Re: Is Java insecure ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, Oct 5, 2013 at 11:21 AM, Patrick <patrick@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> However it's in Centos and I trust Centos, are the concerns in the media
> blown out of proportion ?

1. In short: Yes, they were blown out of proportion with a high dose of FUD.
Read the following analysis specially the last few paragraphs.

http://timboudreau.com/blog/The_Java_Security_Exploit_in_%28Mostly%29_Plain_English/read

2.The most widely referred hole had to do with running applets on a browser.

3. J7u40 and OpenJDK7U40 took care of the major issue: Java previously
ran unsigned "applets" automatically. Now it no longer does

4. Most brosers now feature "click to run" on applets. Effectively
creating a dual barrier against running unsigned code (two clicks, one
to the browser warning, another for the JRE warning about unsigned
code). Drive-by exploits are thus impossible.

4. Java now offers a "server JRE" without the browser plug-in, starting w J7u21

http://www.oracle.com/technetwork/java/javase/7u21-relnotes-1932873.html#serverjre

5. Applets are on the way out, most of the action these days is on
server-side Java, and on client-side Java, not browser java.

6. Lots of apps are Java based and have no intention of switching
(Jitsi, Vuze, etc)

7. JVM languages are booming (JRuby, Jython, Scala, Clojure, RedHat's Ceylon)
http://www.drdobbs.com/jvm/a-long-look-at-jvm-languages/240007765

8. Java is open source, with Twitter, SAP, RedHat,IBM, Oracle and even
Google collaborating with the project. See:

http://www.redhat.com/summit/2012/pdf/2012-DevDay-OpenJDK-Bhole.pdf

9. Java8, OpenJDK 8 is coming, w Java9 OpenJDK9 next

10. Java is more than a language. Its also a runtime environment and
level playing field software ecosystem. You can create Java apps with
any of the JVM languages without ever writing a single line of Java
code.

11. Raspberry Pi just announced that RasPis will ship with OpenJDK and JRE

Those are my reasons, if you dont like em, I have others...
;)
FC

-- 
During times of Universal Deceit, telling the truth becomes a revolutionary act
Durante épocas de Engaño Universal, decir la verdad se convierte en un
Acto Revolucionario
- George Orwell
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos





[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux