Oracle Promises Patches Next Week For 36 Exploits In Latest Java 154
An anonymous reader writes "Oracle is posting patches for all its products next Tuesday, which include 36 exploits for Java alone and over 140 for all Oracle products currently supported, included over 80 that require no authentication to execute.These patches look to be critical for any administrator. Java 6 users who use equipment or programs that rely on older versions are SOL unless they sign up for a very expensive support contract, as these patches are for Java 7 only."
Re: (Score:2)
Magnets?
How do they work?
Lunar power (Score:1)
concerning is ... (Score:3, Interesting)
that of the 36 Java related bugs, "34 of them (are) exploitable remotely without authentication".
"Java 6 users who use equipment or programs that rely on older versions are SOL unless they sign up for a very expensive support contract, as these patches are for Java 7 only."
+
"Oracle Java JDK and JRE, versions 5.0u55 and earlier, 6u65 and earlier, 7u45 and earlier"
-> Muhahahaha,...
Re:concerning is ... (Score:4, Insightful)
ADP forces the use of an ancient and bug infested version of java for it's timecard application. We've been infected SO MANY times they finally decided to setup a dedicated PC that has no other access.
This of course removes all the benefit of having web acdess to time card entry, eats up time employees could be working but the gossip and knife fights are good entertainment.
Re: (Score:3)
We've been infected SO MANY times they finally decided to setup a dedicated PC that has no other access.
I cringe whenever I see a Point of Sale or other commercial system being used to browse the web.
If you can't afford a separate computer for looking stuff up, you certainly can't afford the pain from getting your crown jewels pwned..
Re: (Score:3)
Any Java program that wont run on a new JVM is already questionable
Yeah, the majority of big Java programs ship with a JRE specifically because switching to a new one may well break something. That doesn't really detract from your statement, but most big Java programs are questionable. Or perhaps the question is why anyone thinks Java is a good idea to begin with.
Re: (Score:2)
Running an old C or C++ program with newer libs isn't exactly without risks either. Even if the abi is the same, the behaviour might have changed, unintentionally most of the times.
It's more a question of what you can manage to test and support. Large applications are more expensive to test, so you are reluctant to upgrade infrastructure components. (Be it Windows versions, JRE:s, dll:s, database servers, etc)
Re: (Score:2)
If you're running an app that's 10 years old -- well... who's fault is that?
If you're running an app that's ten years old, you must be on Windows. Or using Open Source.
Re: (Score:2)
a load of bollocks. This "its only the plugin, everything else about Java is completely secure, don't worry" is just sticking your head in the sand.
There are loads of programs that are exploitable, and they get fixed - no-one says "its fine" with them, why would any part of Java be different. If there is an exploit, and you have a java app that connects to the internet or otherwise is accessible, then its a potential exploit waiting to happen.
That the plugin is a bad idea, and that it allows these exploits
Re: (Score:1)
Re: (Score:1)
In your mind. No binaries. Just think it into being.
Comment removed (Score:4, Interesting)
Re: (Score:1)
sorry, but on slashdot, xkcd is canonical.
Re: (Score:2)
What's a "floppy"?
Less than you can download in a second.
Re: (Score:2)
What's a "floppy"?
Less than you can download in a second.
Something that took a day to download in the mid '90 over a dialup connection (if it stayed connected that long).
Bloat everywhere (Score:2)
Oracle and Java exploits - An anecdote:- A couple of weeks ago I tried to log into my superannuation account, the browser fired back an authentication error, so I notified the company (MLC) who asked me to send them as many technical details as I could. After a little bit of looking around, I noted that the Oracle Access Management system that gave me the error code was was at version (11.1.1.5.0). Oracle's currently version was 11.1.2.1.0. Not too surprising, a supplier that had not patched to the current version.
What did surprise me was that Oracle's Identity Management Patch Set that was available for the version displayed was >2GB - A compressed Java application and framework for a database authentication application that was over 2 Gigabytes in size .
It has been a few years since I wrote any Oracle stuff, but that is ridiculous, what the hell have web based script kiddy/Java type developers been up to. Admittedly I started with Oracle in the Stone Age (V3) and actually shipped an application that used V4. By V6 the C interface which included all the necessary external validation code was small enough to be easily understood and modifiable by a single programmer. My memory is going now, but I seem to remember that in the 1990s all of the code for an early web CGI Oracle interface, including user validation would fit on a floppy.
Why are/were you surprised at the size of the package? I, and many other /.ers remember days when a 30 MB (no kids, that's not a typo) hard disk held dozens of applications, the GUI-based OS, and all our data files. Somewhere along the line APIs, OS frameworks and data files got less compact and then grew as the size of hard drives grew. More features, larger frameworks to accommodate those features and WHAM! you have a 2GB patch set. Sure, I still grumble when I see how big a small application (from a raw
Re: (Score:2)
In the Oracle world, patching does not affect version numbers. A different version means different or new functionality, even if it is the last part of the version.
Based on the version, you cannot determine if it is patched or not.
Makes sense - if they wanted to actually show patch level they'd need a more complex version numbering scheme. Just how much information do you think can really be communicated in 5 separate version numbers?
Re: (Score:3)
Mac browsers (Chrome, Safari, Firefox) don't run Java applets automatically anyway, so it doesn't matter what version of Java you have installed. Remember these exploits are all getting in because you run malicious code inside a sandbox and the sandbox fails. Don't download and run malicious code and you're OK.
Re: (Score:2)
Mac browsers (Chrome, Safari, Firefox) don't run Java applets automatically anyway, so it doesn't matter what version of Java you have installed. Remember these exploits are all getting in because you run malicious code inside a sandbox and the sandbox fails. Don't download and run malicious code and you're OK.
Depends on what version of the OS and Java you are running and whether the user has already acknowledged the site as "safe". Weather.gov uses a mix of Java and other tech to display satellite and radar loops, for instance. The local radar loops (Base and Composite) are Java and after one acknowledgement will load without user intervention another time.
Identifying malicious code first (Score:2)
Don't download and run malicious code and you're OK.
This is true but not very helpful [tvtropes.org]. How should the end user identify malicious code before downloading and running it?
Re: (Score:1)
How should the end user identify malicious code before downloading and running it?
Easy. Load it into a sandboxed simulator, and see what it does. It can't escape the sandbox, right?
Oh, right.
ASK (Score:1)
Re: (Score:1)
Re: (Score:2)
What is wrong with that AC pest anyway?
it would be good if.... (Score:1)
web developers provided alternative site access without JAVA.
Why? Simply because JAVA is a product designed to always have things that need patched.
Its not safe, and never will be.
Re: (Score:2)
you think any other language framework also does not have horrendous security issues?
In related news... (Score:2)
Hello, Android? (Score:3)
Re: (Score:2)
No we are not. We are just forced to set eclipse to generate code which is compatible with Java 6. But there is absolutely no reason to use java 6, just because you do Android development.
Re: (Score:2)
Ok, so 36 problems with Java (Score:2)
34 of those don't require authentication.
That's for the "Java" product group, containing the following products
Java SE
Java SE Embedded
JavaFX
JRockit
What I want to know, is how many are related to the JRE and how many to the Java browser plugin, Webstart and other components.
How many require the plugin? (Score:2)
Like many people, I have Java installed but don't have the browser plugin enabled. This means that the remote-exploitable attack surface is zero; if you don't provide a route for the attacker to get to anything vulnerable, you're totally defended from that whole class of attacks. With applications where you've already installed them locally and which don't download extra code from random locations, the nature of these issues is entirely different. (Any language which it is impossible to deliberately write a
The fix - real fix this time? (Score:1)
Anyone know if this is yet another band-aid patch or are they really fixing the underlying problem? This is why we continue to see patch after patch after patch after patch.. well you get the idea. Turns admins into firemen trying to patch all of the vulnerable machines. Even for my personal machines it's really, really, really old. Glad I'm not an admin. Wonder if Ellison is sorry he bought SUN yet.
Re: (Score:1)
it's only bad if you believe in secure computing and thought java was secure to begin with ;)
Re:again? (Score:4, Insightful)
Java, one of the worst things to happen to computing, ever.
Nah, I doubt anything would be much better, if they were in position Java is now. If it were native code, anybody without the sources would be screwed, now only anybody with Java6 requirement and no sources to fix it is screwed (but they were the moment their software got tied to specific JRE6 version). If it were .net instead of Java, when do you think MS would get around to patching Linux versions? If it were some scripting language... ok, it couldn't be: duck typing is too fragile, performance is problem, no serious contenders for many (not most, but many) Java use cases.
In absence of Java, maybe something really better would exist now, but I very much doubt it. It's a paradoxical package deal.
Why doubt something better would exist? (Score:3, Insightful)
Sun was very much responding to a need when they started developing Java all those years ago. Other groups largely left them to it as Sun was a company with an excellent reputation. Things would have been just fine but for one most unfortunate event.
Oracle bought Java.
We suddenly switch from famous to infamous. As far as I'm concerned, Java died on that day, and I've been far more interested in freer languages since then. I feel for those that continue to endure Java due to corporate inflexibility.
Re:Why doubt something better would exist? (Score:5, Insightful)
What is telling is, JRE installer from Oracle keeps pushing ask.com toolbar (borderline malware) with underhanded tactics (check box checked by default, re-checked for updates, and hidden behind changing install directory from default). Business is business, sure, and I wouldn't want something this dirty anywhere near my business...
Re:Why doubt something better would exist? (Score:5, Insightful)
Sun did that for years, that's hardly something new Oracle brought in. It's because Sun, despite their excellent engineering reputation, never figured out how to make money off Java. Lots of other companies did but Sun didn't. So they ended up resorting to pushing crapware through the Windows installer in a desperate attempt to monetize. Oracle merely continued that awful tradition.
The good news is that ever since Java has been open source, distributing it in other ways is possible and with Java 8 they're changing the license on the Oracle packagings of it so you can cut it down to size for your specific app. It's getting a lot close to just being a big runtime library than an entire parallel OS which it was trying to be in previous years.
As to whether Java is secure or not, I don't think we should be too hard on the Oracle/Sun developers here. Every attempt to do mobile code has turned into a security nightmare. Not just Java, ActiveX and Flash, but web browsers routinely patch exploits in their core rendering or JavaScript engines, and that's HTML5 - a vastly simpler and more crippled platform than even the most basic core Java system provides. In fact browser developers have given up trying to make renderers secure which is why they're all heavily sandboxed, it's inevitable people will find ways to exploit the mobile code aspects of the rendering engines. Even then, Chrome sandbox escapes still get found from time to time.
I don't think we should read these stories as "Java sucks". Programs written in Java or any other modern managed language are still much more secure than code written in C++. There are no stack or heap overflows to worry about, no double frees. These stories are not about how easy it is to write secure code in any given language or platform. Instead we should understand these stories as "sandboxing malicious code is incredibly hard". Java hurts from it more because Java was a lot more ambitious than other attempts.
Re: (Score:1)
Programs written in Java or any other modern managed language are still much more secure than code written in C++. There are no stack or heap overflows to worry about, no double frees.
You're thinking of C, not C++.
(Trouble is, so are many people who put "C++" on their resumes...)
The problem with Java is that the exploits are in Oracle's hands, not ours. We can't fix them even if we know what they are...
The other problem with Java is that if I install the runtime on my machine to run a little corporate desktop app it also ends up in the web browser, exposed to every single web page I visit. In what universe was that a good idea?
Re: (Score:3)
Programs written in Java or any other modern managed language are still much more secure than code written in C++. There are no stack or heap overflows to worry about, no double frees.
You're thinking of C, not C++.
(Trouble is, so are many people who put "C++" on their resumes...)
The problem with Java is that the exploits are in Oracle's hands, not ours. We can't fix them even if we know what they are...
The other problem with Java is that if I install the runtime on my machine to run a little corporate desktop app it also ends up in the web browser, exposed to every single web page I visit. In what universe was that a good idea?
WHERE did you get the idea that C++ is more immune to memory leaks or buffer overflows than C? C++ adds to the basic C memory management services and memory organization, but it still retains the original C ones. And adds an additional way to leak memory - undisposed objects.
I think that the stock JVM's ability to auto-activate itself in browsers in something that varies by machine and by browser, but if it is enabled, there are ways to switch it off.
Re: (Score:2)
WHERE did you get the idea that C++ is more immune to memory leaks or buffer overflows than C? C++ adds to the basic C memory management services and memory organization, but it still retains the original C ones. And adds an additional way to leak memory - undisposed objects.
Probably from experience: Consistent use of stl memory classes (shared_ptr and unique_ptr) and containers (mostly std::vector) make it very hard to shoot yourself in the foot. Adhere to "Raw pointers don't transfer livetime from function to function" if you use raw pointers. These things are really easily spotted by code-review.
Re: (Score:2)
Agreed. Ignorant fools who have no idea about smart pointers and containers should shut their traps rather than pontificate about C++, since they know nothing about its first principles. They probably also think you have to use *scanf in C++.
Re:Why doubt something better would exist? (Score:4, Informative)
This particular "ignorant fool" was one of the first commercial vendors of C++.
Just because some people may use certain features that make C++ safer doesn't mean that it is safer. Plenty of people think they're so clever that they can invent their own "more efficient/better" systems. And use scanf, for that matter.
I'm not generally of that ilk myself, but STL did make me itch. The worst features of programming and mathematics combined into one.
Re: (Score:2)
Agreed. Ignorant fools who have no idea about smart pointers and containers should shut their traps rather than pontificate about C++, since they know nothing about its first principles.
Yep. I don't recall the last time I did manual memory management in C++ or had a buffer overflow. C++ pointers are either valid or NULL, just like Java. std::vector has had range checking for operator[] turned on by default for quite a few years. C++ done properly has just as much memory safety and automatic memory management as Java without all the downsides of a garbage collector.
Locale bloat in iostream (Score:2)
You are supposed to use stringstream and string in C++
I have discovered that with GNU libstdc++, instantiation of ostringstream automatically brings the date, time, and money formatting libraries into a statically linked Hello World program that doesn't even print a date, time, or money object. This causes the executable to be a quarter megabyte in size, compared to the C equivalent that's smaller than 6K. Why does this happen?
Re: (Score:2)
Why does this happen?
I dunno, mine doesn't do it.
Try asking the people who maintain that particular compiler...
Re: (Score:3)
Only if you use Oracle's binaries. linux distros switched to openJDK years ago, whose source is available under the GPL.
Re: (Score:2)
No, I'm not. I'm quite fluent in C++ thanks and know how to use the STL. Yes, well written C++ is much better than your typical C app. Unfortunately, even codebases like WebKit that are worked on primarily by experienced, well paid engineers from places like Apple and Google routinely contain exploits in them that would have been avoided by the use of managed languages (not that I think WebKit should be written i
The managed language itself has exploits (Score:2)
Unfortunately, even codebases like WebKit that are worked on primarily by experienced, well paid engineers from places like Apple and Google routinely contain exploits in them that would have been avoided by the use of managed languages
How would the use of managed languages save the user from exploits when the managed language itself has exploits?
Re: (Score:2)
Because most of these exploits being fixed are not remotely exploitable unless you deliberately download and run malicious Java code. If you write a JavaScript engine in Java, then you can't have use-after-free exploits in your JavaScript engine, to give an example of once recent Chrome vulnerability. You could have other ways bad JavaScript can escape the interpreter, but memory management or overflow errors won't be amongst them.
Re: (Score:2)
Because most of these exploits being fixed are not remotely exploitable unless you deliberately download and run malicious Java code.
How would an end user know whether or not a particular piece of Java code is malicious?
Re: (Score:2)
Is that still allowed? It started out as recommended practice but I thought they changed the license. Maybe it's just me.
OTOH, do people actually do that? Most of the Java apps I've seen just say "Install Java!!"
Re: (Score:2)
Ah, here we go again: poorly written C++ is worse than poorly written Java.
Coming from network daemons, frankly, I see more often how Java developers manage to fsck-up the most trivial things. All in the name of the "proper design" and "{buzzwords du jour}" and stuff. Where in C++ I needed one routine for which one code review session was enough to harden it, Java people created instead a net of 12 classes for the task. And there is no end to bugs in this convoluted mess.
In the end, I still blame Java i
Re: (Score:2)
You can get bad programmers in any language. That doesn't tell you much. The problem with C/C++ is that even extremely good programmers in these languages still write code that is exploitable from time to time. Things like over-engineering or memory bloat can be trained out of people. Some kinds of buffer overflows too. But if one class in your program is bloated and overly verbose, your app will still work. If one class in your C++ program incorrectly uses scanf or starts a thread with a pointer to somethi
Re: (Score:2)
as opposed to Java where even if you are the perfect programmer, your code is still insecure, which until Oracle decides to release some patches, can result in your company getting hacked and massive damage being inflicted.
Mind you, if you're running Java code at a company, you've already inflicted massive damage. I would welcome my new hacker overlords if they could rid me of the Enterprise Java code my company insists on using.
Anyway, you're thinking of C. No-one writing C++ uses scanf or any of the other
Re: (Score:3)
No, you haven't understood what these vulnerabilities are about. They're all issues that affect you if you download and run malicious Java programs from the internet, which describes applets that are often disabled in the browser anyway. Not "any Java program that talks to the network is remotely exploitable". So if you aren't a malicious programmer then your code is still secure.
As I said above, I'm thinking of C++. You'll find a lot of C++ programs that use unsafe calls, but even if they are STL only, you
Re: Why doubt something better would exist? (Score:1)
Realmike is totally right. These vulnerabilities are only issues in the browsers running applets. This is clearly MS FUD again. Patch build #51 is a security patch that has been in the works for months. Our company has been working with Oracle support to get any applets or other browser-based code to work with signed certs. This is going to be an issue for all bowsers when running code.... Not just Java.
We have discovered that Microsoft has created their own proprietary format for security certificates
Harder is better (thats what she said...) (Score:2)
I grew up writing C++ and ASM, and I now professional work with managed code so I have seen both sides of the street. Managed code makes a lot of things much simpler, and if you are skilled, it makes it f
Re: (Score:1)
Programs written in Java or any other modern managed language are still much more secure than code written in C++. There are no stack or heap overflows to worry about, no double frees.
Well, in C I replaced malloc with my GC allocator, and free is now optional -- it can decrement a ref count to automatically free at zero, but mark/sweep is used to bust reference chains anyway; The GC runs on free after a customizable percent (12.5% default) of total program memory has been freed, or instead of failing from a malloc (before requesting more system RAM -- The system GC is a slower kernel call, so it's last ditch effort). In C++ I overloaded the allocator interface to wrapp this GC, and RAII
Re: (Score:2)
Sun, despite their excellent engineering reputation, never figured out how to make money off Java. Lots of other companies did but Sun didn't.
That pretty much sums up Sun in a nutshell. Brilliant engineers, but couldn't make money if their life depended on it.
web browsers routinely patch exploits in their core rendering or JavaScript engines, and that's HTML5
Ever since the NSA scandal broke, I've been suspecting that the complexity of HTML5 was an attempt to keep browsers insecure.
we should understand these stories as "sandboxing malicious code is incredibly hard".
Implementing a "write once, work anywhere" language is hard. Hell, implementing a write once, work once language is hard enough. To have it not just work anywhere, but work well everywhere, is an engineering nightmare.
Re: (Score:2)
If you download the installer from the developers site it doesn't. Or use the tar.gz version for just uncompress in a directory with no installer at all.
Re: (Score:2)
Truly. There was real need for a portable, high level and safer (really) language. YMMV but I remember doing C with embedded SQL that was a pain, non-portable between platforms, compilers nor databases, debugger-less, etc. Lots of pain. The same program in Java would be a breeze. No pointers, no hand memory allocation, portable binaries, even the database drivers are portable.
There are lots of applications that are better suited for Java than C or even C++.
The Google method ended Sun's dominance. (Score:2)
Sun depended on IT departments being ignorant. When Google showed everyone that reliability could be achieved with below-consumer-quality hardware by using software that adjusted for failures, Sun began its long, slow decline.
Re: (Score:2)
Java could have been fixed when they found out that their sandbox execution back in the early 2000's had so many holes that it made a sieve look like a glass. And by fix, I mean nuke it from orbit and rebuild it from the ground up instead of issuing bandage after bandage, on something they knew was already a mess.
Re: (Score:2)
Java could have been fixed when they found out that their sandbox execution back in the early 2000's had so many holes that it made a sieve look like a glass. And by fix, I mean nuke it from orbit and rebuild it from the ground up instead of issuing bandage after bandage, on something they knew was already a mess.
Coulda Woulda Shoulda...
It's interesting how technical debt has interest, sometimes so high you can only keep doing the equivalent of "pressing more money" and see where that takes you (as if everybody didn't know).
Re: (Score:2)
Java could have been fixed when they found out that their sandbox execution back in the early 2000's had so many holes that it made a sieve look like a glass. And by fix, I mean nuke it from orbit and rebuild it from the ground up instead of issuing bandage after bandage, on something they knew was already a mess.
Coulda Woulda Shoulda...
It's interesting how technical debt has interest, sometimes so high you can only keep doing the equivalent of "pressing more money" and see where that takes you (as if everybody didn't know).
As the saying goes money talks shit walks. It is more true in business than anywhere else. Technical debt means nothing. Financial debt and costs mean everything. If it costs money to fix the answer will always be NO even with long term financial benefits.
Some people tend to leave IT and go into management or other technical but not computer fields like statistics for reasons like these that drive people up the wall.
Re: (Score:2)
Java, one of the worst things to happen to computing, ever.
Unless you make/sell RAM.
Re: (Score:3)
Its amazing how Java went from being the favoured child here on Slashdot to something generally reviled and hated over the past decade.
Re:again? (Score:5, Insightful)
Its amazing how Java went from being the favoured child here on Slashdot to something generally reviled and hated over the past decade.
I don't think this is unique to Java; the same thing has happened here with Ubuntu/Canonical. Love can easily turn to hate whereas indifference rarely does.
.tar.gz for Linux and just unpack it to install, and for #3 there is always OpenJDK in the background to keep Oracle on the straight an narrow.
.NET, which for me (using Linux) would mean using Mono. Interestingly, open-source Mono seems to generate more hatred here on Slashdot than the closed-source and proprietary .NET does.
Concerning Java, I don't think it is Java per se that is the cause of the 'hatred', it is more (1) the insecurity of the browser plug-in, (2) the attempt to install the ask.com toolbar when installing the JRE and (3) a general distrust of Oracle.
I don't have a problem with any of these. For #1 this can be disabled, for #2 I just download the JDK
The only real alternative to Java is
Re: (Score:2)
A lot of people can't/won't distinguish between "Java sandboxing isn't good", "Java the language isn't good" and "Java the platform isn't good".
Java sandboxing is clearly not good enough for real world use and most browser makers have realised this and disabled it. On the other hand, it's only in very recent times that browsers got sandboxes and some common ones like Firefox still don't. That fact was exploited recently to de-anonymize Tor users. So it's not like Java is alone here. Pretty much every attemp
Re: (Score:2)
I actually do like Java - the lanugage. It is very stringent and well defined and not sprinkled with random syntactic sugar. Quite the opposite to PHP actually.
The core libraries are mostly nice, except some pre 1.2 crap and some outdated javax junk.
Some of the 'code bloat' has been fixed, and more is fixed in the coming versions, so that's getting better.
A lot of 'code bloat' is actually culturally inherited 'architecture bloat' since IBM decided to market a servlet container + transaction manager as a e-
Re: (Score:2)
The platform still has some glaring holes for languages other than Java. For instance, the call stack is still represented in a C style stack, with a depth that is insufficient for functional programming. In Scala, for instance, we have people explicitly using trampolines and such to avoid running out of stack.
Re: (Score:2)
Because Oracle got it, and Oracle is evil, therefore now Jave MUST be evil too.
Re: (Score:3)
Its amazing how Java went from being the favoured child here on Slashdot to something generally reviled and hated over the past decade.
Why? Changing your mind when presented with strong evidence is a sign of intelligence.
You should only be "amazed" when this doesn't happen (ie. religion, politics...)
Re: (Score:3)
It's more of a "there and back again" story really. Ten years ago RMS published his Java Trap [gnu.org] and the open source community was rather weary of making anything depending on a JRE blob. In 2006 Sun announced they'd open source [slashdot.org] Java and all hearts rejoiced. Except it took a really long time, here's an article [slashdot.org] on how it might finish in 2008.
Perhaps of biggest imporance is that Java ME never got freed, Sun and later Oracle always wanted a fee if you wanted to put it on your mobile phone. Then Sun got bought by [slashdot.org]
Re: (Score:2)
I have a CS degree and about 15 years of developer experience. I designed a language myself (Sappeur). From my P.O.V. Java has not been much more than a Sales Tool for SUN. Nothing in Java is brilliant or elegant.
Rather it is clunky, energy-wasting, RAM-devouring, non-realtime-capable, overly complex and thereby a massive security risk.
I hope Oracle will "defend" Java and all the assorted patents with fervour, so that the world can move on. So that Java can die a proper death in a corporate graveyard.
Pascal, Ada, Fortran - take these any time over this creation of commerical-men.
And I have 20 years of development experience, had implemented a couple of compilers and my own operating system. I'm not impressed. Neither particularly proud, as some of my acquaintances managed to accomplish even more.
Java is not the best thing under the Sun (pun really intended), but is far from being the worst.
All the vices attributed to Java are, in fact, programmer's vices. I managed to lower the memory consumption from most java programs with simple measures that, guess what, are not taken by the pr
Re: (Score:3)
Its amazing how Java went from being the favoured child here on Slashdot to something generally reviled and hated over the past decade.
Having actually been here for the last decade, I don't know what you're on about. Java has never been the favorite son of Slashdot. There has always been a massive contingent that holds that Java is slow and stupid. Sure, there's always been a group that opposes it, but it's always been smaller. Where do you think you are, anyway?
Re: (Score:1)
Re: (Score:2)
Spot-on about java.
Regarding Slashdot, I think that Slashdot just reflects the state of affairs in software development (or the world) in general. Younger generations appear clueless, since they don't know certain obvious things. They will therefore reinvent a lot of wheels, and while doing that, inventing a few new things, some other things just like before but a bit different, while all the time making some old stuff irrelevant.
It is to expect, but It might get worse. I'm a bit worried that a lot of young
Re: (Score:2)
I'm just trying to understand how PHP could even remotely enter this conversation. We're talking about Java, right?
No. We're talking about security flaws wrongly pinpointed to be inherent to Java. Had you read TFA? It's short! ;-)
Don't get pissed-off at the popularity PHP has acquired just because your generation dropped the ball in making Java a non-Darvocet circumstance to get going on servers as well as development environments.
You have a point, however. In the 90's, Java was to much of a burden to the hardware of the time. Man, running NetBeans with 64 or even 128Mb of RAM was a pain in the ass.
It took almost 10 years to computers had enough memory to allow Java to be really feasible.
Re: (Score:2)
We have different experiences on Java, as it appears.
On my shop, what's was a HELL was bad programmers doing bad code, and yet worst decisions. Some SOB thought to be a good idea, for example, to use JBOSS just for the sake of it - and we endup with Faces Controllers using REMOTE Services as glorified DAOs. God damned dumbass. =/
I gone mad, got rid of JBOSS and some (WTF?) Spring client classes - made some glue code to emulate some key functionalities (realizing how to handle transactions on Faces was trick