Java's insecurity has doomed it on the desktop

OCTOBER 17, 2013

Java's insecurity has doomed it on the desktop

The latest round of patches for Java comes far too late to rescue its damaged reputation as a desktop presence

By Serdar Yegulalp | InfoWorldFollow @syegulalp

If Java on the desktop isn't dead yet, its latest security update should go a long way toward convincing people it should be.

How urgent is this new security update? Urgent enough that Oracle included patches for Java in its October 2013 Critical Patch Update (CPU -- what an acronym), as part of the company's efforts to get security fixes for Java out the door quarterly rather than three times a year.

Of the 127 fixes in this update, slightly fewer than half -- 50 -- were fixes for remote-exploit issues in Java. And 12 of those were exploits that could have granted an attacker complete control of the OS. Ouch.

What's more, the vast majority of those Java fixes are client-only problems -- meaning exploits that happen exclusively on a client machine, not a server.

If any one thing has been an aggressive contributor to the decline of Java as a desktop technology, it's the way the product has been shown time and again to be deeply insecure. Oracle keeps promising it has the issue under control, even when the vast majority of the security bugaboos that have been detected go back to before Java changed hands from Sun to Oracle in 2010.

Oracle has used that fact to its advantage, claiming, "When we acquired Sun, [it] was not in a position to fully fund the security team," as stated by Cameron Purdy, Oracle vice president of cloud applications and Java EE (Enterprise Edition) during JavaOne back in September. Purdy also owned up to not making the Java security team robust enough and indicated that a major source of problems is when people running older editions of Java don't update.

Fair enough, but the damage done to Java as a desktop and client-side technology may well be permanent. Mozilla has been blacklisting older versions of Java since 2012, and Google is now moving toward ditching support for such plug-ins entirely. No great loss there -- when was the last time, apart from a corporate portal or a site based on mid-2000s technology, you actually needed a Java plug-in to make a site work?

Google's move could also be its way of indirectly deprecating what is now more than ever a competitor's technology. Google is doubling down on Go, Native Client, and Dart, and according to my colleague Galen Gruman may be leaving (the Java-powered) Android behind in favor of Chrome OS.

None of this is a patch -- pun intended -- on Java as a server-side technology. The JVM's untapped possibilities have long been one of its best-kept secrets, and the sheer amount of server-side Java used in businesses promises it won't be going anywhere for a long time to come.

But Java as a desktop force shows no signs of making a roaring comeback, and with each hammering-home of the message that it's an insecure, outdated technology, the odds get a little worse.


http://www.infoworld.com/t/security/javas-insecurity-has-doomed-it-the-desktop-228922?source=IFWNLE_nlt_daily_pm_2013-10-17

Comments

Post a Comment

Popular posts from this blog

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that the patient is 3,000 kilometers away,”  he said.
Read more

Visualizing The Power Of The World's Supercomputers

Visualizing The Power Of The World's Supercomputers   BY TYLER DURDEN FRIDAY, JAN 21, 2022 - 04:15 AM   A supercomputer is a machine that is built to handle billions, if not trillions of calculations at once. Each supercomputer is actually made up of many individual computers (known as nodes) that work together in parallel. A common metric for measuring the performance of these machines is  flops , or  floating point operations per second . In this visualization,  Visual Capitalist's Marcus Lu uses  November 2021 data from  TOP500  to visualize the computing power of the world’s top five supercomputers. For added context, a number of modern consumer devices were included in the comparison. Ranking by Teraflops Because supercomputers can achieve over one quadrillion flops, and consumer devices are much less powerful, we’ve used  teraflops  as our comparison metric. 1 teraflop = 1,000,000,000,000 (1 trillion) flops. Supercomputer Fugaku  was completed in March 202
Read more

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke
Read more