Outliner Software
Home Forum Archives Search Login Register


 

Outliner Software Forum RSS Feed Forum Posts Feed

Subscribe by Email

CRIMP Defined

 

Tip Jar

Stanford's Protege for OWL

View this topic | Back to topic list

Posted by satis
Jul 5, 2019 at 02:25 PM

 

I think poo-pooing the continuing security issues of Java are a mistake. It was just in 2015 that Frohoff and Lawrence found a dangerous flaw in the the way data was deserialized in Apache Commons Collection, a very popular Java library - it ended up affecting well over 70 Java apps to deserialization flaws. As a result of that cock-up Oracle actually dropped serialization/deserialization because the problem was too thorny for them to fix!

https://www.bleepingcomputer.com/news/security/oracle-plans-to-drop-java-serialization-support-the-source-of-most-security-bugs/

This problem has not abated in any way. Even as Java becomes less used and marginalized, we continue to see security exploits. Just two weeks ago there was a major issue with Oracle’s Java appserver:

https://arstechnica.com/information-technology/2019/06/oracle-issues-emergency-update-to-patch-actively-exploited-weblogic-flaw/

Relying on a Wikipedia article ignores real-world usage, be it vs C++ or Node or whatever.

https://www.reddit.com/r/androiddev/comments/bm0u7x/java_vs_c_app_speed_on_android/

https://www.tandemseven.com/blog/performance-java-vs-node/

Microsoft is abandoning Java for Minecraft, which says something.

To me, Java remains a dog, and a potentially dangerous one. If I can choose an app that uses it or doesn’t there’s no question in my mind which I’ll choose.

 


© 2006-2025 Pixicom - Some Rights Reserved. | Tip Jar