LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-14-2013, 09:19 PM   #16
rng
Member
 
Registered: Aug 2011
Posts: 747

Rep: Reputation: 23

Thanks for pointing out that this link may not be relevant. But what about the main question regarding safety of icedtea-plugins?
 
1 members found this post helpful.
Old 01-14-2013, 09:47 PM   #17
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,580
Blog Entries: 2

Rep: Reputation: 4037Reputation: 4037Reputation: 4037Reputation: 4037Reputation: 4037Reputation: 4037Reputation: 4037Reputation: 4037Reputation: 4037Reputation: 4037Reputation: 4037
Icedtea has a different codebase then the Oracle plugin, so the recent exploit does not work with it. Of course no software can be 100% secure, so it may be that there will be exploits in the future. I can only speak for my self,but such critical holes are usually fixed within hours in open source software. Oracle didn't fix that hole in months, until it now was recognized that there exists an exploit for it that is already widely used. Decide for yourself which one you prefer, I will go with the open source solution.
 
1 members found this post helpful.
Old 01-15-2013, 03:01 AM   #18
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
CERT also agrees that Java is still not safe even with the new patch, and it probably won't be safe for up to 2 years:
http://www.networkworld.com/communit...ke-2-years-fix

Knowing Oracle ... it probably never will be safe.

My personal recommendation is to uninstall java unless you absolutely need it, and if you do then use openjdk (and icedtea if you need it). I haven't used java since Oracle bought Sun.
 
1 members found this post helpful.
Old 01-15-2013, 03:49 AM   #19
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,204
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
There is the recommencation to return to the 1.6...
I wonder if I will mess up my system if I install IceTea?

Edit - of course, I still firmly believe in the base principles of Java, and it is moments like these that show the ongoing evolution. You can only find out about a weakness if you ...break something. I dont blame Java, but (sorry, guys) the "owner" thereof: Oracle. I was (and still firmly am) sceptical at the news that Oracle took over Sun, and hence owned Java. Oracle's core goal is not a programming platform but a database platform...hence the "sloppyness" around Java from Oracle's part. They're not to blame, and yet at the same time are to blame...for not sticking to the core bizz...
My humble two cents...

Last edited by Thor_2.0; 01-15-2013 at 04:31 AM.
 
1 members found this post helpful.
Old 01-15-2013, 07:54 AM   #20
jefro
Guru
 
Registered: Mar 2008
Posts: 11,400

Rep: Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397
"of course no software can be 100% secure"


I have watched patches, fixes, claims for almost 30 years now. Still exploits, hacks and rootkits virus's and malware exist at all levels and versions.

Sad part is that peoples lives are on attack not just industry, organizations and governments. Common folks think they can bank without fear or use credit cards only to have some crook hold them up.

Back to the topic, java has been considered less than secure for a very long time.
 
1 members found this post helpful.
Old 01-17-2013, 02:22 AM   #21
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
New vulnerability being sold, and analysis from openjdk:
http://developers.slashdot.org/story...ploit-for-sale
 
1 members found this post helpful.
Old 01-18-2013, 01:54 PM   #22
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
And it continues:
http://developers.slashdot.org/story...ss-flaws-found
 
Old 01-19-2013, 02:03 AM   #23
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,204
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
...does this mean this is a prelude of a next-gen Java to come? Or could is mean Oracle is secretly looking for a buyer for the Java/Sun component...hence the lack of envolvement of the part of Oracle...
 
Old 01-19-2013, 03:32 AM   #24
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Why did they even buy Sun ? Probably just to eliminate competition or yeah sell it to someone else.
 
Old 01-19-2013, 07:06 AM   #25
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,204
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
Quote:
Why did they even buy Sun ? Probably just to eliminate competition or yeah sell it to someone else.
...umm, let me put some focus on the currently raging financial crisis (in europe - small 'e' mind you) today...where did that start? With some biggie (a bank in this case) that wanted to gobble up a smaller biggie.
Oracle's problem is that Java (programming languages) is NOT the core, but it complements the core business well. Kinda like you'd like an airplane but you dont know how to fly one. Solution: get the plane...and a *** pilot!
Oracle bought Sun, what happened? OpenJDK happened, if I'm not mistaken. The pilot(s) hopped on an other plane...
Now, the passengers are in panic because the plane is crashing, or, as mentioned, is on the tarmac, for sale...in small print...

Last edited by Thor_2.0; 01-19-2013 at 07:10 AM.
 
Old 03-02-2013, 09:33 AM   #26
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
And again:
http://developers.slashdot.org/story...ed-in-the-wild

This is getting old. Well, it doesn't bother me, I haven't installed java since Oracle bought sun.
 
Old 03-03-2013, 11:38 AM   #27
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,204
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
It's a symptom of an industry that works on impulses that do not work anymore in today's economy: unbridled growth. Economists seem to forget that a company has FOUR life phases: growth, stability, stagnation and shrink. They all seem to lose focus of stability.
Why Java? To grow. Same with ***soft: they aquired Skype, Google did'nt do that, it came up with a solution of its own. Google innovates, ***soft, oracle and all the other dinosaurs dont, they aquire, that's all: repackaged stuff...
And does anyone wonder where today's crisis really comes from? I know...we all do...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Oracle reportedly knew of critical Java bugs under attack for 4 months LXer Syndicated Linux News 0 08-30-2012 07:40 AM
LXer: Microsoft takes Oracle side in Google Java-phone attack LXer Syndicated Linux News 0 09-18-2010 11:40 AM
LXer: Google dubs Oracle suit 'attack on Java community' LXer Syndicated Linux News 0 08-17-2010 12:31 AM
LXer: Another Day, Another Illogical Attack On Open Source LXer Syndicated Linux News 16 02-28-2010 09:59 AM
Server Attack...every day, help:( xmanxl Linux - Security 22 08-19-2004 02:38 PM


All times are GMT -5. The time now is 09:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration