If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Register)   Yo dawg, a security bug was discovered in the version of Java that was just patched due to a security bug   (theregister.co.uk) divider line 25
    More: Fail, Yo Dawg, security bug, El Reg, Java Platform, Standard Edition, CEO Adam Gowdiak, versions  
•       •       •

1702 clicks; posted to Geek » on 01 Sep 2012 at 9:29 AM (2 years ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



25 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread
 
2012-09-01 09:29:46 AM
I weary of this.
 
2012-09-01 09:49:11 AM

2wolves: I weary of this.


For me its called "job security"
 
2012-09-01 10:03:59 AM
That wasn't really a 'yo dog' situation. Maybe if the bug was, itself, contained in another bug...
 
2012-09-01 10:32:23 AM
harmful.cat-v.org
 
2012-09-01 10:47:50 AM

gingerjet: 2wolves: I weary of this.

For me its called "job security"


^ this
 
2012-09-01 11:13:53 AM
gingerjet
For me its called "job security"

Not an Oracle employee or stockholder, then, I take it...
 
2012-09-01 11:32:21 AM
I've gotten to the point where I just advise people who seek my advice on this to just completely uninstall Java from their systems. If you need it, you will be told...and the thing is you probably don't.
 
2012-09-01 11:51:38 AM
Suck it Larry. You wanted to own this pile of sh*t developer playpen. Now you see why IT / Security pros have been hating it for years.

And yes, consensus is forming that the best idea is just remove it, definitely disable it as a plugin, and run a spare browser with Java enabled if you have to use it with Open Office or something like that.
 
2012-09-01 01:45:20 PM
Pardon a dumb question: Is Javascript okay? JRE? What exactly should be uninstalled?
 
2012-09-01 02:12:55 PM
Good thing I never update my Java.
 
2012-09-01 02:48:10 PM
WorkingInParadise: Pardon a dumb question: Is Javascript okay? JRE? What exactly should be uninstalled?

Java is a programming language that became popular because it is OO and heavily structured (which makes it easy to outsource, nudge nudge wink wink).

Javascript, is a scripting language that basically borrowed the java name (and a few other things) in order to ride on the popularity. It was supposed to be 'java for non programmers'.

JS had to "look like Java" only less so, [it had to] be Java's dumb kid brother or boy-hostage sidekick. Plus, I had to be done in ten days or something worse than JS would have happened
- Brendan Eich


The JRE (java runtime environment) the setup that you run java in.

"An environment required to run applets and applications written using the Java programming language" - Oracle
 
2012-09-01 02:49:47 PM

WorkingInParadise: Pardon a dumb question: Is Javascript okay? JRE? What exactly should be uninstalled?


Java and Javascript, though named similarly both are used to make browsers do fancy things, are completely different items.

Javascript support is built into your browser. The only way to shut that off is to install a plugin like "noscript." Javascript was originally built by some people that worked at Netscape, who were thinking about it being an add-in for Java (thus the naming thing) but then decided to just release it on its own. 16 years later, we're still enjoying the reward of their half-ass decision.

Java, the language, is a thing Sun built in the mid 1990s as well, but it is a whole language. To run it you need to install a Java Run-time Engine or JRE. It was thought to be the great app that would make all desktops finally free of Microsoft domination. Developers love Java because they like playing in sandboxes. The problem was, every developer wanted their own sandbox, so you ended up having to install multiple copies of the JRE in order to get Java to work as advertised. This led to exactly the same desktop bloat that the original Java purveyors were livid with Microsoft for in the first place.

Java is a language interpreter that sits inside your browser opening up holes for attackers unless you patch it. Javascript won't do anything bad unless you visit a malicious site and let it be enabled. Both can let bad people do things without your knowing. One was just an afterthought that caught on, the other was a carefully designed language environment that claimed it would save the world, and wound up just sucking in general.
 
2012-09-01 03:13:27 PM
Generation_D: Javascript support is built into your browser. The only way to shut that off is to install a plugin like "noscript."

Not quite correct. You could always disable javascript at the browser level, noscript just makes it much more conveniant by allowing you to whitelist some sites, temporarily whitelist sites, etc. Whereas the setting in the browser is an all or nothing affair.

www.lordargent.com
 
2012-09-01 03:14:51 PM
Oracle sucks. Have they destroyed MySQL yet?
 
2012-09-01 05:12:52 PM

lordargent: Generation_D: Javascript support is built into your browser. The only way to shut that off is to install a plugin like "noscript."

Not quite correct. You could always disable javascript at the browser level, noscript just makes it much more conveniant by allowing you to whitelist some sites, temporarily whitelist sites, etc. Whereas the setting in the browser is an all or nothing affair.

[www.lordargent.com image 506x463]


Am quite aware of that. But 99.999% of the sites out there immediately require one to "enable javascript" the minute you hit the site. So while yes, you can disable, I ignored that relic of 1990s web use because of the wit and wisdom with which most sites today are designed, e.g. they require javascript to be enabled for even basic functionality.

noscript gives (some) control back to the user in the face of web site demands.
 
2012-09-01 05:57:09 PM
Fark on my phone tells me this:)

Please turn on JavaScript for a better user experience
 
2012-09-01 06:24:24 PM
Generation_D: Am quite aware of that. But 99.999% of the sites out there immediately require one to "enable javascript" the minute you hit the site.

In many cases, those requirements are artificial (IE, the javascript is not necessary to view the content, just the ads).

For sites visited on a regular basis, you can set up noscript to do exactly what you want.
For other sites, screw em.

// the worst offenders are the ones that do an overlay, when the content you read is sitting right behind it. For those, it's nuke anything to the rescue.
 
2012-09-01 08:13:04 PM

Generation_D: WorkingInParadise: Pardon a dumb question: Is Javascript okay? JRE? What exactly should be uninstalled?

Java and Javascript, though named similarly both are used to make browsers do fancy things, are completely different items.

Javascript support is built into your browser. The only way to shut that off is to install a plugin like "noscript." Javascript was originally built by some people that worked at Netscape, who were thinking about it being an add-in for Java (thus the naming thing) but then decided to just release it on its own. 16 years later, we're still enjoying the reward of their half-ass decision.

Java, the language, is a thing Sun built in the mid 1990s as well, but it is a whole language. To run it you need to install a Java Run-time Engine or JRE. It was thought to be the great app that would make all desktops finally free of Microsoft domination. Developers love Java because they like playing in sandboxes. The problem was, every developer wanted their own sandbox, so you ended up having to install multiple copies of the JRE in order to get Java to work as advertised. This led to exactly the same desktop bloat that the original Java purveyors were livid with Microsoft for in the first place.

Java is a language interpreter that sits inside your browser opening up holes for attackers unless you patch it. Javascript won't do anything bad unless you visit a malicious site and let it be enabled. Both can let bad people do things without your knowing. One was just an afterthought that caught on, the other was a carefully designed language environment that claimed it would save the world, and wound up just sucking in general.


I knew there was a reason I had you favorited in "blue cool kids" shades
 
2012-09-01 10:24:49 PM
Generation_D
The problem was, every developer wanted their own sandbox, so you ended up having to install multiple copies of the JRE in order to get Java to work as advertised.

I've never really encountered this. Unless we're talking about websites requiring that broken-on-purpose Java version by Microsoft.
 
2012-09-01 11:29:46 PM
Generation_D: so you ended up having to install multiple copies of the JRE in order to get Java to work as advertised.

Just as maddening for developers.

// either that, or have to play around with maven, and it's weird habit of completely blowing up your environments every now and then.

// "I compiled yesterday, then went home, now this morning maven can't find shiat.
 
2012-09-01 11:42:53 PM
I updated Java yesterday afternoon and about an hour later, I got a virus that completely farked up my hard drive. Fark you, Java and Oracle.
 
2012-09-02 09:10:10 AM
This is why I run Linux! I spent four hours at the command line TRYING to install JRE 7 before giving up!
 
2012-09-02 12:04:46 PM

Fark_Guy_Rob: This is why I run Linux! I spent four hours at the command line TRYING to install JRE 7 before giving up!


You run Linux because you like wasting your time trying to make poorly written spaghetti code to work so you can do something basic to the rest of the computing world?
 
2012-09-03 12:52:16 AM
<font color="Green"> Fark_Guy_Rob : This is why I run Linux! I spent four hours at the command line TRYING to install JRE 7 before giving up!</font>

Maybe your problem is that you don't need to go to the command line to install things in most linux flavors these days.

// stop trotting out the old (OMG linux command line) horse, it died a decade ago.

<img src="http:/www.lordargent.com/temp/tech/jre.png">
 
2012-09-03 05:56:13 AM

jake_lex: I've gotten to the point where I just advise people who seek my advice on this to just completely uninstall Java from their systems.

Sad news is your advise is worthless...

Every tool has a function.

Every piece of software out there is vulnerable to a greater or lesser degree. Everything. I take it, then, that your 'advice' is to "use an abacus"?

Java has a proven security record for its class. It's application of the OOA paradigm actually prevents a large number of NPE/buffer exploits enjoyed by most others. Let's not forget that users getting hit by these infections are actively participating in their personal little drama.. These exploits are not passive. They require less-than-proficient tech users to blunder aimlessly into their open arms.

Normally with UAC turned off because "Who needs it? I have a freebie Anti-Virus!"

My advice, as a complete layman who happens to be proficient in 5 languages, is that you stop punting your 'advice' as anything other than personal, uninformed, opinion.

Also, The Register.... :/
 
Displayed 25 of 25 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report