Prev: kgpg problems
Next: Downloading 13.1?
From: blmblm on 9 Jul 2010 08:04 In article <i0rm0e0q2f(a)news2.newsguy.com>, David H. Lipman <DLipman~nospam~@Verizon.Net> wrote: > From: "Aragorn" <aragorn(a)chatfactory.invalid> > > | On Monday 05 July 2010 00:29 in comp.os.linux.misc, somebody identifying > | as David H. Lipman wrote... [ snip ] > I just hope Oracle and get the people at Sun to secure JRE. It is been theo source or > many and infected computer due to its many vulnerabilities and subsequent exploitation. Can you point me to a good source of information about these vulnerabilities and exploitation? I did a quick Google search on Java and "security hole" and found some mentions of exploitable flaws in implementing Java's security model [*], but to me they didn't seem to be adding up to "many vulnerabilities". What did I overlook? [*] At least it *has* one, though I suppose one could make a case for the notion that a badly-implemented security model might be worse than none at all, in that it generates a false sense of safety. Not trying to start a flame war here -- trying to fill in possible gaps in my own knowledge! -- B. L. Massingill ObDisclaimer: I don't speak for my employers; they return the favor.
From: Grant on 9 Jul 2010 16:51 On 9 Jul 2010 12:03:40 GMT, blmblm(a)myrealbox.com <blmblm(a)myrealbox.com> wrote: >In article <i0qvb5$9ni$2(a)news.eternal-september.org>, >Aragorn <aragorn(a)chatfactory.invalid> wrote: >> On Sunday 04 July 2010 20:37 in comp.os.linux.misc, somebody identifying >> as no.top.post(a)gmail.com wrote... > >[ snip ] > >> Java compiles to bytecode, which gets executed in a so-called Java >> Virtual Machine, or as Sun used to call it, a Java Runtime Environment. >> This makes Java extremely portable, but also noticeably slower than >> other languages. > >For suitable values of "noticeably slower", maybe .... > >As I understand it, most/all current JVMs do "just in time" compilation >to native code, with the result that the speed difference between >a Java application and its equivalent in a language such as C++ can >be a lot smaller than it was when JVMs worked only by interpreting >bytecode. It's not the language I'd pick if I needed the best possible >performance, and I don't want to start a flame war here, but -- just >sayin'. One thing keeps Java going is universities use it (or did, some years ago) as a training language. Not going away any time soon? Grant.
From: David H. Lipman on 9 Jul 2010 17:00 From: <blmblm(a)myrealbox.com> | In article <i0rm0e0q2f(a)news2.newsguy.com>, | David H. Lipman <DLipman~nospam~@Verizon.Net> wrote: >> From: "Aragorn" <aragorn(a)chatfactory.invalid> >> | On Monday 05 July 2010 00:29 in comp.os.linux.misc, somebody identifying >> | as David H. Lipman wrote... | [ snip ] >> I just hope Oracle and get the people at Sun to secure JRE. It is been theo source or >> many and infected computer due to its many vulnerabilities and subsequent >> exploitation. | Can you point me to a good source of information about these | vulnerabilities and exploitation? I did a quick Google search on Java | and "security hole" and found some mentions of exploitable flaws in | implementing Java's security model [*], but to me they didn't seem | to be adding up to "many vulnerabilities". What did I overlook? | [*] At least it *has* one, though I suppose one could make a case for | the notion that a badly-implemented security model might be worse | than none at all, in that it generates a false sense of safety. | Not trying to start a flame war here -- trying to fill in possible | gaps in my own knowledge! You can start with the ByteVerify exploit F**K ! Dead http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1 "Book marks to the legacy Sun Alert: : http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1 are no longer available and SunSolve will report the document is not found. As the mapping to the new system does not exit. To find this SunAlert, searching on the keywords or the original title, for example, Security Vulnerability in the Sun Java Web Console May Allow Access to Privileged on SunSolve will provide the new link: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001060.1-1 " http://isc.sans.edu/diary.html?storyid=2088 http://www.us-cert.gov/cas/alerts/SA08-340A.html http://search.us-cert.gov/search?q=sun+java&btnG.x=0&btnG.y=0&btnG=Go&entqr=0&ud=1&sort=date%3AD%3AL%3Ad1&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=default_frontend&proxystylesheet=default_frontend&site=default_collection -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Richard Kettlewell on 9 Jul 2010 17:13 Robert Heller <heller(a)deepsoft.com> writes: > As a side note: C# / .NET are Micro$loths 'replacements' for Java and > the JRE/JDK (C# is a kind of embrace-and-extend fork of Java). In > *theory* C# is just like Java: compile once, run anywhere [you have a > run-time environment]. '.NET' is the M$ Run Time environment for C#. > And there is something called Mono, which is a Linux run-time > environment that will run .NET (C#) applications. There isn't (AFAIK) > a Linux-based C# compiler / development kit. Mono includes a C# compiler. > One can develop a C#/.NET application (under MS-Windows) and then run > it (using Mono) under Linuqx, but I don't think anyone really bothers > to run C# programs anywhere by under MS-Windows. C# is effectively > (in practice) as platform-specific as VB. Or Visual C++. Current Ubuntu includes several applications written C#, e.g. f-spot and tomboy. -- http://www.greenend.org.uk/rjk/
From: Eef Hartman on 11 Jul 2010 06:34
In alt.os.linux.slackware Richard Kettlewell <rjk(a)greenend.org.uk> wrote: > Current Ubuntu includes several applications written C#, e.g. f-spot and > tomboy. Current and recent openSUSE releases do also, like the Banshee mediaplayer, the Kerry/Beagle home dir indexer and several others -- ****************************************************************** ** Eef Hartman, Delft University of Technology, dept. SSC/ICT ** ** e-mail: E.J.M.Hartman(a)tudelft.nl - phone: +31-15-27 82525 ** ****************************************************************** |