More Java exposure...

… but this time, not of the ‘good’ type.

http://blogs.technet.com/b/mmpc/archive/2010/10/18/have-you-checked-the-java.aspx

yeh it is bad publicity for java but then again doesn’t have much of an image to destroy. At least all the exploits mentioned there have already been fixed in the java6u22 release which came out a few days ago.

Main problem is no one is updating. The java updater should auto update like windows or chrome.
Instead it sits in the corner nagging to be updated, and everyone one in my family/friends seems to ignore it(I usually do it for them :stuck_out_tongue: ). And from what I’ve read on those comments people uninstalled java because of it annoying them.

Also do note the source of these news stories is expert at MICROSOFT.

The M$ guy doesn’t really have a political axe to grind - he’s got a completely legitimate story there. I wonder why the uptake level of Java updates is so poor. I also wonder why the initial security was so poor given the remarkably solid security provisions built in to the language.

I also wonder exactly what sort of sites one has to visit to come across such an applet. And whether you have to click on “Yes please pwn my computer” for it to work.

Cas :slight_smile:

The JRE certainly isn’t the only platform that keeps featuring in these “vulnerability discovered” news stories. Basically everything that runs code suffers from this: Flash, Silverlight, Mac OS X, and even Adobe Reader have all had similar stories in the last month or so.

Compared to just plain old browsers Java’s actually quite secure. Still, it does rather surprise me the number of luddites and tinfoil hat wearers commenting on slashdot.

… oh wait, no it doesn’t ;D

Cas :slight_smile:

Yeh true it is a genuine story but don’t remember the same expert team being so vocal about say IE, .Net or ActiveX :slight_smile:

It is rather odd that so many people don’t update but then again the update process is pretty painful for just casual use. Running the updater hogs large amounts of system resources this prevents users from doing anything useful or running vital apps (like browsers, Vuze, etc). Not to forget the slide show of ads they have to view (OpenOffice) and multiple clicks and pages to get updater running. Its a reasonable largish update/install and there is the forced checked by default bing/yahoo/etc toolbars users have to avoid. Its easier to just close the update message and get on with what you want your computer to do.

Also on windows you can have any number of annoying apps bugging you for your attention (windows updater, adobe updater, flash updater, java updater, anti-virus updater, etc) which can quickly zap up large amounts of time if the user did pay attention.

Quietly and silently as in the case of Chrome seems like the way to go.

[quote]Quietly and silently as in the case of Chrome seems like the way to go.
[/quote]
Agreed. Firefox isn’t too bad either iirc.
Maybe someone should submit a suggestion? Who knows maybe someone will listen.

[quote=“kapta,post:8,topic:35809”]
Too true! Functional would be nice too - I just updated to 6_22 and it said ‘Installation failed! Run setup again’ I ran it again & it said ‘No need, you have the latest java’ Huh? Have I got the full 22 or not? It seems to work ok…

Too many programs whining about updates, and frankly, it’s annoying the hell out of me. Every single day there’s a program that wants to be updated, a procedure taking a few minutes, including download time, and usually requires a system reboot. Just shoot me now.

And we wonder why everyone’s switching to web apps.

Cas :slight_smile:

Something I always love to remind people of when such news pop up:

  • A security hole in Linux|Java|whatever IS news-worthy.
  • A security hole in Windows IS NOT

In Germany there is a saying: exceptions prove the rule.
So if ONE security hole is so significant that it is important enough to create a news post, then it shows that the product itself is very secure.

@zammbi:
Chrome is the biggest resource hog out there. (at least on my Ubuntu)

@princec:
Axe to grind? Haha, sure they do. M$ has been pushing for C# to replace Java for a while now and will take every chance they can get to highlight ANY weaknesses of Java.
Heck their Mono-Mole used the Oracle vs Google to propagate who switching to C# would be so much better then sticking with Java.
He even went as far, wait for it, to say that you cannot trust companies like Oracle when you have such uncertain licenses.
C#/Mono & Microsoft? yeah you can trust Microsoft!
Cue Scorpion&Frog tale.

That was a really silly argument, the mono users are even more at risk of getting sued by the likes of Oracle since they don’t have any protection or large patent profile (like MS) to protect themselves.

[quote]Chrome is the biggest resource hog out there. (at least on my Ubuntu)
[/quote]
Not that has anything to do with what I said but…
Can’t say I have anything to do with Linux but I find that Chrome is the best browser for windows.

[quote]And we wonder why everyone’s switching to web apps.
[/quote]
Who’s wondering? :stuck_out_tongue:

Odd, from what I’ve seen, Chrome is much faster (and better IMO) then Firefox even on Linux.

Chrome is faster, yes, but it consumes a lot of resources compared to FF.
Like I said, at least on Ubuntu.
If you have Eclipse|Netbeans + Jboss|Tomcat running, chrome hogging up the rest is not really practical.

btw: I use both Midori and FF. FF for the ‘just wanna look something up quickly and can close it at any time’ and Midori for my long term stuff, like email.