If at first you don't succeed, and all that... Oracle now says the emergency Java Critical Patch Update it rushed out the door on February 1 didn't fix all of the issues it had originally intended to address, and that a revised patch including fixes for the remaining flaws will ship on February 19. February 19 had been the …
Can it get any worse?
What's worse than not fixing critical flaws in your environment? Making people believe that you did, only to follow up with the news that you weren't fully done yet. These are the kind of jokes which aren't very well received within the Enterprise (commonly speaking) because usually implementing patches and updates takes quite a bit of preparation to make sure all works as expected.
So I wouldn't be surprised one bit if certain companies were quite on schedule with updating, only to discover that they can now start all over.
Oracle is playing a dangerous game IMO. Java has its strengths, sure, but one of those used to be its reputation of being a safe platform. Then what's left, ease of programming? Even that remains to be seen; although there have been quite some developments on the SE fronts, EE often remains as obscure as ever. Take for example a trivial issue of uploading a file; before EE6 ('servlet 3.0') this wasn't quite possible without the help of external libraries. It was doable without, but ugh... It sure wasn't easy.
This has changed with EE6 (released around 2010 IIRC), but can still be somewhat confusing, check this tutorial example (link to Oracle's Java EE6 tutorial). In short you define an input form, setup an annotation with extra information, write your code to setup an InputStream, FileOutputStream, obviously catch exceptions and you basically program most of it yourself though by far as difficult as it used to be.
Even so; it gets awkward I think when you find out that one of the competitors basically provides a "2 lines of code" kind of solution. Uploading a file in ASP for example is basically using an <asp:FileUpload> part which allows the user to specify the file to upload, then all you need is using its SaveAs method, as can be seen in this example (link to MSDN page with an ASP Fileupload example).
When looking at its API documentation (MSDN link) you'll notice it has been around since .NET 2.0. Which was released around 2005 (according to Wikipedia).
Now, not insinuating that ASP is so great here, though I think it sure has some key strengths, but its feature set is quite rich when compared to Java's Servlet specifications. File upload is one example, how about JaaS for user authentication ?
If Oracle keeps ticking people off with stunts like this then I don't think its all that unlikely that companies may consider a change. It seems that you certainly don't have to rewrite your entire codebase since many aspects are provided out of the box. This example addresses ASP but I'm pretty sure there are more to be found.
Java is banished from all my PCs and I will not be re-installing it.
Re: Too late
Thank god all of our code is written in .Net.
Not perfect and it has had the occassional issue, but nothing like the abomination that is Java....
Re: Too late
Don't get me started on managed code in general but yeah Microsoft has made them look bad lately. Still one could argue comparatively that Java actually actively supports more than one platform but that is more a dig on Microsoft than an excuse for lax security.
Re: Too late
Doesnt .Net support Linux? I couldnt see why you would want to as it would be harder / more expensive to support in most circumstances - but im pretty sure it does.
Re: Too late
Mono. Last I looked, there were still some bits missing, and I've never had a reason to use it, so I'm not sure just how cross platform it really is. It seems to have suffered the same issues as Java when it comes to GUI toolkits (fragmentation). Impressive none the less.
I need Java for Eclipse
At the moment I've got it disabled on IE and enabled but always asking for execution rights on Firefox. This piece of news will get it disabled in every browser.
I don't believe Oracle give a toss about Java and when their legal wrangle with Google over Dalvik is over they'll completely lose interest.
Re: I need Java for Eclipse
I'm also using Java for Eclipse (Android development), but it's disabled on all browsers. All PCs not using Java for Eclipse have Java completely uninstalled.
"disabled on IE and enabled but always asking for execution rights on Firefox"
I'm seeing applets load in IE even though Java Control panel says that it's disabled in IE. I don't know whether it makes a difference whether the applet uses the applet tag or the object tag in the web page.
Re: "disabled on IE and enabled but always asking for execution rights on Firefox"
I also disabled it in IE's add-ons manager, in the advanced Internet options tab, and by running the control panel from an elevated command prompt and changing the advanced settings tab with the keyboard because clicking with the mouse didn't work. This was a few versions back. I have no idea whether it was one or a combination.
Now happily if you update there's a new security tab which lets you easily disable it for everything.
Of adding some auto update functionality?
Re: Any chance...
There is an auto update. The only problem is it waits anything up to a month before updating and installs the Ask Toolbar when it finally does update.
Icon is for Oracle.
Re: Any chance...
Was that added recently? In my experience it just notifies the user that there is an update available, but doesnt actually install anything and is useless for Standard/limited users anyway.
Basically you can tell the updater to check daily, weekly or monthly and warn you either before downloading or before installing.
Even so; its not the best kind of tool. I mean; every admin knows that there is a difference between applying minor or major version upgrades. Not Oracle; if you have SE6 and allow the updater to have its way you'll get SE7 in no time, even though that can break stuff.
Like they did with the previous patch which automatically removed SE6 from people's systems. Who cares that sometimes programs target a specific runtime directly; the allmighty hOrricle knows what's best for us.
Reckon it's deliberate.
Gives Oracle another chance that you might forget to uncheck the feckin Ask Toolbar
Google rolling their own seems prescient
Have to wonder if Android would have survived if forced to use genuine Oracle Java. I'm sure Dalvik and Harmony are chock full of bugs and security holes but nothing quite beats Oracle for sheer incompetence and lack of interest in security.
Not only Java...
These days I'm going through the pain of installing and configuring - with some consultant help - Oracle's ESSO components. A trail-and-error experience, as versions are incompatible, errors are being thrown all over and matching versions between components seem to be a dark art... No meaningful error messages, no meaningful errors reported in logs, just endless stack traces...
Even though it is meant to be used on Linux, RedHat or ***Oracle*** Linux, Oracle can not take their time to provide a RPM, that would pull in all needed dependencies.
Given a choice, will NEVER use Oracle.
Re: Not only Java...
I only use Oracle when absolutely required. Otherwise it's SQL server, etc....
Nothing yet - the page just suggests next update in June/July.
Visiting the referenced update page, there's nothing there yet about anything beyond the Java 7 update 13.
I'll keep looking, and hoping.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Pic Mars rover 2020: Oxygen generation and 6 more amazing experiments
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Boffins spot weirder quantum capers as neutrons take the high road, spin takes the low
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs