moves-tax-it-if-it's-ephemeral-tax-it dept.
CowboyRobot writes "A proposed tax in Massachusetts may affect software services and Web design and hosting. If approved, the state estimates the tax may bring in a quarter billion dollars in 2014 by expanding its tax on 'canned software' to include some elements of cloud computing. The tax would cover custom-designed software and services based in the cloud. "Custom" software includes the design of Web sites, so the cost to local businesses of a new Web site would increase by 4.5% on contracts to design the site, write Java, PHP or other custom code. The cost of site hosting and bandwidth would also be taxed."
Java

Apple Nabs Java Exploit That Bypassed Disabled Plugin 97

Posted by timothy from the heading-them-off-before-they-head-you-off dept.
Trailrunner7 writes "Apple on Thursday released a large batch of security fixes for its OS X operating system, one of which patches a flaw that allowed Java Web Start applications to run even when users had Java disabled in the browser. There have been a slew of serious vulnerabilities in Java disclosed in the last few months, and security experts have been recommending that users disable Java in their various browsers as a protection mechanism. However, it appears that measure wasn't quite enough to protect users of some versions of OS X."
Programming

Comparing the C++ Standard and Boost 333

Posted by Soulskill from the shaping-an-industry dept.
Nerval's Lobster writes "The one and only Jeff Cogswell is back with an article exploring an issue important to anyone who works with C++. It's been two years since the ISO C++ committee approved the final draft of the newest C++ standard; now that time has passed, he writes, 'we can go back and look at some issues that have affected the language (indeed, ever since the first international standard in 1998) and compare its final result and product to a popular C++ library called Boost.' A lot of development groups have adopted the use of Boost, and still others are considering whether to embrace it: that makes a discussion (and comparison) of its features worthwhile. 'The Standards Committee took some eight years to fight over what should be in the standard, and the compiler vendors had to wait for all that to get ironed out before they could publish an implementation of the Standard Library,' he writes. 'But meanwhile the actual C++ community was moving forward on its own, building better things such as Boost.'"
Image

Book Review: Hadoop Beginner's Guide Screenshot-sm 57

Posted by samzenpus from the read-all-about-it dept.
First time accepted submitter sagecreek writes "Hadoop is an open-source, Java-based framework for large-scale data processing. Typically, it runs on big clusters of computers working together to crunch large chunks of data. You also can run Hadoop in "single-cluster mode" on a Linux machine, Windows PC or Mac, to learn the technology or do testing and debugging. The Hadoop framework, however, is not quickly mastered. Apache's Hadoop wiki cautions: "If you do not know about classpaths, how to compile and debug Java code, step back from Hadoop and learn a bit more about Java before proceeding." But if you are reasonably comfortable with Java, the well-written Hadoop Beginner's Guide by Garry Turkington can help you start mastering this rising star in the Big Data constellation." Read below for the rest of Si's review.
Security

Chrome, Firefox, IE 10, Java, Win 8 All Hacked At Pwn2Own 183

Posted by timothy from the soooory-eh dept.
mask.of.sanity writes "Annual Canadian hack fest Pwn2Own is famous for leaving a trail of bloodied software bits and today it did not disappoint. Security researchers tore holes through all major web browsers, breaking Windows 8 and Java, too (though the latter feat is not remarkable). Thankfully for the rest of us, the cashed-up winners will disclose the holes quietly to Microsoft, Mozilla, Google and Oracle, and the proof of concept attack code will remain in the hands of organisers only."
Java

Oracle Rushes Emergency Java Update To Patch McRAT Vulnerabilities 165

Posted by Unknown Lamer from the brought-to-you-by-c-sharp dept.
msm1267 writes "Oracle has once again released an emergency Java update to patch zero-day vulnerabilities in the browser plug-in, the fifth time it has updated the platform this year. Today's update patches CVE-2013-1493 and CVE-2013-0809, the former was discovered last week being exploited in the wild for Java 6 update 41 through Java 7 update 15. The vulnerability allows for arbitrary memory execution in the Java virtual machine process; attackers exploiting the flaw were able to download the McRAT remote access Trojan."
Java

New Java 0-Day Vulnerability Being Exploited In the Wild 193

Posted by Soulskill from the once-more-unto-the-security-breach dept.
An anonymous reader writes "Here we go again. A new Java 0-day vulnerability is being exploited in the wild. If you use Java, you can either uninstall/disable the plugin to protect your computer or set your security settings to 'High' and attempt to avoid executing malicious applets. This latest flaw was first discovered by security firm FireEye, which says it has already been used 'to attack multiple customers.' The company has found that the flaw can be exploited successfully in browsers that have Java v1.6 Update 41 or Java v1.7 Update 15 installed, the latest versions of Oracle's plugin."
Software

Microsoft, BSA and Others Push For Appeal On Oracle v. Google Ruling 191

Posted by timothy from the poor-innocent-business-model dept.
sl4shd0rk writes "In 2012, Oracle took Google to court over the use of Java in Android. Judge William Alsup brought the ruling that the structure of APIs could not be copyrighted at all. Emerging from the proceedings, it was learned that Alsup himself had some programming background and wasn't bedazzled by Oracle's thin arguments on the range-checking function. The ruling came, programmers rejoiced and Oracle vowed Appeal. It seems that time is coming now, nearly a year later, as Microsoft, BSA, EMC, Netapp, et al. get behind Oracle to overturn Alsup's ruling citing 'destabilization' of the 'entire software industry.'"
Software

Why My Team Went With DynamoDB Over MongoDB 106

Posted by timothy from the mostly-for-the-web-scale-of-it dept.
Nerval's Lobster writes "Software developer Jeff Cogswell, who matched up Java and C# and peeked under the hood of Facebook's Graph Search, is back with a new tale: why his team decided to go with Amazon's DynamoDB over MongoDB when it came to building a highly customized content system, even though his team specialized in MongoDB. While DynamoDB did offer certain advantages, it also came with some significant headaches, including issues with embedded data structures and Amazon's sometimes-confusing billing structure. He offers a walkthrough of his team's tips and tricks, with some helpful advice on avoiding pitfalls for anyone interested in considering DynamoDB. 'Although I'm not thrilled about the additional work we had to do (at times it felt like going back two decades in technology by writing indexes ourselves),' he writes, 'we did end up with some nice reusable code to help us with the serialization and indexes and such, which will make future projects easier.'"
Java

Apple Hit By Hackers Who Targeted Facebook 148

Posted by Soulskill from the getting-hacked-is-now-the-trendy-thing-to-do dept.
snydeq writes "Apple was recently attacked by hackers who infected the Macintosh computers of some employees, the company said on Tuesday in an unprecedented disclosure that described the widest known cyber attacks against Apple-made computers to date, Reuters reports. 'The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. ... A person briefed on the investigation into the attacks said that hundreds of companies, including defense contractors, had been infected with the same malicious software, or malware. The attacks mark the highest-profile cyber attacks to date on businesses running Mac computers.'"
Programming

Why Hasn't 3D Taken Off For the Web? 320

Posted by samzenpus from the adding-some-depth dept.
First time accepted submitter clockwise_music writes "With HTML5 we're closer to the point where a browser can do almost everything that a native app can do. The final frontier is 3D, but WebGL isn't even part of the HTML5 standard, Microsoft refuses to support it, Apple wants to push their native apps and it's not supported in the Android mobile browser. Flash used to be an option but Adobe have dropped mobile support. To reach most people you'd have to learn Javascript, WebGL and Three.js/Scene.js for Chrome/Firefox, then you'd have to learn Actionscript + Flash for the Microsofties, then learn Objective-C for the apple fanboys, then learn Java to write a native app for Android. When will 3D finally become available for all? Do you think it's inevitable or will it never see the light of day?"
Facebook

Facebook Employees' Laptops Compromised; User Data Believed Safe 75

Posted by timothy from the safely-exploited-by-facebook dept.
Trailrunner7 writes "Laptops belonging to several Facebook employees were compromised recently and infected with malware that the company said was installed through the use of a Java zero-day exploit that bypassed the software's sandbox. Facebook claims that no user data was affected by the attack and says that it has been working with law enforcement to investigate the attack, which also affected other unnamed companies. Facebook officials did not identify the specific kind of malware that the attackers installed on the compromised laptops, but said that the employee's machines were infected when they visited a mobile developer Web site that was hosting the Java exploit. When the employees visited the site, the exploit attacked a zero-day vulnerability in Java that was able to bypass the software's sandbox and enable the attackers to install malware. The company said it reported the vulnerability to Oracle, which then patched the Java bug on Feb. 1."
Java

Oracle Open Sourcing JavaFX, Including iOS and Android Ports 105

Posted by Unknown Lamer from the don't-tell-larry dept.
hypnosec writes "Oracle is going to open source JavaFX ports for Android and iOS soon as a part of its efforts to open source the framework. JavaFX, destined to replace Swing GUI library as the default method to develop graphical user interfaces, is a framework used to develop cross-platform rich Internet applications. The ports for iOS and Android are based on an 'unreleased version of JavaSE Embedded for iOS/Android.' Oracle's Richard Bair revealed that the 'first bits and pieces' for JavaFX for iOS should probably be out sometime next week. The rest of the release will be scheduled along with the release of Prism (the next-generation toolkit). Oracle is going to keep javafx-font proprietary, but Bair has said developers are already working toward an open source native replacement of the component through the OpenJFX list."
Internet Explorer

IE Patch To Fix 57 Vulnerabilities 91

Posted by timothy from the there's-a-sauce-for-that dept.
Billly Gates writes "Microsoft is advising users to stick with other browsers until Tuesday, when 57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled. There is no word if this patch is to protect IE from the 50+ Java exploits that were patched last week or the new Adobe Flash vulnerabilities. Microsoft has more information here. In semi-related news, IE 10 is almost done for Windows 7 and has a IE10 blocker available for corporations. No word on whether IE 10 will be included as part of the 57 updates."
Firefox

Ask Slashdot: Do Most Programmers Understand the English Language? 330

Posted by Soulskill from the only-if-they've-called-the-right-libraries dept.
Shadoefax writes "I have been developing Firefox add-ons for several years and all so far submitted to AMO have been translated (localized) into several different languages. My latest add-on is geared more to the web developer as opposed to the average web browsing user. (It is a utility for examining JavaScript Objects and their methods and properties.) By my reckoning, I believe JavaScript, HTML, CSS and the DOM are all pretty much designed to be easily understood by English language readers. My question is this: Can I assume that most programmers understand the English language well enough that I may forego localizing the UI? While this will save time, effort and bloat, it may also restrict the usage of (what I hope) is a useful tool for developers."
Java

Apple Angers Mac Users With Silent Shutdown of Java 7 451

Posted by samzenpus from the a-thief-in-the-night dept.
An anonymous reader writes in with news of the continuing saga of Java patches and exploits. "If you're a Mac user who suddenly can't access websites or run applications that rely on Java, you're not alone. For the second time in a month, Apple has silently blocked the latest version of Java 7 from running on OS X 10.6 Snow Leopard or higher via its XProtect anti-malware tool. Apple hasn't issued any official statements advising users of the change or its reasons, but it's a safe bet that the company has deemed Oracle's most recent update to Java insecure. That's why the company stealthily disabled Java on Macs back on Jan. 10, the same day a Java vulnerability was being exploited in the wild."
Communications

Twitter #Hacked 111

Posted by timothy from the coz-it's-a-hashtag-see dept.
theodp writes "Earlier this week, hackers gained access to Twitter's internal systems and stole information, compromising 250,000 Twitter accounts before the breach was stopped. Reporting the incident on the company's official blog, Twitter's manager of network security did not specify the method by which hackers penetrated its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security's advisory that users disable Java in their browsers. Sure, blame everything on Larry Ellison. Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times."
Java

Oracle Responds To Java Security Critics With Massive 50 Flaw Patch Update 270

Posted by timothy from the no-more-jeans-all-patches dept.
darthcamaro writes "Oracle has been slammed a lot in recent months about its lackluster handling of Java security. Now Oracle is responding as strongly as it can with one of the largest Java security updates in history. 50 flaws in total with the vast majority carrying the highest-possible CVSS score of 10."

Slashdot Top Deals