Re: Update on the Java update
Posted by
Marcus G. Daniels on
URL: http://friam.383.s1.nabble.com/Update-on-the-Java-update-tp7581225p7581228.html
On 1/14/13 5:33 PM, Tom Johnson wrote:
Update on the update:
Microsoft CLR has had similar problems..
http://technet.microsoft.com/en-us/security/bulletin/MS10-060
http://www.dhses.ny.gov/ocs/advisories/2011/2011-040.cfm
In practice Microsoft and Apple have a streamlined and automated
update system. Other than that (that JVMs and Java libraries are
comparatively stale), I don't see any reason to think that the JVM
ought to be more or less porous than the .NET CLR.
For example, I take scheduled operating system updates (whether it
is Linux or Mac or Windows) right away, as well as browser updates
(Firefox is pretty fast and basically automatic), but I am annoyed
when Java wants to update, esp. on Windows where it is decoupled
from O.S. updates, and sits in the notification area generally
nagging me to take 10 minutes to do a heavy upgrade that I mostly
don't need.
So I claim that Sun/Oracle/Java is mostly guilty of failing to
tightly integrate with desktop operating systems. (Android not
being desktop and it was not done directly by Oracle.)
Also Oracle is a victim of Java's success. It's a successful
platform for portable code deployment. It's great that DHS and
security companies just define that away as insignificant and
gratuitous.
And this in contrast to C++ and C native code ABIs that can suffer
buffer overrun exploits all over the place..?
Marcus
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe
http://redfish.com/mailman/listinfo/friam_redfish.com