×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

367 comments

Frosty piss (-1)

Anonymous Coward | about a year and a half ago | (#41177525)

Suck it, bitch.

But still people was using Oracle's java? (0, Interesting)

Anonymous Coward | about a year and a half ago | (#41177547)

But still people was using Oracle's java? O_o

THEN NOT REALLY 0-DAY IS IT ?? (1)

Anonymous Coward | about a year and a half ago | (#41177561)

It's a ZenZaZhun !!

Wow. Time for a class action suit, then. (0)

reubenavery (1047008) | about a year and a half ago | (#41177567)

Pile on the attorneys and litigation.

is there any other way to teach these lazy monopolistic companies anything?

Why only Oracle's Java? (-1)

Anonymous Coward | about a year and a half ago | (#41177569)

Maybe it's time to ditch Java altogether!

Re:Why only Oracle's Java? (2)

Chrisq (894406) | about a year and a half ago | (#41177611)

Maybe it's time to ditch Java altogether!

Yes, I'll switch to Scala. It will run on my Java web server and allow full access to Java class lib ... oh wait!

Re:Why only Oracle's Java? (0)

Anonymous Coward | about a year and a half ago | (#41177875)

Maybe it's time to ditch Java altogether!

Can I keep LibreOffice if I remove Java completely?

Ditch Java entirely. (-1)

Anonymous Coward | about a year and a half ago | (#41177573)

It's way past time.

Re:Ditch Java entirely. (5, Funny)

binarylarry (1338699) | about a year and a half ago | (#41177603)

So your business model is:

1) Ditch Java
2) ???
3) Profit!

You and the underpants gnomes should hook up!

Re:Ditch Java entirely. (0)

nedlohs (1335013) | about a year and a half ago | (#41177719)

Because every action you do or recommend doing must be a business model designed to make a profit?

Re:Ditch Java entirely. (3, Insightful)

hsmith (818216) | about a year and a half ago | (#41177735)

I mean, it is hard to run a business if you aren't running a profit and generating income.

Re:Ditch Java entirely. (2)

cduffy (652) | about a year and a half ago | (#41177873)

I mean, it is hard to run a business if you aren't running a profit and generating income.

Sure, but some actions are taken to minimize cost centers.

Like cleanup after a security breach.

Re:Ditch Java entirely. (1)

Anonymous Coward | about a year and a half ago | (#41177791)

Yes, actually, it does. Everything we do has a business case attached. The level of effort we put into the business case is proportional to the money involved, but yes, we do a business case analysis for each decision. With decent mentoring, it teaches your employees to think about the second order affeects of decisions. Risks and assumptions are clearly stated, and it's very easy to defend risks that didn't work out, since they've already been defended. Good for everyone.

Re:Ditch Java entirely. (1)

Anonymous Coward | about a year and a half ago | (#41178069)

Everything we do

I'd like to see the formal business case you made for posting on Slashdot.

Re:Ditch Java entirely. (1)

AwesomeMcgee (2437070) | about a year and a half ago | (#41178079)

No.. I think his business model is:
1) Ditch Java
2) Use mono or LLVM or .NET one of assuredly many other available VMs
3) Profit!

Not too extreme really..

Re:Ditch Java entirely. (3, Insightful)

binarylarry (1338699) | about a year and a half ago | (#41178129)

Mono sucks and is inferior to OpenJDK
LLVM is awesome but a different technology all together
LOL @ .NET

Does anybody know? (1)

Chrisq (894406) | about a year and a half ago | (#41177673)

The remark " Is it really time to ditch Oracle's java and go for an open source VM?" does not appear anywhere in the article. Does anyone know:
  1. is this a JVM or a library problem; from the description it sounds more likely to be a library issue
  2. Does this exploit also exist in open source implementations such as Apache Harmony or the OpenJDK?

Re:Does anybody know? (0)

Anonymous Coward | about a year and a half ago | (#41177763)

Apache Harmony has been retired. I can't say for sure, but OpenJDK probably contains the same exploit as the Oracle JRE, since the Oracle version is based on OpenJDK.

Re:Ditch Java entirely. (5, Insightful)

characterZer0 (138196) | about a year and a half ago | (#41177917)

Ditch Java applets entirely.

Re:Ditch Java entirely. (2)

rsmith-mac (639075) | about a year and a half ago | (#41177999)

Indeed.

Microsoft, Mozilla, Google, and Apple should all be seriously considering enacting the death penalty after this latest exploit. These browsers should be actively blocking the Java plugin by default. Java applets have outlived their usefulness and now are good for little else besides drive-by exploits.

Re:Ditch Java entirely. (3, Informative)

bennomatic (691188) | about a year and a half ago | (#41178057)

I'm pretty sure Apple (a) doesn't include Java by default and (b) even once you install it, they make you jump through hoops to allow it in the browser/applet context. I seem to recall them being called evil for making those decisions a while back.

Re:Ditch Java entirely. (0)

Pieroxy (222434) | about a year and a half ago | (#41178173)

They are Apple, so any decision they make is inherently evil. Period.

And even that one was probably made so that they could file a patent on removing Java in the Web browser to impeach other vendors for doing so.

There.

Client vs Server (0)

roman_mir (125474) | about a year and a half ago | (#41177609)

Oracle probably doesn't care about the use of Java as a client side VM, Oracle is a server company.

But this means that they could in principle split Java into client side and server side concepts and maybe sell off client side Java to somebody who actually gives a shit.

Why are people still using this? (2, Funny)

DrEnter (600510) | about a year and a half ago | (#41177619)

Seriously, it isn't even like Java is a particularly good language/environment. Frankly, I would rather deal with architecture issues and multiple platforms and just use C/C++ than put up with Java's issues.

Re:Why are people still using this? (5, Insightful)

binarylarry (1338699) | about a year and a half ago | (#41177637)

You sound like someone who shouldn't be giving technical advice.

C/C++ has advantages over Java, just like Java has advantages over C/C++

Saying you should use one over the other for every purpose is foolhardy.

Re:Why are people still using this? (5, Funny)

Anonymous Coward | about a year and a half ago | (#41177683)

Hey Larry, what's your surname?

Re:Why are people still using this? (0)

Anonymous Coward | about a year and a half ago | (#41177733)

hah!

Re:Why are people still using this? (0)

Anonymous Coward | about a year and a half ago | (#41178093)

It's Page, you anonymous clod!

Re:Why are people still using this? (-1)

macbeth66 (204889) | about a year and a half ago | (#41177843)

Unless one of the two things being compared is Java. What an awful platform. At least C/C++ is an open source option that can be used with any other number of tools. The only thing worse than Java is Flash. At least Jobs had that right.

Re:Why are people still using this? (3, Interesting)

Pieroxy (222434) | about a year and a half ago | (#41178211)

Can you elaborate on what is awful about the Java platform? And no, lack of an open source option is NOT one of the drawbacks since Java has those as well (which is not true of C# btw where the open source alternative is not really operational).

Now, before you jump in realize that I'm not asking about JAVA APPLETS, but about the Java platform.

Go.

Re:Why are people still using this? (1, Interesting)

Blakey Rat (99501) | about a year and a half ago | (#41178007)

It's more accurate to say that Java shouldn't be used on the desktop. And ESPECIALLY not in a browser.

On the server, Java's not bad. (I'd still prefer something else, but I wouldn't fault someone for picking Java.)

On the desktop, I've yet to see a single application written in Java that didn't have huge flaws, even if you ignore the huge flaws in the JRE itself.

Re:Why are people still using this? (1)

Pieroxy (222434) | about a year and a half ago | (#41178221)

Good desktop applications are rare in Java, and the only ones I'd recommend are developer tools anyways: Eclipse, SmartSVN.

The only drawbacks are startup times for me.

Re:Why are people still using this? (0)

Anonymous Coward | about a year and a half ago | (#41178113)

I think the implication was that the security risks and other issues with Java go a long way towards negating any technical advantages Java would otherwise have, and I'd tend to agree.

Re:Why are people still using this? (1)

Dishevel (1105119) | about a year and a half ago | (#41178219)

Other than allowing lazy people to kinda get stuff done what are the advantages of Java over C/C++?
Are any of those advantages big enough out weigh the elephant in the room which is Oracle not giving one shit about Java and the massive number of security holes?

Re:Why are people still using this? (-1, Troll)

Anonymous Coward | about a year and a half ago | (#41177715)

I think its pretty sad Java has turned out exactly like so many of us projected it would. I see no point in Java. When I do code in Java, the entire time I'm doing so, I'm constantly wondering why I'm typing all this terse garbage when I could have already been done with superior C++ libraries/interfaces, resulting in a higher performance solution. If I really wanted a more powerful high level language, which Java was supposed to be (relative to C/C++), why shouldn't I be using Python.

About a two years ago, because the above bothered me so much, I actually took time to experiment. I took my Java code and converted it to C++ and Python. The Python code was roughly 1/2 the size of the Java code. Coding wise was also a fraction of time. It was also infinitely more readable and maintainable. The C++ code, line count wise, was roughly 12% smaller. But each line, was slightly more terse and more readable.

Thusly I feel I can safely assert that Java has become so bloated, its now a horrible choice for any project. In the case of Python above, coding and debugging was so much faster, I would have had time to code performance critical portions in C/C++/Cython, and still have been far ahead of Java with faster and/or very comparable performance.

As a result, I've come to a conclusion that people who insist on using Java as their go-to language, have many screws rattling around inside their head.

Re:Why are people still using this? (3, Insightful)

Anonymous Coward | about a year and a half ago | (#41177851)

Does it really matter how verbose a language is if it gets compiled down byte code? If it's good code, it doesn't matter. You have the same logic that managers have, i.e., counting lines of code is a measure of productivity. There's plenty to dislike about the way Oracle has handled Java, however, complaining that it takes too many lines to accomplish something is not one of them. My guess is that there's a Perl programmer out there who thinks C++ is bloated.

The complaint I see, but hasn't been verbalized, is that Oracle isn't making money off of the Java language so their technical support has failed. That's as bad as Microsoft screwing with the VB to VB.NET change. That's a reason to reconsider your programming language choice. However, nothing better has come along.

For now, Java is good enough.

Re:Why are people still using this? (2)

Tanktalus (794810) | about a year and a half ago | (#41177983)

Counting lines of code is a measure of productivity. The more lines I need to type to get the same work done, the less productive I am for that functionality. If I can do the same work in half the lines of code without sacrificing readability and maintainability (I'd argue that often these are improved by cutting out boilerplate), then I'm more productive.

Every time I have to look at Java, I boggle at the volume of text they have to write for the simplest things. And then I'm happy I do most of my work in Perl.

Re:Why are people still using this? (1)

geekoid (135745) | about a year and a half ago | (#41178031)

Perl is a horrid 'language' for readability and maintainability.

Re:Why are people still using this? (1)

Anonymous Coward | about a year and a half ago | (#41178125)

It is possible to write beautiful, maintainable perl.

It is not possible to write concise Java.

Re:Why are people still using this? (0)

godefroi (52421) | about a year and a half ago | (#41178065)

If the limiting factor to your programming productivity is the speed of your typing, then you either need to A) use more than one finger to type, or B) write more interesting programs.

Re:Why are people still using this? (0)

Anonymous Coward | about a year and a half ago | (#41178109)

If typing is the bottleneck to your efficiency, you either have some form of hand disability, or you are a truly awful programmer.

That said, I'm all for eliminating boilerplate. But that is for the sake of readability and maintainability, not to save keypresses.

Re:Why are people still using this? (1)

VGPowerlord (621254) | about a year and a half ago | (#41177927)

There are some things in Java that are decent. It's just that none of them are on the client side.

Re:Why are people still using this? (1)

X0563511 (793323) | about a year and a half ago | (#41177931)

code performance critical portions in C/C++/Cython

Well, you just set off the "I don't know what I'm talking about" alarm.

What the fuck do you think you were using when you did the rest of the code in Python? Cython is Python.

Re:Why are people still using this? (0)

Anonymous Coward | about a year and a half ago | (#41178013)

So LOC is not a valid measure, unless I want to complain about a language, of course.

Re:Why are people still using this? (1)

gbjbaanb (229885) | about a year and a half ago | (#41177775)

Apparently it wasn't Oracle ignoring the exploit, its just that the exploit happened to be found well outside the standard Java quarterly patch release. Pesky kids, if only they'd waited until a week or so before patch tuesday, everything would have been fine - I mean, you just cannot imagine the paperwork involved in moving that patch release date!

Anyway, I agree Java is not the best environment - if you want performance and resource efficiency, you use C/C++. If you want developer productivity you use any of the scripting languages. Java (and .NET) fall into a middle ground that is neither as good as C/C++ (for perf) nor as good as javascript (say)(for productivity). So there's no real reason to use it - unless you work for Oracle and then you cannot imagine the paperwork involved in changing to another language!!

Re:Why are people still using this? (3, Interesting)

NettiWelho (1147351) | about a year and a half ago | (#41177783)

I'm currently doing my internship at the IT dept. of a joint-municipal group responsible for about 15k windows computers(mostly for schools, vocational schools and a uni of applied sciences) and today the department heads made the decision to uninstall java from all machines except those in lab networks disconnected from outside world.

Re:Why are people still using this? (0)

Anonymous Coward | about a year and a half ago | (#41177893)

Until they buy in a piece of enterprise software that needs it...

Re:Why are people still using this? (1)

Sesostris III (730910) | about a year and a half ago | (#41177789)

Out of sheer curiosity, what are the C/C++ alternatives to JEE and associated frameworks/technologies/containers (e.g. EJBs, JSPs, JSFs, Spring, Hibernate, Struts, GWT, Tomcat, JBoss, etc)?

Thanks

Re:Why are people still using this? (4, Funny)

Greyfox (87712) | about a year and a half ago | (#41177979)

Native development with applications that retain their state from moment to moment. Now... you kids might have trouble wrapping your heads around this, but imagine for a second that you didn't have a web browser. Ok take a deep breath and don't freak out. Now, you use a GUI library like GTK or QT to provide the interface, instead. The user runs your application on his local system, and all or most of the data is stored locally. So instead of ALL those things, you'd use a user interface library like GTK or QT. They're kind of like Swing or AWT.

So I know what you're thinking; "Well then how do I talk to a database?" Well as it turns out, every database has a library that local applications can use to send SQL queries to the database. It's true! You can also roll a socket protocol to talk to damn near anything else on the internet. You don't even have to use XML if you don't want to!

Now, these applications are linear in execution, so you don't have to maintain a session state or anything like that. When you're in the application, you're just wherever you are in the application. This might take some getting used to.

Now I know what else you're thinking; "But Java is write once run everywhere!" Well your IT department has the same version of Windows installed on every system in your company, so what's the problem? If you use cross-platform libraries like Boost, GTK or QT, odds are good you'll just be able to recompile your binaries if you need to support Linux or OSX, anyway.

Re:Why are people still using this? (1)

VGPowerlord (621254) | about a year and a half ago | (#41178059)

Yes, clearly the answer to someone asking what we can replace specific web technologies (the one thing Java is good at) is to suggest building local apps (one of the things C/C++ is good at).

Hey, can you compile a version of your replacement app that runs on iOS? Android? Windows? Linux? OSX? FreeBSD?

If you answered no to any of those, *bzzt* sorry, your solution has lost potential customers and is rejected out of hand.

Re:Why are people still using this? (1)

geekoid (135745) | about a year and a half ago | (#41178061)

"Well your IT department has the same version of Windows installed on every system in your company, so what's the problem?"
have you ever worked for a large organization? Ever looked t costs of this?

Web applications have a lot of advantages over stand alone. It's a matter of risk/cost.

And I have been a software engineer for decades. Not that it makes me right or wrong, only that I understand the pre-internet software world as well as the internet transition phase.

Re:Why are people still using this? (3, Informative)

gbjbaanb (229885) | about a year and a half ago | (#41178033)

good honest work :)

All those things are artifacts of how crappy java is, in order to get anything done you need a metric ton of framework crap slapped on, and this is why people say "java is fast to develop in" - they mean, the frameworks make it faster to develop stuff, as long as you're developing exactly the kind of thing those frameworks are designed for. C/C++ world tends to have libraries that provide you with functionality you then plug in to your code, rather than having to code the way the framework wants you to (roughly).

You could use Ruby on Rails and get much better developer productivity, or Python, or node.js

As for C++, we don't tend to use EJBs - straight forward classes are fine, though you could use COM if you're on Windows (or COM+). The JSP frameworks are covered by either Microsoft's new Casablanca project or various web-server libraries like cppCMSS. C++ doesn't have much in the way of ORMs, preferring faster access to DB code but there are still plenty, eg ODB [wikipedia.org]

For example, you need tomcat to host your java beans and pages, but C++ would just run off Apache - either as a mod_xxx module, or via pass though to a running service. A C++ developer wouldn't necessarily embed a webserver into his code, instead expecting to reuse the existing web server infrastructure.

Generally the best place to start looking for C++ libraries is Boost. From there, just use google for what you need.

Re:Why are people still using this? (0)

Anonymous Coward | about a year and a half ago | (#41178123)

Python? Python's written in C and probably a great deal smaller than any of the stuff you mention. You can use Django or any other web framework on top.

Re:Why are people still using this? (0)

Anonymous Coward | about a year and a half ago | (#41177971)

Why are people still using this?

Because it's the native development language for Android, my development platform of choice?

Sure I -could- use the android NDK, but why ditch the hundreds of thousands of man-hours of work that have gone into making fairly robust and damn useful libraries, and try and code up everything myself?

no thanks.

*sigh* (1)

Anonymous Coward | about a year and a half ago | (#41177641)

Just like with the flash thing, it doesn't matter if YOU ditch it, we need websites to ditch it as well.

Re:*sigh* (1)

JDG1980 (2438906) | about a year and a half ago | (#41178143)

Just like with the flash thing, it doesn't matter if YOU ditch it, we need websites to ditch it as well.

What public websites still require Java? I haven't had this crap installed on my home PC in 3 years and I think I may have seen one random personal website that wanted it (and even then it was for menu buttons or some nonsense, nothing essential).

Time to Revive Microsoft's JVM (0)

Anonymous Coward | about a year and a half ago | (#41177679)

As a developer, I'm glad I abandoned Java after testing it out with some of my college courses (which was really due solely to swing).

As a Sys Admin, the Sun JVM kept wanting updates, and updates kept breaking applications... I liked the Microsoft JVM, and I extracted it from XP SP1 after it got yanked from SP1a, so that I could keep using it (albeit only for a short period of time).

Microsoft's JVM never seemed to cause me the problems that Sun's did... I was hopeful that Oracle's purchase would improve the problems that I'd experienced before... since that's not going to happen, I vote for Microsoft to get back into the JVM business.

Re:Time to Revive Microsoft's JVM (1)

X0563511 (793323) | about a year and a half ago | (#41177955)

What hokey coded-overnight-while-drunk were you running, that routine JVM updates broke things?

Re:Time to Revive Microsoft's JVM (1)

Anonymous Coward | about a year and a half ago | (#41178171)

WAY back in the day, the company I work for paid a LOT of money for a technology known as "Arcot WebFort" which was some sort of secure login technology. There was a client-side (browser) applet that managed a "wallet" which contained some sort of keys that let you log into the website. If your "wallet" didn't have a key for the site you were logging into, you had to answer a bunch of questions, etc. It was shit, and we knew it even then, but the investors liked the shiny logos.

We found that the browser applet stopped working after some particular update. This was back in the 1.2 or 1.3 days, I believe. The client needed a very specific version, 1.2_35_b41 or some confusing version number (hey, it's been over a decade now...), or the applet would simply never create the wallet, appearing to be hung. Well, we decompiled that thing, and it was failing to create a random number for some strange reason on other versions of the JVM, so we wrote in a quick fix, recompiled it, and off we went.

Posting anonymously for obvious reasons.

Why Sun why? (0)

Anonymous Coward | about a year and a half ago | (#41177693)

The saddest day of my life was the day I found out Sun was selling java to oracle.

Re:Why Sun why? (1)

Anonymous Coward | about a year and a half ago | (#41177833)

The saddest day of my life was the day I found out Sun was selling java to oracle.

WHAT? Oracle bought Sun, Sun are gone. Java was part of the deal/

Ask Toolbar Really ? (5, Insightful)

Anonymous Coward | about a year and a half ago | (#41177703)

This is the programming language that still bundles the "Ask Toolbar" crapware with their installer. Nuff said.

Developer liability (2)

Bogtha (906264) | about a year and a half ago | (#41177713)

As a developer, I totally understand the problems with holding software developers liable for security vulnerabilities. But when it comes to cases like this, I can't help but think there should be some legal liability for mega-corporations knowingly distributing vulnerable products.

No (5, Interesting)

ExE122 (954104) | about a year and a half ago | (#41177739)

This is not a sign that you need to start ditching Oracle. The reason more security loopholes are discovered in Oracle are because it is the most widely used JVM. Other VMs will still have a ton of issues, they just don't get attacked as much (yet).

A similar argument used to be debated years ago with Apple v Microsoft... Apple toted it's superior security over MS when in reality, nobody gave a crap about attacking Mac users which only made up 10% of the market. Once they gained popularity, they started getting hit more as well.

The real scary part is that MS at least takes its security flaws somewhat seriously. Oracle seems to have smugly ignored Mr. Gowdiak. He can now smugly turn around and give them a big "I told you so!"

Re:No (-1, Troll)

Blakey Rat (99501) | about a year and a half ago | (#41177941)

What you should stop using is Java IN A BROWSER. If you're buying GoToMeeting for your employees? Stop. They use Java. They're encouraging this kind of shit. Use Group Policy to prevent the Java plug-in from working in browsers.

And if you're using Java to write desktop applications, migrate off it. Stop. Java's awful. It's slow, bloated, buggy. Your UI sucks. Your users hate it. Write your app in something else, anything else would be better.

Java's only useful on servers. There's still a few idiots who are like "oh write once, run everywhere"... no, that failed. That failed horribly. That failed horribly years and years ago. Get over it.

Re:No (1)

geekoid (135745) | about a year and a half ago | (#41178095)

Billions of Java apps run cross platform with no problems.
WTF is your problem?

Re:No (4, Funny)

Blakey Rat (99501) | about a year and a half ago | (#41178145)

Yeah, Lotus Notes "runs" also. Lots of shitty software "runs". My minimum bar isn't "runs" but is "not shitty".

Re:No (5, Interesting)

pointyhat (2649443) | about a year and a half ago | (#41178139)

Dear Blakey Troll,

Java desktop application guy here

Last place I worked, I was the lead architect for a real-time patient care system deployed to 120,000 users across 2500 hospital sites around western Europe across Windows, Linux and Solaris platforms.

It stopped the users' patients from dying, so they are quite happy with it as are their patients. It is incredibly fast (2 orders of magnitude faster than the C++ based MFC native Windows app our competitor was throwing out), it has had no downtime (ever!) by nature of the architecture which must not go down under any circumstance (everything was fully distributed), the UI definitely does not suck and it's certainly not bloated at 52Mb including the JVM (our competitor hit 2Gb including the local SQL server instance installation).

What do you propose we use instead and how do you propose we start rewriting the 1.9 million lines of code we've already got?

Re:No (-1, Troll)

Blakey Rat (99501) | about a year and a half ago | (#41178235)

Ok? You win kudos points?

Look, Java's been shit for a decade. It's not new. Your application is the reason that JVM is installed on all those computers, so your application is contributing to risk from this 0-day. You don't think that's a problem? Because I do.

Besides, there's no way your UI "definitely does not suck". It's in Java. It has to suck.

Re:No (0)

Anonymous Coward | about a year and a half ago | (#41178197)

Unfortunately, some still rely on Java. All Danish web banks go through a common national identity service which is implemented as a - tada, Java applet! So you basically can't do banking in Denmark without Java. Sigh.

The stupidity if this the whole setup is incredible. There's even a site [ernemidnede.dk] dedicated to answering the question, is the id service down? An ill-placed disaster would take out the whole banking structure in Denmark.

Re:No (5, Insightful)

X0563511 (793323) | about a year and a half ago | (#41177965)

The real problem here is the quarterly patch cycle that seems to ignore the severity of security bugs. If you want to do a quarterly cycle that's fine - but you need to make exceptions for security bugs.

Stop spreading ridiculous myths (2)

Zero__Kelvin (151819) | about a year and a half ago | (#41178035)

"A similar argument used to be debated years ago with Apple v Microsoft... Apple toted it's superior security over MS when in reality, nobody gave a crap about attacking Mac users which only made up 10% of the market. Once they gained popularity, they started getting hit more as well."

Really. When did this happen? The claim that Microsoft has more viruses because they have more market share is patently ridiculous, if only becaue Linux has a huge market share on the targets that hackers really want, to wit servers. It is a classic myth pulled out of the ether by people who have no understanding of security. The fact which every security expert knows is that you can't layer security on; it needs to be designed in from the ground up. Microsoft has always been more concerned about making money than anything else, and only began to take security seriously when it started to affect their bottom line (i.e. after the fact, rather than from the ground up.) This is the reason why Windows hosts well over 90% of the exploits, and for no other reason.

Re:No (2)

BanHammor (2587175) | about a year and a half ago | (#41178111)

I don't honestly know about OpenJDK/IcedTea (The open-source reference implementation of Java.), but other open-source projects, even though they get a fair share of vulnerabilities, fix them quickly (look at openssl, or Linux kernel). Oracle Java does NOT fix security bugs quickly. That's the problem.

IBM (3, Interesting)

Spiked_Three (626260) | about a year and a half ago | (#41177761)

Whatever happened to them? Didn't they at one time have a Java implementation?

I'm not ready to give up on Java. It is not because I think it's the best, I still think C# beats it as a language, but at times when a client requires non-microsoft, it is my only choice for a modern language. Yeah, I know C++11, I've looked at it quite a bit, and it is better than it was, but as long as it needs header files, I don't put it into a modern language category.

So, anyhow, Eclipse seems to have really gone in the dumpster as far as quality lately, and IBM is silent as a Java leader too. Is IBM bailing on Java? I see the have a new big push to virtualization to a level that makes sense, by using a mainframe. Maybe they have (bailed). So what post java, other than c#, is available?

Re:IBM (1)

pointyhat (2649443) | about a year and a half ago | (#41177995)

There genuinely isn't anything out there which matches it at any level simply because you can kick out functionality that works and has test coverage in unbelievably short amounts of time. I discount C#/.Net because the community is shitty and it is definitely not cross platform (sorry Mono - but you don't do WWF+WCF+WPF properly so you don't count).

There is no post-Java (yet).

Please don't mention virtualization - stupid fucking idea designed to generate even more revenue from people who don't actually get the fact that their servers can run more than one cleanly isolated process without having to invoke a VSphere license cost...

Re:IBM (5, Informative)

Simon Brooke (45012) | about a year and a half ago | (#41178039)

Whatever happened to them? Didn't they at one time have a Java implementation?

IBM's Java work is now part of [wikipedia.org] OpenJDK [java.net] . How close OpenJDK is to Oracle Java and whether it shares this exploit I don't know (although the OpenJDK home page says they are '...based largely on the same code'), but if it does it should be patchable.

I'm not ready to give up on Java. It is not because I think it's the best, I still think C# beats it as a language, but at times when a client requires non-microsoft, it is my only choice for a modern language. Yeah, I know C++11, I've looked at it quite a bit, and it is better than it was, but as long as it needs header files, I don't put it into a modern language category.

I could happily give up Java, but I wouldn't willingly give up Clojure [clojure.org] . There's more (and better) languages for the JVM [wikipedia.org] than just Java.

Re:IBM (2, Informative)

Anonymous Coward | about a year and a half ago | (#41178085)

see http://www.ibm.com/developerworks/java/jdk/

Re:IBM (2)

robmv (855035) | about a year and a half ago | (#41178107)

Java is not the best language out there, but it has a good library of APIs and 3rd party libraries that put any other business application friendly language/runtime below it. You want a better less verbose language? running on the JVM, just try one of the many. I personally recomment Scala

Note: I am really tired of news like this when people start bashing Java instead of the real problem that is Oracle slow response, IcedTea (and OpenJDK variant used by many Linux distros is already pushing updates for this). I don't see people going crazy with every browser vendor because they had security bugs and you only notice them when you read the release notes for their updates. "Remove Firefox/Chrome from your system, every 6 weeks there are security bugs". If you don't need Java do not install it or remove it, this apply for every software in the world, reduce code that could have vulnerabilities in your system, and if someone still is using applets with new code today, please take him/her to the corner of the room and punish him/her with the donkey ears hat, please

Re:IBM (1)

Viol8 (599362) | about a year and a half ago | (#41178117)

"but as long as it needs header files, I don't put it into a modern language category."

Sorry , what? Where do you propose putting common definitions then shared by many modules? Or do you seriously think the moronic everything-in-a-class approach of java is a sensible way to do things?

Re:IBM (1)

gbjbaanb (229885) | about a year and a half ago | (#41178157)

So you think web services are non-modern either, as they use a header file - otherwise known as a WSDL.

That's the way to think of C++ headers, like interface definitions for the implementation cpp files. For that, they work great, so I actually prefer them over a large file with definitions and implementation all listed in it, that you *need* an IDE to figure out what is in each class. At least with C/C++ you can look at the header and see quickly and easily.

A Different VM (1)

mkkohls (2386704) | about a year and a half ago | (#41177787)

But Oracles VM is OpenJDK right? Why not just fork it and mantain an updated patched version?

Re:A Different VM (2)

robmv (855035) | about a year and a half ago | (#41178215)

Not a fork, but a variant of OpenJDK already exists today, at least for Linux systems many distrutions use it (but people still insist on installong the Oracle one!!!!) IcedTea and they already patched this bug [wildebeest.org]

java is an abomination (-1)

Anonymous Coward | about a year and a half ago | (#41177887)

and one of the key reasons android blows

Re:java is an abomination (1)

macbeth66 (204889) | about a year and a half ago | (#41178027)

Really? In what way? Specifics, man!

According to my info, it has some Java, but it is mostly C, C++ and Python and is based on the Linux kernel.

All bugs should be reported opening (3, Insightful)

Nyder (754090) | about a year and a half ago | (#41177985)

This is why reporting bugs to the software developers is stupid. Post the bug into the public, so they have no choice but to upgrade. Corporations are run by people who want to spend as little as possible to make as much money as possible. They won't patch bugs unless they are forced. They need to be forced.

Re:All bugs should be reported opening (2)

Nyder (754090) | about a year and a half ago | (#41178003)

ah shit, fucked the title up. I'd fix it, but no one is forcing me.

As a former Oracle dev (5, Insightful)

juancn (596002) | about a year and a half ago | (#41177987)

Oracle is a huge organisation. I mean mindbogglingly huge (think planet Vogon). There is a lot of red tape that you have to cut to get anything done, and in 4 months they're probably still scheduling meetings to figure out if it should be fixed, and when, and by whom.

Unless an SVP gets involved, it's unlikely that it will be rushed.

Re:As a former Oracle dev (5, Insightful)

NettiWelho (1147351) | about a year and a half ago | (#41178159)

Perhaps they should, you know, have a department dedicated to handling these kinds of things in a timely manner then?

Security and Security Through Layering (0)

Anonymous Coward | about a year and a half ago | (#41178087)

Why not run the java interpreter on a java interpreter written in java, running on a java interpreter written in java?

This would give the advantage of layering, and a HUGE speed increase, since everyone knows Java is faster than C/C++.

Think of the security and speed advantages!.

Ditch Java? Done ages ago! (1)

Kwpolska (2026252) | about a year and a half ago | (#41178227)

Is it really time to ditch Oracle's java and go for an open source VM?

I, for one, got rid of all Java from my machine a long time ago. I think that everyone at slashdot did that too. You don’t know how angered I am when my set-top box has some problems (eg. today it stopped sending audio over HDMI, I needed to set it to standby and wake it up again) or when I got my Kindle today. Both are in Java. Unfortunately.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...