Oracle Is The New Slacker In Security

“Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky. That was followed by Adobe Reader, which was involved in 28 percent of all incidents. Microsoft Windows and Internet Explorer were involved in about 3 percent of incidents, according to the survey.”

see Java security bug: Oracle releases updates, experts say its not enough.

That’s quite an indictment. It remains to be seen whether Oracle will wake up or cut Java loose to be truly Free Software. After suing Google over Java, and losing seriously, they burned a lot of bridges to the world of Free Software. If Oracle is unable or unwilling to do the work required, they should step aside and let the world manage. In the meantime, we should slack off on creating new Java applications lest we lock ourselves into vulnerability forever. The world is rapidly moving to web applications and should reconsider the role of Java in that. I use Pascal and PHP for most of my web applications. Heavily-used applications may need to ship Java applets over the web in order to scale but relying on Java puts that all to risk.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged . Bookmark the permalink.

6 Responses to Oracle Is The New Slacker In Security

  1. dougman says:

    Chrome opens PDF’s just fine, even large 1200 page books.

    D.

  2. George Hostler says:

    d. Who needs adobe reader, the default document viewer in gnome/unity/mate shows pdf’s just fine.

    There are a few exceptions with PDF files using proprietary Adobe extensions, which requires Adobe over the otherwise fine community software to open the files.

    Otherwise, I use almost exclusively community software and Linux (Ubuntu) for creating and working with PDF’s.

  3. Der Balrog wrote, “PHP is a mess security-wise and otherwise. Yes, it’s used ubiquitously, but as with Windows, this is not really a good metric.”

    A big difference between PHP and Java is that they are shipping Java applets to clients wherein the clients become slaves. PHP stays on the server mostly and servers are guarded more professionally, usually. There are hundreds of millions of client machines totally unprotected from malware.

    If PHP were such a mess security-wise there would be no sites running it…

  4. d. says:

    Who needs adobe reader, the default document viewer in gnome/unity/mate shows pdf’s just fine.

  5. Der Balrog says:

    Huh? I’m not quite with you, Pogson. Your counter-example for not using Java for web applications is … PHP!? PHP is a mess security-wise and otherwise. Yes, it’s used ubiquitously, but as with Windows, this is not really a good metric.

  6. George Hostler says:

    I know what you mean, Robert. Even Adobe appears to be asleep at the helm. It used to be that the Linux version of Adobe Reader was just as good experience as it was with the Windows version.

    Lately they’ve let bugs creep in, seems to be about a year now. When looking at successive PDF files, FireFox now shows nothing, they don’t download as they should before viewing. I still can by doing a “save page as”, then view off line.

    I experienced some versions of Adobe Flash released, that simply did not properly work.

    Sometimes I wonder if there is some deliberateness, to give the user a jolting experience in Linux desktop, which of course is not Linux’s fault.

    Given the continual “Linux sucks” rants by the comp.os.linux.advocacy trolls that continues to this day certainly helps to substantiate an ulterior motive, IMO. (Reference the Microsoft Evangelism Court Exhibit PX-3096

    http://www.groklaw.net/pdf/Comes-3096.pdf and commentary at

    http://www.groklaw.net/articlebasic.php?story=20071023002351958 )

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>