[Nottingham] Why Java would still stink even if it weren't security swiss cheese

Dan Caseley dan at caseley.me.uk
Fri Aug 31 11:22:59 UTC 2012


On the mention of security, there's been something bothering me recently.
All of the advice seems to be uninstall or disable Java until a patch is
made available. If I'm reliant on Eclipse, is there anything I can do to
mitigate my risk?

Dan

On Aug 31, 2012 12:01 PM, "Martin" wrote:
>
> Folks,
>
> An interesting swipe and view. Especially so in view of the recent
> revelations about old problems remaining unpatched to now be exploited
> "in the wild", despite fixes being already available (but held for the
> sake of a very long update 'schedule')...
>
>
> In true The Register rhetoric:
>
>
> Why Java would still stink even if it weren't security swiss cheese
> http://www.theregister.co.uk/2012/08/30/i_hate_java/
>
> "... One solution is to deploy a containerised version of a Java VM with
> the application. Most devs don't do this, and if you rely on multiple
> Java-powered applications you run into the wonderful situation wherein
> you have multiple apps that are mission critical; each that require
> different flavours of Java. Yay.
>
> For reasons incomprehensible, companies exist today still utterly
> reliant on Java applets coded just slightly after the world-altering
> technological advancement of bashing two rocks together. These
> abominations usually run in the browser..."
>
> "... a patch for the latest JVM flaws isn't due until mid-October from
> Oracle. It is thus absolutely ridiculous to me that there are developers
> today designing new applications relying on Java in the browser. I don't
> possess a rich enough vocabulary to adequately express the depth of the
> professional disillusionment, scorn and anger I feel for these
individuals.
>
> It is possible to code Java applications that are excellent. The
> ubiquity of the language as a primary educational tool has unfortunately
> made these the exception rather than the rule. ..."
>
>
> Strong stuff!
>
> Cue Perl (lax chaotic freedom or 'rich free expression') vs Python
> (structured clarity or irksome restrictiveness)?... ;-)
>
>
> My own view is that it is usually easy to abuse or misuse any tool.
> However, some tools are more vulnerable or fragile than others.
> Particularly bad tools can even promote 'bad practice' that then is a
> costly nightmare for everyone else further down the chain...
>
> There must be a better way than all this fragile and difficult
> 'procedural' programming-with-side-effects stuff for interacting with
> the real world.
>
> Go object oriented and self-learning?...
>
>
> Just stirring ;-)
>
> Cheers,
> Martin
>
> --
> - ------------------ - ----------------------------------------
> -    Martin Lomas    - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
> - martin @ ml1 co uk - Import from   hkp://subkeys.pgp.net   or
> - ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20120831/e0ee654d/attachment.htm>


More information about the Nottingham mailing list