User: Password:
|
|
Subscribe / Log in / New account

Browser Java deprecated ... the enterprise problem

Browser Java deprecated ... the enterprise problem

Posted Aug 30, 2012 17:23 UTC (Thu) by kmself (guest, #11565)
In reply to: The new Java 0Day examined (The H) by bronson
Parent article: The new Java 0Day examined (The H)

As with much else on the security front, inherently vulnerable and/or poorly maintained technologies (of which Java is increasingly appearing to be both) are often required for legacy business purposes. Specific in-house, or worse, business-partner (buyer / seller / government) apps which are required for operations, one-offs, and often, are difficult to replace.

For the run-of-the-mill user to disable and/or remove browser Java support probably is a no-brainer now. Business users may have other needs, and worse, may not have the administrative rights to modify their configurations.

The rest of us can engage in some self-satisfying "I told you so". After we confirm we've disabled the crud ourselves.


(Log in to post comments)

Browser Java deprecated ... the enterprise problem

Posted Aug 30, 2012 17:57 UTC (Thu) by nim-nim (subscriber, #34454) [Link]

It's not that Java is especially vulnerable or poorly maintained, or that Oracle people can't write a patch as fast as icedtea people. We are used to patch, configure, make install, but you have to remember Java in SUN tech, and SUN took pride in elegant code (zfs, dtrace, etc) and could never understand the market preferred less elegant code with non-primitive plumbing.

I suspect that to transform changed JVM code in something that can be downloaded for Windows/Solaris/Linux Oracle needs its people to click in various GUI tools, drag and drop files from folders to folders, get approval from various management and QA teams (either physically or through some web forms), and that the whole thing is such a manual bureaucratic nightmare they pretty much can only do releases on a schedule prepared months in advance.

The modus operandi of a company like SUN/Oracle is light years away from the one of the Linux kernel, where Linus could freeze operations a few weeks to write git, just because he didn't like his tooling, and wanted something more efficient. At Sun/Oracle some people write code and others transform it in product binaries, and no one in the first group would even dream intruding on what the second group does.

Browser Java deprecated ... the enterprise problem

Posted Aug 30, 2012 19:20 UTC (Thu) by mjw (subscriber, #16740) [Link]

> At Sun/Oracle some people write code and others transform it in product binaries, and no one in the first group would even dream intruding on what the second group does.

What is weird is that the second group which pushes out proprietary binaries seems to trump the first group which actually creates free software source code (OpenJDK is published under the GPL). Apparently there is now a proprietary binary jdk release from Oracle out there that presumably fixes the issue, but the only code published through OpenJDK is from the IcedTea people (I posted a patch yesterday and only non-Oracle engineers replied and tested it).

It is as if there is a priority reversion where binaries come before publicly reviewed code.

Java is modern cobol thanks to Y2K

Posted Aug 30, 2012 22:14 UTC (Thu) by landley (subscriber, #6789) [Link]

Keep in mind that Java peaked around 1998, right when everybody was doing the last-minute scramble to finally deal with all the Y2K bugs in their legacy code. An awful lot of that legacy code got rewritten in the hot language of the day, which was Java.

And that's how a thing that runs in your browser (and might grow to the desktop someday) turned into a Fortune 500 back-end mainframe data shoveler. Of course Cobol Jr. it's all about the enterprise: Browser applets were replaced by flash a decade ago (and Flash is already on its way out).

I doubt we'd even _remember_ Java if it wasn't for Y2K, any more than RealAudio or Visual Basic.

Rob

Java is modern cobol thanks to Y2K

Posted Aug 31, 2012 1:18 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

Wrong. Java was widely used for non-Y2K projects. It's widely used _now_ in Android for the same reasons.

Mostly because it's the only real (non-toy) cross-platform static language with a performant VM.

Java is modern cobol thanks to Y2K

Posted Aug 31, 2012 2:07 UTC (Fri) by marcH (subscriber, #57642) [Link]

Well said. While the language can be painful and cumbersome to program into, it's simply the only serious offer with these three properties.

By the way a number of other languages also compile into java bytecode.

Java is modern cobol thanks to Y2K

Posted Aug 31, 2012 9:57 UTC (Fri) by job (guest, #670) [Link]

To be fair, the main reason why it's used in Android is its market share (see: Y2K).

Android had to be quick to market (built on Linux), and accessible to programmers (Java), in order to present itself as an aquisition target. Had Android been developed inside Google it might very well have been done differently. I often fantasize about an Android built on Python instead.

Java is modern cobol thanks to Y2K

Posted Aug 31, 2012 14:13 UTC (Fri) by drag (subscriber, #31333) [Link]

Java + Linux dominated the more full fledged embedded development scene. That is why Android uses it. It has nothing to do with Y2k because people essentially rewrote their applications for each product.

Java is still extraordinarily popular language for enterprise server applications.

That is because it's the only real VM and it is the only significant competitor to .NET.

Java is modern cobol thanks to Y2K

Posted Aug 31, 2012 16:20 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

..shudder..

Android-on-Python would have been even more slower (Java is a _fast_ interpreted language) and without possibility for enhancements (JITs for Java are commonplace, JITs for Python are not).

And of course, lack of static typing.

Java is modern cobol thanks to Y2K

Posted Sep 1, 2012 23:06 UTC (Sat) by anselm (subscriber, #2796) [Link]

Android-on-Python would have been even more slower (Java is a _fast_ interpreted language) and without possibility for enhancements (JITs for Java are commonplace, JITs for Python are not).

PyPy is supposed to be very good indeed.

Java is modern cobol thanks to Y2K

Posted Sep 2, 2012 3:28 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

And it requires about 20 times more RAM than Dalvik's JIT and _still_ produces inferior code.

We're using a lot of Python (and numpy) code in our R&D and so I've tested all possible ways to make Python work faster. They all suck in various ways.

Java is modern cobol thanks to Y2K

Posted Sep 7, 2012 13:33 UTC (Fri) by pboddie (guest, #50784) [Link]

Care to describe "all possible ways"?

Within Google - I'm guessing that you and another prominent commenter on LWN work there given the numerous "nod and wink" references to various projects - there have apparently been a number of projects to improve Python performance and/or predictability, some being very widely known and others only barely surfacing on the radar of the most central Python core developers (many of whom also seem to be at Google), so I'd be interested to hear what you've looked at.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds