<p>On the mention of security, there's been something bothering me recently. All of the advice seems to be uninstall or disable Java until a patch is made available. If I'm reliant on Eclipse, is there anything I can do to mitigate my risk?</p>
<p>Dan</p>
<p>On Aug 31, 2012 12:01 PM, "Martin" wrote:<br>
><br>
> Folks,<br>
><br>
> An interesting swipe and view. Especially so in view of the recent<br>
> revelations about old problems remaining unpatched to now be exploited<br>
> "in the wild", despite fixes being already available (but held for the<br>
> sake of a very long update 'schedule')...<br>
><br>
><br>
> In true The Register rhetoric:<br>
><br>
><br>
> Why Java would still stink even if it weren't security swiss cheese<br>
> <a href="http://www.theregister.co.uk/2012/08/30/i_hate_java/">http://www.theregister.co.uk/2012/08/30/i_hate_java/</a><br>
><br>
> "... One solution is to deploy a containerised version of a Java VM with<br>
> the application. Most devs don't do this, and if you rely on multiple<br>
> Java-powered applications you run into the wonderful situation wherein<br>
> you have multiple apps that are mission critical; each that require<br>
> different flavours of Java. Yay.<br>
><br>
> For reasons incomprehensible, companies exist today still utterly<br>
> reliant on Java applets coded just slightly after the world-altering<br>
> technological advancement of bashing two rocks together. These<br>
> abominations usually run in the browser..."<br>
><br>
> "... a patch for the latest JVM flaws isn't due until mid-October from<br>
> Oracle. It is thus absolutely ridiculous to me that there are developers<br>
> today designing new applications relying on Java in the browser. I don't<br>
> possess a rich enough vocabulary to adequately express the depth of the<br>
> professional disillusionment, scorn and anger I feel for these individuals.<br>
><br>
> It is possible to code Java applications that are excellent. The<br>
> ubiquity of the language as a primary educational tool has unfortunately<br>
> made these the exception rather than the rule. ..."<br>
><br>
><br>
> Strong stuff!<br>
><br>
> Cue Perl (lax chaotic freedom or 'rich free expression') vs Python<br>
> (structured clarity or irksome restrictiveness)?... ;-)<br>
><br>
><br>
> My own view is that it is usually easy to abuse or misuse any tool.<br>
> However, some tools are more vulnerable or fragile than others.<br>
> Particularly bad tools can even promote 'bad practice' that then is a<br>
> costly nightmare for everyone else further down the chain...<br>
><br>
> There must be a better way than all this fragile and difficult<br>
> 'procedural' programming-with-side-effects stuff for interacting with<br>
> the real world.<br>
><br>
> Go object oriented and self-learning?...<br>
><br>
><br>
> Just stirring ;-)<br>
><br>
> Cheers,<br>
> Martin<br>
><br>
> --<br>
> - ------------------ - ----------------------------------------<br>
> - Martin Lomas - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7<br>
> - martin @ ml1 co uk - Import from hkp://<a href="http://subkeys.pgp.net">subkeys.pgp.net</a> or<br>
> - ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg<br>
><br>
> _______________________________________________<br>
> Nottingham mailing list<br>
> <a href="mailto:Nottingham@mailman.lug.org.uk">Nottingham@mailman.lug.org.uk</a><br>
> <a href="https://mailman.lug.org.uk/mailman/listinfo/nottingham">https://mailman.lug.org.uk/mailman/listinfo/nottingham</a><br>
</p>