IBM Open Sources Their Own JVM/JDK As Eclipse OpenJ9

IBM has open sourced a “high performance, scalable virtual machine” with “a great pedigree… [it’s] at the core of many IBM enterprise software products.” Slashdot reader dxb1230 writes: IBM has open sourced their JDK/JVM implementation named J9 as OpenJ9. The community now has an alternative implementation of Java which has been well tested on enterprise workloads and hardware. This unlike, OpenJDK, has all the bells and whistles like jit.

Read more of this story at Slashdot.


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/S0AX8qpJW0E/ibm-open-sources-their-own-jvmjdk-as-eclipse-openj9

Original article

Oracle May Have Stopped Funding and Developing Java EE

While anticipating new features in Java 9, developers also have other concerns, according to an anonymous Slashdot reader:
ArsTechnica is reporting that Oracle has quietly pulled funding and development efforts away from Java EE, the server-side Java technology that is part of hundreds of thousands of Internet and business applications. Java EE even plays an integral role for many apps that aren’t otherwise based on Java, and customers and partners have invested time and code. It wouldn’t be the first time this has happened, but the implications are huge for Java as a platform.

“It’s a dangerous game they’re playing…” says one member of the Java Community Process Executive Committee. “It’s amazing — there’s a company here that’s making us miss Sun.” Oracle’s former Java evangelist even left the company in March and became a spokesman for the “Java EE Guardians,” who have now created an online petition asking Oracle to


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/L5bfxF7rtcE/oracle-may-have-stopped-funding-and-developing-java-ee

Original article

Pastejacking Attack Appends Malicious Terminal Commands To Your Clipboard

An anonymous reader writes: “It has been possible for a long time for developers to use CSS to append malicious content to the clipboard without a user noticing and thus fool them into executing unwanted terminal commands,” writes Softpedia. “This type of attack is known as clipboard hijacking, and in most scenarios, is useless, except when the user copies something inside their terminal.” Security researcher Dylan Ayrey published a new version of this attack last week, which uses only JavaScript as the attack medium, giving the attack more versatility and making it now easier to carry out. The attack is called Pastejacking and it uses Javascript to theoretically allow attackers to add their malicious code to the entire page to run commands behind a user’s back when they paste anything inside the console. “The attack can be deadly if combined with tech support or phishing emails,” writes Softpedia. “Users might think they’re copying innocent text into their console, but in fact, they’re running the crook’s exploit for them.”


Share on Google+

Read more of this story at Slashdot.


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/qzRFSbi7nYI/pastejacking-attack-appends-malicious-terminal-commands-to-your-clipboard

Original article

Oracle issues an emergency patch to Java for Windows

Malware spy

Security problems are not new to Java, though it is, admittedly, not the only platform that suffers from these problems. Now Oracle has acknowledged a new hole and it is bad enough to issue an out of cycle emergency patch.

With the catchy name of CVE-2016-0603, the security flaw requires the user to access a malicious website and accept the download of Java version 6, 7 or 8 in order to become infected. However, for those who fall for it, the attack will allow for a total compromise of the system.

“Because the exposure exists only during the installation process, users need not upgrade existing Java installations to address the vulnerability. However, Java users who have downloaded any old version of Java prior to 6u113, 7u97 or 8u73, should discard these old downloads and replace them with 6u113, 7u97 or 8u73 or later”, writes Eric Maurice of Oracle.

This is just the latest in a long line of patches from Oracle, a company that only recently had to issue 248 patches at once. The actual bug is not revealed so as to keep it away from potential malicious use. The good news in all of this is that an attack seems unlikely given the need to be lured to a particular site and then to download a version of Java that isn’t coming from Oracle.

Photo Credit: Balefi


Original URL: http://feeds.betanews.com/~r/bn/~3/P_6PgxWPjcE/

Original article

Oracle agrees to warn Java users of malware risk

Warning Sign Sky Cloud Cloudy

Oracle is about to issue a warning that Java users could be exposed to malware, the media have reported on Tuesday.

The exposure is the result of a flaw that existed in Java’s software update tool. After an investigation conducted by the US Federal Trade Commission, Oracle (Java’s distributor) has agreed to issue a warning over its social media channels and on its website, otherwise it would have been fined.

According to a BBC report, Oracle has admitted no wrongdoing. All of this seems like a bunch of (un)necessary formalities.

According to the FTC’s complaint, Oracle was aware of security issues in the Java SE (standard edition) plug-in when it bought the technology’s creator, Sun, in 2010.

“The security issues allowed hackers to craft malware that could allow access to consumers’ usernames and passwords for financial accounts, and allow hackers to acquire other sensitive information”, the FTC said.

The point is — Oracle promised its users that updating Java would ensure their PCs would remain “safe and secure”, but never mentioned that any risk remained — even though it did remain.

This was because Sun’s original update process did not delete earlier versions of its software, which hackers could exploit to carry out their attacks. The problem was resolved in August 2014.

Oracle could not plead ignorance because the FTC had obtained internal documents dated from 2011 that stated “[the] Java update mechanism is not aggressive enough or simply not working”.

The plug-in is installed on many PCs to let them to run small programs written in the Java programming language.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Photo Credit: bahri altay/Shutterstock


Original URL: http://feeds.betanews.com/~r/bn/~3/3LQC9VQE7nk/

Original article

JavaScript Devs: Is It Still Worth Learning jQuery?

Nerval’s Lobster writes: If you’re learning JavaScript and Web development, you might be wondering whether to learn jQuery. After nearly a decade of existence, jQuery has grown into a fundamental part of JavaScript coding in Web development. But now we’re at a point where many of the missing pieces (and additional features) jQuery filled in are present in browsers. So do you need to learn jQuery anymore? Some developers don’t think so. The official jQuery blog, meanwhile, is pushing a separate jQuery version for modern browsers, in an attempt to keep people involved. And there are still a few key reasons to keep learning jQuery: Legacy code. If you’re going to go to work at a company that already has JavaScript browser code, there’s a strong possibility it has jQuery throughout its code. There’s also a matter of preference: People still like jQuery and its elegance, and they’re going to continue using it, even though they might not have to.


Share on Google+

Read more of this story at Slashdot.


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/a2CIDiI-06M/javascript-devs-is-it-still-worth-learning-jquery

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: