Stanford's Protege for OWL

Posted by satis
Jul 5, 2019 at 02:25 PM

I think poo-pooing the continuing security issues of Java are a mistake. It was just in 2015 that Frohoff and Lawrence found a dangerous flaw in the the way data was deserialized in Apache Commons Collection, a very popular Java library - it ended up affecting well over 70 Java apps to deserialization flaws. As a result of that cock-up Oracle actually dropped serialization/deserialization because the problem was too thorny for them to fix!

https://www.bleepingcomputer.com/news/security/oracle-plans-to-drop-java-serialization-support-the-source-of-most-security-bugs/

This problem has not abated in any way. Even as Java becomes less used and marginalized, we continue to see security exploits. Just two weeks ago there was a major issue with Oracle’s Java appserver:

https://arstechnica.com/information-technology/2019/06/oracle-issues-emergency-update-to-patch-actively-exploited-weblogic-flaw/

Relying on a Wikipedia article ignores real-world usage, be it vs C++ or Node or whatever.

https://www.reddit.com/r/androiddev/comments/bm0u7x/java_vs_c_app_speed_on_android/

https://www.tandemseven.com/blog/performance-java-vs-node/

Microsoft is abandoning Java for Minecraft, which says something.

To me, Java remains a dog, and a potentially dangerous one. If I can choose an app that uses it or doesn’t there’s no question in my mind which I’ll choose.