Not done yet: Oracle to ship revised Java fix on February 19 If at first you don't succeed, and all that... Oracle now says the emergency Java Critical Patch Update it rushed out the door on February 1 didn't fix all of the issues it had originally intended to address, and that a revised patch including fixes for the remaining flaws will ship on February 19. February 19 had been the …
What's worse than not fixing critical flaws in your environment? Making people believe that you did, only to follow up with the news that you weren't fully done yet. These are the kind of jokes which aren't very well received within the Enterprise (commonly speaking) because usually implementing patches and updates takes quite a bit of preparation to make sure all works as expected.
So I wouldn't be surprised one bit if certain companies were quite on schedule with updating, only to discover that they can now start all over.
Oracle is playing a dangerous game IMO. Java has its strengths, sure, but one of those used to be its reputation of being a safe platform. Then what's left, ease of programming? Even that remains to be seen; although there have been quite some developments on the SE fronts, EE often remains as obscure as ever. Take for example a trivial issue of uploading a file; before EE6 ('servlet 3.0') this wasn't quite possible without the help of external libraries. It was doable without, but ugh... It sure wasn't easy.
This has changed with EE6 (released around 2010 IIRC), but can still be somewhat confusing, check this tutorial example (link to Oracle's Java EE6 tutorial). In short you define an input form, setup an annotation with extra information, write your code to setup an InputStream, FileOutputStream, obviously catch exceptions and you basically program most of it yourself though by far as difficult as it used to be.
Even so; it gets awkward I think when you find out that one of the competitors basically provides a "2 lines of code" kind of solution. Uploading a file in ASP for example is basically using an <asp:FileUpload> part which allows the user to specify the file to upload, then all you need is using its SaveAs method, as can be seen in this example (link to MSDN page with an ASP Fileupload example).
When looking at its API documentation (MSDN link) you'll notice it has been around since .NET 2.0. Which was released around 2005 (according to Wikipedia).
Now, not insinuating that ASP is so great here, though I think it sure has some key strengths, but its feature set is quite rich when compared to Java's Servlet specifications. File upload is one example, how about JaaS for user authentication ?
If Oracle keeps ticking people off with stunts like this then I don't think its all that unlikely that companies may consider a change. It seems that you certainly don't have to rewrite your entire codebase since many aspects are provided out of the box. This example addresses ASP but I'm pretty sure there are more to be found.
At the moment I've got it disabled on IE and enabled but always asking for execution rights on Firefox. This piece of news will get it disabled in every browser.
I don't believe Oracle give a toss about Java and when their legal wrangle with Google over Dalvik is over they'll completely lose interest.
I also disabled it in IE's add-ons manager, in the advanced Internet options tab, and by running the control panel from an elevated command prompt and changing the advanced settings tab with the keyboard because clicking with the mouse didn't work. This was a few versions back. I have no idea whether it was one or a combination.
Now happily if you update there's a new security tab which lets you easily disable it for everything.
Basically you can tell the updater to check daily, weekly or monthly and warn you either before downloading or before installing.
Even so; its not the best kind of tool. I mean; every admin knows that there is a difference between applying minor or major version upgrades. Not Oracle; if you have SE6 and allow the updater to have its way you'll get SE7 in no time, even though that can break stuff.
Like they did with the previous patch which automatically removed SE6 from people's systems. Who cares that sometimes programs target a specific runtime directly; the allmighty hOrricle knows what's best for us.
These days I'm going through the pain of installing and configuring - with some consultant help - Oracle's ESSO components. A trail-and-error experience, as versions are incompatible, errors are being thrown all over and matching versions between components seem to be a dark art... No meaningful error messages, no meaningful errors reported in logs, just endless stack traces...
Even though it is meant to be used on Linux, RedHat or ***Oracle*** Linux, Oracle can not take their time to provide a RPM, that would pull in all needed dependencies.
Given a choice, will NEVER use Oracle.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
