Hi Everyone I am considering learning Java. There have been well publicized Java security incidents recently that make me not want to learn it. However it's in Centos and I trust Centos, are the concerns in the media blown out of proportion ? -Patrick
On Sat, Oct 5, 2013 at 9:21 AM, Patrick <patrick at spellingbeewinnars.org> wrote:> Hi Everyone > > I am considering learning Java. There have been well publicized Java > security incidents recently that make me not want to learn it. > > However it's in Centos and I trust Centos, are the concerns in the media > blown out of proportion ? >The security issues mostly related to running programs with the browser plugings and they seem to be mostly fixed. As far as using it as a server-side or standalone programming language goes it is as good as anything else. -- Les Mikesell lesmikesell at gmail.com
On Sat, Oct 5, 2013 at 11:21 AM, Patrick <patrick at spellingbeewinnars.org> wrote:> However it's in Centos and I trust Centos, are the concerns in the media > blown out of proportion ?1. In short: Yes, they were blown out of proportion with a high dose of FUD. Read the following analysis specially the last few paragraphs. http://timboudreau.com/blog/The_Java_Security_Exploit_in_%28Mostly%29_Plain_English/read 2.The most widely referred hole had to do with running applets on a browser. 3. J7u40 and OpenJDK7U40 took care of the major issue: Java previously ran unsigned "applets" automatically. Now it no longer does 4. Most brosers now feature "click to run" on applets. Effectively creating a dual barrier against running unsigned code (two clicks, one to the browser warning, another for the JRE warning about unsigned code). Drive-by exploits are thus impossible. 4. Java now offers a "server JRE" without the browser plug-in, starting w J7u21 http://www.oracle.com/technetwork/java/javase/7u21-relnotes-1932873.html#serverjre 5. Applets are on the way out, most of the action these days is on server-side Java, and on client-side Java, not browser java. 6. Lots of apps are Java based and have no intention of switching (Jitsi, Vuze, etc) 7. JVM languages are booming (JRuby, Jython, Scala, Clojure, RedHat's Ceylon) http://www.drdobbs.com/jvm/a-long-look-at-jvm-languages/240007765 8. Java is open source, with Twitter, SAP, RedHat,IBM, Oracle and even Google collaborating with the project. See: http://www.redhat.com/summit/2012/pdf/2012-DevDay-OpenJDK-Bhole.pdf 9. Java8, OpenJDK 8 is coming, w Java9 OpenJDK9 next 10. Java is more than a language. Its also a runtime environment and level playing field software ecosystem. You can create Java apps with any of the JVM languages without ever writing a single line of Java code. 11. Raspberry Pi just announced that RasPis will ship with OpenJDK and JRE Those are my reasons, if you dont like em, I have others... ;) FC -- During times of Universal Deceit, telling the truth becomes a revolutionary act Durante ?pocas de Enga?o Universal, decir la verdad se convierte en un Acto Revolucionario - George Orwell
On 10/05/2013 05:21 PM, Patrick wrote:> Hi Everyone > > I am considering learning Java. There have been well publicized Java > security incidents recently that make me not want to learn it. > > However it's in Centos and I trust Centos, are the concerns in the media > blown out of proportion ?A programming language is not secure or not. It's about the programs you write with it. -- +261 34 81 738 69
On 10/05/2013 10:21 AM, Patrick wrote:> Hi Everyone > > I am considering learning Java. There have been well publicized Java > security incidents recently that make me not want to learn it. > > However it's in Centos and I trust Centos, are the concerns in the media > blown out of proportion ? > > -PatrickFirst, just in case you're confused, Java, and Java Script, are two totally different things. Only the names are similar to confuse the innocent. Just like Visual Basic, VBScript, and Virtual Basic for Applications (VBA) are three totally different things with similar names just to confuse the innocent. Java Script is as secure as any other reasonably applied scripting language. Java, which runs on a Java Virtual Machine (JVM) is know in the trade as (J)ust (A)nother (V)ulnerability (A)nnouncement. Java should never be enabled in a web browser. If your intention is to write Java applications then go for it. -- _ ?v? /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ****