[CentOS] Is Java insecure ?
Fernando Cassia
fcassia at gmail.com
Sat Oct 5 14:59:42 UTC 2013
On Sat, Oct 5, 2013 at 11:21 AM, Patrick <patrick at spellingbeewinnars.org> wrote:
> However it's in Centos and I trust Centos, are the concerns in the media
> blown out of proportion ?
1. In short: Yes, they were blown out of proportion with a high dose of FUD.
Read the following analysis specially the last few paragraphs.
http://timboudreau.com/blog/The_Java_Security_Exploit_in_%28Mostly%29_Plain_English/read
2.The most widely referred hole had to do with running applets on a browser.
3. J7u40 and OpenJDK7U40 took care of the major issue: Java previously
ran unsigned "applets" automatically. Now it no longer does
4. Most brosers now feature "click to run" on applets. Effectively
creating a dual barrier against running unsigned code (two clicks, one
to the browser warning, another for the JRE warning about unsigned
code). Drive-by exploits are thus impossible.
4. Java now offers a "server JRE" without the browser plug-in, starting w J7u21
http://www.oracle.com/technetwork/java/javase/7u21-relnotes-1932873.html#serverjre
5. Applets are on the way out, most of the action these days is on
server-side Java, and on client-side Java, not browser java.
6. Lots of apps are Java based and have no intention of switching
(Jitsi, Vuze, etc)
7. JVM languages are booming (JRuby, Jython, Scala, Clojure, RedHat's Ceylon)
http://www.drdobbs.com/jvm/a-long-look-at-jvm-languages/240007765
8. Java is open source, with Twitter, SAP, RedHat,IBM, Oracle and even
Google collaborating with the project. See:
http://www.redhat.com/summit/2012/pdf/2012-DevDay-OpenJDK-Bhole.pdf
9. Java8, OpenJDK 8 is coming, w Java9 OpenJDK9 next
10. Java is more than a language. Its also a runtime environment and
level playing field software ecosystem. You can create Java apps with
any of the JVM languages without ever writing a single line of Java
code.
11. Raspberry Pi just announced that RasPis will ship with OpenJDK and JRE
Those are my reasons, if you dont like em, I have others...
;)
FC
--
During times of Universal Deceit, telling the truth becomes a revolutionary act
Durante épocas de Engaño Universal, decir la verdad se convierte en un
Acto Revolucionario
- George Orwell
More information about the CentOS
mailing list