Java Security Vulnerability

page 2 of 2

 

If you are concerned and fear you may have inadvertently installed Java on your machine, follow these instructions to remove it. If you do not have the Java Preferences app on your Mac, your machine is likely Java-free. It’s also a good move to check that your browsers don’t have a Java virtual machine installed.

Oracle just released a Java update that fixes the security hole. I would recommend this solution only if you really need to use Java. Most people don’t. If you don’t already have Java on your system, don’t bother with the update. Apple disabled Java on users’ OS X systems a few months ago. Java has a history of security flaws. It’s best to avoid Java unless you really need to use it.

As an ex-Java programmer, I do have a bit of Schadenfreude about this situation. There’s a lot I like about Java. It is very abstract. You don’t have to fiddle with memory, although this can sometimes be its downfall. It’s also very slow. That’s why it is used primarily on the server-side, to host Java EE (Enterprise Edition) applications. The costs in scaling up hardware are mitigated by the ease of development. Many of the websites you visit operate on the Java EE platform. Don’t worry — these are not security risks. The Java code is executed on the host’s server, not on your machine. Their servers just generate web pages for you to interact with.

I lost my love for Java, as it became more apparent that the “enterprise” aspect created a great deal of convolution. After all, consultants charge by the hour. Java could have been a contender, if the goal was to simplify programming. It wasn’t. Enterprise Java became a bastion for enterprise consultants creating ridiculous solutions so they could bill more hours. Quite a few gurus in the Java community made their exodus as large enterprise computing corporations set the agenda.

Like many ex-Java developers, I moved on to Ruby on Rails. Rails is used by major players, such as Twitter, Hulu, and Groupon. It is also ridiculously simple and a pleasure to develop with. While Java EE seems to have become more about complexity, Rails is all about elegance and simplicity. Rails forces developers to adhere to certain conventions.

Much of the Java world has recently tried to copy Rails, with technologies such as Grails and Roo. Imitation is the highest form of flattery, I guess. That said, anyone inheriting a Java EE application doesn’t know what to expect. Configuration by convention is only accepted by some Java programmers. Rails forces it on the developer. Anyone inheriting a Rails app can come up to speed quickly. That’s a consultant’s nightmare — less billable hours. It’s the entrepreneur’s dream. Rails makes it possible for one developer to create and manage a profitable dynamic website. Even non-programmers have been able to create decent web-based apps using Rails. Of course, your results will vary based on experience.

The latest round of security flaws is yet another nail in Java’s coffin. Java will be around for some time, but its importance diminishes every day. This is the hard fact of computing. Technologies become obsolete. I’ve moved on, as have thousands of Java programmers.

← prev page

Leave a comment

Your email address will not be published.