Oracle Will Stop Providing Security Updates for Java 6 Next Month

Seems like it's time to move to Java 7 for those using Java on Windows without a commercial license. However, this is what everyone was worried about when Oracle bought Sun. Fortunately, I don't use Windows, so this does not affect me in the least, especially as I don't use Java browser plugins.

No, I'm actually talking about the hole in .NET, which really is a hole. But apparently it was far enough back that it fell off my 3 week history. Shows you how time flies. The difference between .NET and JRE flaws is that under .NET under windows it can take over your machine, not just run with the current user privs. Despite removing the ability to manipulate tokens, or in spite of, it's still quite possible to dynamically inject code into DLLs and have them run as SYSTEM. That's also true of the JRE browser plugin flaws I suppose, although I haven't looked into it any deeper.

Maybe not, this is what happens when you read far too many of these last week. :) The better story[^] detailing the real issue behind the partial story in Forbes. So no, it's actually not a Java Exploit, but a browser exploit. With all that said, if I'm running as a non-privileged user and this exploit gives the attacker full control of my machine (windows most likely) then there's bigger issues afoot than a mere exploit in the JRE. This would imply an OS problem. Add to this that he references the Flashback exploit of several months ago as being a similar hole, note that for macs, at least, this "exploit" merely offered up to the user a request to install a trojan, nothing more, nothing less, and it required user intervention. From what I can tell, the windows version gives direct access to the machine, bypassing the user and security entirely. So perhaps if people ditched windows, they'd be safer? After all, that's no more sensationalist a line than "time to ditch Java".

And replace it with....? .NET? Oops, it's got the same or worse flaws, even referenced in the same article.

Hate to break it to you, but there is a large variety of hardware even today, it just seems that everything is Intel. Yes, there have been a large number of casualties over the years. There always are when a fundamental new technology makes its breakthrough. Personally, I despised COBOL the first time I saw it, and I still do, interesting but unsupported features in the language spec not withstanding.

James Lonero wrote:

Java is a great language, even though I haven't coded much in that language. The disadvantage of Java is that the owner (maker, new owner) of the language is sue crazy.

Oracle sued Google for creating a java derivative outside what they felt were the bounds of the license. No one else to my knowledge has been sued by them. Oracles problem in this case is that Google used the APIs only, so didn't need the license, and copyright law didn't support Oracle. (Thank goodness!)

James Lonero wrote:

Microsoft was sued by Sun for the additions it made to Java. As a result, they made C#.

MS was sued by Sun for creating a JVM per the license, and then adding unofficial extensions to create their own flavor of JVM, making them incompatible with everyone else. Considering their monopoly at the time and the potential damage they could do by effectively making Java Windows only (the biggest Java platforms are non Windows) it seems Sun did all the right things.

James Lonero wrote:

Then, Oracle sued Google for copyright and patent infringement by using Java. This alone kills Java for me. If I can't use it as freely as I use C++, then Java is done with.
 
Besides, as a programmer, I don't want to peer program with a lawyer at my side.

You don't have to worry about Oracle suing you for programming in Java. You're free to do anything you want with Java the language. What you're not free to do is create your own JVM outside the license. As for needing a lawyer by your side, you just about need that today regardless of what language you're coding in.

jschell wrote:

It was my understanding that Mono is fairly complete. At least now. I know about 5 years ago it wasn't close.

Well, it's been over 2 years since my last foray into C# ended, so perhaps it's better now, although I don't see how they're dealing with WinAPI calls. Then again, I had a specific server type requirements, and that certainly wasn't portable, considering I wound up using the WinAPI directly (unsafe code - oh my! :)

Eddy Vluggen wrote:

I'm currently developing targetting Ubuntu (desktop), and before that Debian (Raspberry Pi)

These would definitely not be Java's strengths, nor would I use Java for these use cases.:cool:

Vivic wrote:

The idea that in the CONFIGURATION DIVISION, you could specify source and target computers was an idea before its time. Even for today. Unless there were cross-compilers for every computer on every make of computers, that was useless.

Cross-compilers existed for many computers several decades back. Granted, I don't know when this specification entered the spec, that was before my time :)

Mark Wallace wrote:

Until Java 1.5 & 1.6, Java was a snail, compared with C++, for example. There are tons of sites that show benchmarks.

Fortunately, Java 1.5 came out over 8 years ago. Given comparison sites[^] that show these performance numbers for Java6, perhaps the better question is, with the exception of access to proprietary APIs, why would you use other languages? What are they bringing to the table that Java doesn't supply? And that's for a 6 year old release, which has recently had another major version update with significant improvements to it as well. Note that I come from the server side of the coding world, and I have worked with many different languages over the years. The reason people use java, at least in this realm, is because you can create relatively robust software with greater ease than any of the alternatives. C/C++ would get you potentially better performance/memory utilization, but you would need some very highly skilled devs to obtain that boost, and the development time would be significantly higher. Scripting languages (Ruby, Groovy, PHP, etc) all fail in this arena for many reasons, ranging from poor performance to lack of standard library support to non-existent security to list but the major ones. For those that state that scripting languages allow for faster development - my response is yes - a faster road to crap. scripting languages have their place, the enterprise is not one of those. C# is but a weak (originally proprietary) clone of Java, meant to undermine Java's growing market share at the time, It's an ok language, if you're running on Windows, but I wouldn't run it anywhere else, as Java is both better and better supported there. For those that state you can run compiled C# code from windows directly on *nix, I merely laugh. That may be true for a small subset of code, but certainly not for the general C# windows program. I do understand the irony of posting a reasonable pro-java post on essentially a pro-windows board. I will also state that I've seen even successful projects migrate to Java, but never a Java project migrate to something else. (Again, all in the server world) In the client side, Java has had challenges, but also some n