80% of Browsers Found To Be At Risk of Attack 196

CWmike writes "About eight out of every 10 Web browsers run by consumers are vulnerable to attack by exploits of already-patched bugs, a security expert said Thursday. The poor state of browser patching stunned Wolfgang Kandek, CTO of Qualys, which presented data from the company's free BrowserCheck service Wednesday at RSA. 'I really thought it would be lower,' Kandek said. BrowserCheck scans Windows, Mac and Linux machines for vulnerable browsers, as well as up to 18 browser plug-ins, from Adobe's Flash to Windows Media Player. When browsers and plug-ins are tabulated together, between 90% and 65% of all consumer systems scanned with BrowserCheck since June 2010 reported at least one out-of-date component. In January 2011, about 80% of the machines were vulnerable. The most likely plug-in to require a patch: same as last year, Oracle's Java."
Book Reviews

Book Review: jBPM Developer Guide 39

RickJWagner writes "jBPM is a mature, open source business process management (BPM) solution. This book, written in a developer-centric manner, guides the reader through the framework and exposes many important considerations for production use. BPM tools are used to define and execute business processes. They usually come with a graphical editor, which is used to drag and drop boxes onto a graph. The boxes represent activities performed by programs, activities performed by humans, and decision points. If this all sounds like 'graphical programming', it isn't. The picture does draw out the desired series of steps, but there's always configuration and maybe some programming involved as well." Read below for the rest of Rick's review.
Android

BlackBerry Devices May Run Android Apps 158

crankyspice writes "RIM is allegedly prepping the QNX-based operating system running their forthcoming PlayBook tablet to run Android applications, according to a Bloomberg article. As RIM has stated that the QNX platform will run at least some of its upcoming smartphones as well, this could cinch Android's status as the lingua franca of smartphone application environments, especially with BlackBerry's current market leadership and Android's explosive marketshare growth."
Google

Google Brings Design-By-Contract To Java 134

angry tapir writes "Google is developing a set of extensions for Java that should aid in better securing Java programs against buffer overflow attacks. Google has announced that it open sourced a project that its engineers were working on to add a new functionality into Java called Contracts, or Design-By-Contract. 'Contracts exist to check for programmer error, not for user error or environment failures. Any difference between execution with and without runtime contract checking (apart from performance) is by definition a bug. Contracts must never have side effects.'"
Java

Post-Oracle Purchase, How Is Sun's Software Doing? 235

GMGruman writes "Oracle has steadily provoked the open source community since its acquisition of Sun, raising the question of whether the move will simply destroy Sun. But as Paul Krill observes, Oracle has been steadfast in upgrading Sun-derived technologies — and making them profitable, which should mean they will stick around a long time."
Java

Java Floating Point Bug Can Lock Up Servers 157

An anonymous reader writes "Here we go again: Just like the recently-reported PHP Floating Point Bug causes servers to go into infinite loops when parsing certain double-precision floating-point numbers, Sun/Oracle's JVM does it, too. It gets better: you can lock up a thread on most servers just by sending a particular header value. Sun/Oracle has known about the bug for something like 10 years, but it's still not fixed. Java Servlet containers are patching to avoid the problem, but application code will still be vulnerable to user input."
Book Reviews

Book Review: OSGi and Apache Felix 3.0 52

RickJWagner writes "OSGi is a Java framework that's designed to simplify application deployments in shared environments. It allows applications with differing dependencies to run side-by-side in the same container without any deployment time contortions. The end result is that your application that needs FooLib v2.2.2 can run right beside my application that needs FooLib v1.0, something not often possible in today's application servers." Keep reading for the rest of Rick's review.
Programming

Ruby Dropped In Netbeans 7 140

An anonymous reader writes "Ruby/RoR in NetBeans made headlines three years ago, but after Sun was acquired by Oracle there where fears that support for dynamic languages would suffer, as this IDE would be downsized. This has become a reality, since as of version 7, NetBeans will no longer support Ruby."
Google

Google Didn't Ship Relicensed Java Code After All 223

RedK writes "In a follow up to yesterday's news about Google apparently relicensing confidential Oracle code found in Java under the ASL, it seems that the blogger who initially reported the issue was plain wrong, as the files he indicated were in breach of Oracle's copyright do not actually ship with Android. Google has also deleted many of these files, which were mostly used as unit tests."
Google

Does Google Pin Copyright Violations On the ASF? 136

An anonymous reader writes "Florian Mueller claims to have produced new evidence that he believes supports Oracle's case against Google on the copyright side of the lawsuit. Oracle originally presented one example to the court, and that file was found to have been part of older Android distributions, with an Apache license header. Mueller has just published six more files of that kind and believes the Apache Software Foundation will disown those just like the first one because those were never part of the Apache Harmony code base. Furthermore, various source files from the Sun Java Wireless Toolkit were found in the Android codebase, containing a total of 38 copyright notices that mark them as proprietary and confidential, but Google apparently published their source code regardless."
Java

Tomcat 7 Finalized 103

alphadogg writes "The volunteer developers behind Apache Tomcat have released version 7.0.6 of the open-source Java servlet container. 'This is the first stable release of the Tomcat 7 branch,' developer Mark Thomas wrote in an e-mail announcing the release on various Tomcat developer mailing lists. While not a full application server, Tomcat implements the functionality described in the Java Enterprise Edition Web profile specifications. Most notably, it supports version 3.0 of the Servlet API (application programming interface) and version 2.2 of JavaServer Pages, both part of the recently ratified JEE 6. A servlet container manages Java-based applications that can be accessed from a Web browser. One big area of improvement is in configuration management for Web applications. Previous versions required all Web app configuration changes to be entered in a central file called web.xml, a process that led to unwieldy web.xml files as well as security risks."
Security

Browser Exploit Kits Using Built-In Java Feature 96

tsu doh nimh writes "Security experts from several different organizations are tracking an increase in Windows malware compromises via Java, although not from a vulnerability in Windows itself: the threat comes from a feature of Java that prompts the user to download and run a Java applet. Kaspersky said it saw a huge uptick in PCs compromised by Java exploits in December, but that the biggest change was the use of this Java feature for social engineering. Brian Krebs writes about this trend, and looks at two new exploit packs that are powered mainly by Java flaws, including one pack that advertises this feature as an exploit that works on all Java versions."
Google

The Care and Feeding of the Android GPU 307

bonch writes "Charles Ying argues that Android's UX architecture has serious technical issues because, unlike the iPhone and Windows 7, Android composites the interface in software to retain compatibility with lower-class devices. Additionally, Android runs Java bytecode during animation, and garbage collection blocks the drawing system. Google engineers dismiss the desire for hardware-accelerated compositing and cite more powerful hardware and an avoidance of temporary objects as a solution to the collection pauses, but Ying argues that will just lead to [a lower] average battery life compared to devices like the iPhone."
Image

Hello, Android Third Edition Screenshot-sm 74

eldavojohn writes "The third edition of Hello, Android brings the book up to date on Android versions from 1.5 to 2.2 (FroYo). The book is predominantly tied to the Eclipse editing environment with several pages devoted to screen shots of the IDE. As the title suggests, this book aims to give the user the equivalent of a "Hello, world!" application in Android and succeeds in doing that but doesn't take the reader much further. From creating a sudoku application with increasing support to dabbling in OpenGL ES, the book's prime audience are people who know a little Java (with no aversion to Eclipse) and XML but absolutely no Android. You can find the source for all the examples." Keep reading for the rest of eldavojohn's review.
Programming

Does Typing Speed Really Matter For Programmers? 545

theodp writes "I can't take slow typists seriously as programmers,' wrote Coding Horror's Jeff Atwood last fall. 'When was the last time you saw a hunt-and-peck pianist?' Atwood's rant prompted John Cook to investigate just how important it is to be able to type quickly. 'Learning to type well is a good investment for those who are physically able to do so,' concludes Cook, 'but it's not that important. Once you reach moderate proficiency, improving your speed will not improve your productivity much. If a novelist writing 1000 words per day were able to type infinitely fast, he or she could save maybe an hour per day.' At 150 WPM, notes Cook, the world's fastest typist was still only 10x faster than Stephen Hawking."
Google

VLC For Android May Arrive In Early 2011 90

dkd903 writes "The development of an Android client for VLC has been going on for months now, but it has been slowed down by the fact that Android's multimedia output libraries are in Java. VLC itself is based on C and so translating them to Java is difficult and takes time. With the newer Android NDK, however, using native codes for Android apps has been becoming easier. So, the VLC developers have developed two basic modules for audio and video output based on the new NDK and most of the VLC libraries have been ported to Android."
Image

Jboss AS 5 Performance Tuning Screenshot-sm 45

RickJWagner writes "20 percent inert ingredients, 80 percent nitro glycerin. That's how I'd describe JBoss AS 5 Performance Tuning from Packt. The first 50 pages are nothing to get excited about. This first chapter and a half describes the author's performance tuning life cycle methodology and introduces us to a handful of open source tools that can assist us in our tuning efforts. The tools section seems especially weak-- there are plenty of screenshots showing the tool's menu screens, something you'd normally pick up in about a minute from the tool's distribution website. Honestly, at this point I was beginning to wonder if this book was going to live up to my expectations. Luckily I pressed on for a few more pages, and hit the rich paydirt that makes up the rest of the book. From that point on, every section yielded valuable tuning advice." Keep reading for the rest of Rick's review.
Google

Google Donates Windowbuilder, Codepro To Eclipse 150

h00manist writes "Google is donating Windowbuilder Pro and Codepro Profiler to the Eclipse project. 'Google acquired the software when it bought Instantiations, relaunching the Java graphical user interface building tool Windowbuilder Pro shortly after. Now the outfit has decided to donate both Windowbuilder Pro and the code analysis tool Codepro to the open source Eclipse project. Although Google has announced its intention to donate the software, it needs go through a rigorous filtering process to ensure that no intellectual property rights will be breached. Once those formalities are dealt with, it is likely that both Windowbuilder Pro and Codepro will tip up in the Indigo release of Eclipse sometime in June 2011.'"
Java

Oracle Asks Apache To Rethink Java Committee Exit 266

CWmike writes "Oracle has asked the Apache Software Foundation to reconsider its decision to quit the Java SE/EE Executive Committee, and is also acknowledging the ASF's importance to Java's future. In a message released late Thursday, an Oracle executive made conciliatory gestures to Apache. At least for now, the ASF doesn't seem eager to rejoin the committee. 'Give us a reason why the ASF should reconsider other than "please,"' ASF president Jim Jagielski said in a Twitter post on Thursday. The Java Community Process is 'dead,' Jagielski said in a blog post, also on Thursday. 'All that remains is a zombie, walking the streets of the Java ecosystem, looking for brains.'"
Java

Apache Resigns From the JCP Executive Committee 136

iammichael writes "The Apache Software Foundation has resigned its seat on the Java SE/EE Executive Committee due to a long dispute over the licensing restrictions placed on the TCK (test kit validating third-party Java implementations are compatible with the specification)."

Slashdot Top Deals