Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 11, 2013, 08:53 PM   #126
grahamperrin
macrumors 68000
 
grahamperrin's Avatar
 
Join Date: Jun 2007
Location: not in Kansas anymore.
Some misleading points in this MacRumors article, and in its update

Quote:
Originally Posted by JTToft View Post
... Firefox ...
This MacRumors article is potentially misleading. A truer title might have been:

Apple protects Mac users of Safari by blocking Java 7 Update 10 (1.7.0_10-b18)

Browsers such as OmniWeb and Safari respect Apple's blockage.

Browsers such as Firefox do not respect the blockage.

Screenshots – the eighth demonstrates that whilst users of Safari are protected, users of Firefox may remain at risk with the Java 7 Update 10 that is blocked by Apple.

The ninth shot draws attention to the relevant security option in the Java Control Panel for Java 7.

Apple's distribution of Java 6 Update 37 appears to be not blocked by XProtect – shot twenty.

The update to the original article is misleading:

Quote:
Originally Posted by Eric Slivka
Update: As detailed in the National Vulnerability Database, the issue affects not only the Java 7 plug-in, but all versions from 4 through 7.
That's wrong - not all those versions are affected. Currently neither Apple's distribution of Java 6 Update 37, nor Oracle's distribution of Java 6 Update 37, is listed under CVE-2013-0422.

Google Chrome, Java and XProtect

Chromium issue 169649: Google Chrome for Mac does not work with Apple XProtect

Chrome for Mac is 32-bit. Java 7 runs only on 64-bit browsers.

If you have no immediate requirement to run a Java applet within Safari

Please await an update from Oracle.

If you do have an immediate requirement

You can either:
  1. reuse Java 6 Update 37; or
  2. use something greater than Java 7 update 10.

Java for OS X 2012-006: How to re-enable the Apple-provided Java SE 6 applet plug-in and Web Start functionality

Proceed with caution:

Internet plug-in for Java 7 Update 12 (early access, developer preview release)

You may cautiously use the Internet plug-in that is with the pre-release JDK.

Java Platform, Standard Edition 7 Update 12 Developer Preview Releases — Java.net

Aim for the JDK, not the JRE. At the time of writing the download for OS X is:
  • jdk-7u12-ea-bin-b08-macosx-x86_64-03_jan_2013.dmg

Notes

At Oracle's Verify Java Version page, the result may be:

Quote:
You have the recommended Java installed (1.7.0_12-ea).
– at this time, ignore those words from Oracle. The developer preview releases of Java should be not recommended in that way.

Proceed with caution:
  • a vulnerability that is within Java 7 Update 10 may be also within a developer preview release
  • pay regular visits to Java Downloads for All Operating Systems to discover what's truly recommended by Oracle.

Further reading

In Ask Different:

Last edited by grahamperrin; Jan 12, 2013 at 04:00 AM. Reason: NOT all versions from 4 through 7 are vulnerable
grahamperrin is offline   1 Reply With Quote
Old Jan 11, 2013, 08:54 PM   #127
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by Rodimus Prime View Post
If you want security and good security Apple is not your best choice.
Mac OS X is more secure than Windows.

Quote:
1) Until Vista, the admin account in Windows did not implement DAC in a way to prevent malware by default. Also, Windows has a far greater number of privilege escalation vulnerabilities that allow bypassing DAC restrictions even if DAC is enabled in Windows.

Much of the ability to turn these vulnerabilities into exploits is due to the insecurity of the Windows registry. Also, more easily being able to link remote exploits to local privilege escalation exploits in Windows is due to the Windows registry.

Mac OS X does not use an exposed monolithic structure, such as the Windows registry, to store system settings. Also, exposed configuration files in OS X do not exert as much influence over associated processes as the registry does in Windows.

Mac OS X Snow Leopard has contained only 4 elevation of privilege vulnerabilities since it was released; obviously, none of these were used in malware. Lion has contained 2 so far but one of these vulnerabilities doesn't affect all account types because of being due to a permissions error rather than code vulnerability.

The following link shows the number of privilege escalation vulnerabilities in Windows 7 related to just win32k:

http://cve.mitre.org/cgi-bin/cvekey....yword=win32k+7

More information about privilege escalation in Windows 7:

http://www.exploit-db.com/bypassing-...vista7-mirror/ -> guide to develop exploits to bypass UAC by manipulating registry entries for kernel mode driver vulnerabilities.

https://media.blackhat.com/bh-dc-11/...nelpool-wp.pdf -> more complete documentation about Windows kernel exploitation.

http://mista.nu/research/mandt-win32k-paper.pdf -> more complete documentation about alternative methods to exploit the Windows kernel.

http://threatpost.com/en_us/blogs/td...net-bug-120710 -> article about the TDL-4 botnet which uses a UAC bypass exploit when infecting Windows 7.

2) Windows has the potential to have full ASLR but most software does not fully implement the feature. Most software in Windows has some DLLs (dynamic link libraries = Windows equivalent to dyld) which are not randomized.

http://secunia.com/gfx/pdf/DEP_ASLR_2010_paper.pdf -> article overviewing the issues with ASLR and DEP implementation in Windows.

Also, methods have been found to bypass ASLR in Windows 7.

http://vreugdenhilresearch.nl/Pwn2Ow...tExplorer8.pdf -> article describing bypassing ASLR in Windows 7.

Mac OS X has full ASLR implemented on par with Linux. This includes ASLR with position independent executables (PIE). DLLs in Windows have to be pre-mapped at fixed addresses to avoid conflicts so full PIE is not possible with ASLR in Windows.

Using Linux distros with similar runtime security mitigations as Lion for a model, client-side exploitation is incredibly difficult without some pre-established local access. Of course, this is self defeating if the goal of the exploitation is to achieve that local access in the first place.

See the paper linked below about bypassing the runtime security mitigations in Linux for more details.

http://www.blackhat.com/presentation...slr-slides.pdf

The author only manages to do so while already having local access to the OS.

3) Mac OS X Lion has DEP on stack and heap for both 64-bit and 32-bit processes. Third party software that is 32-bit may lack this feature until recompiled in Xcode 4 within Lion. Not much software for OS X is still 32-bit.

But, not all software in Windows uses DEP; this includes 64-bit software. See first article linked in #2.

4) Mac OS X implements canaries using ProPolice, the same mitigation used in Linux. ProPolice is considered the most thorough implementation of canaries. It is known to be much more effective than the similar system used in Windows.

http://www.blackhat.com/presentation...rman-paper.pdf -> article comparing ProPolice to stack canary implementation in Windows.

5) Application sandboxing and mandatory access controls (MAC) in OS X are the same thing. More specifically, applications are sandboxed in OS X via MAC. Mac OS X uses the TrustedBSD MAC framework, which is a derivative of MAC from SE-Linux. This system is mandatory because it does not rely on inherited permissions. Both mandatorily exposed services (mDNSresponder, netbios...) and many client-side apps (Safari, Preview, TextEdit…) are sandboxed in Lion.

Windows does not have MAC. The system that provides sandboxing in Windows, called mandatory integrity controls (MIC), does not function like MAC because it is not actually mandatory. MIC functions based on inherited permissions so it is essentially an extension of DAC (see #1). If UAC is set with less restrictions or disabled in Windows, then MIC has less restrictions or is disabled.

http://www.exploit-db.com/download_pdf/16031 -> article about Mac sandbox.

http://msdn.microsoft.com/en-us/libr...(v=VS.85).aspx -> MS documentation about MIC.

https://media.blackhat.com/bh-eu-11/...xes-Slides.pdf -> researchers have found the MIC in IE is not a security boundary.

6) In relation to DAC and interprocess sandboxing in OS X in comparison with some functionality of MIC in Windows 7 (see #5), the XNU kernel used in OS X has always had more secure interprocess communication (IPC) since the initial release of OS X.

Mac OS X, via being based on Mach and BSD (UNIX foundation), facilitates IPC using mach messages secured using port rights that implement a measure of access controls on that communication. These access controls applied to IPC make it more difficult to migrate injected code from one process to another.

Adding difficulty to transporting injected code across processes reduces the likelihood of linking remote exploits to local exploits to achieve system level access.

As of OS X Lion, the XPC service has also been added to implement MAC (see #5) on IPC in OS X. (http://developer.apple.com/library/m...CServices.html)

7) Security benefits of a UNIX foundation

Not all software vulnerabilities are exploitable. Vulnerabilities that are not exploitable only allow a denial of service condition upon being triggered. Exploitable vulnerabilities allow code execution when triggered.

There are two methods to achieve code execution in relation to buffer overflows:

1) RET overwrite -> control return address of instruction pointer

2) SEH (structured exception handler) overwrite -> control content of handler that will be executed upon an exception

To clarify:

Quote:
While typical stack-based buffer overflows work by overwriting the return address in the stack, SEH overwrites work by overwriting the handler attribute of an exception registration record that has been stored on the stack. Unlike overwriting the return address, where control is gained immediately upon return from the function, an SEH overwrite does not actually gain code execution until after an exception has been generated. The exception is necessary in order to cause the exception dispatcher to call the overwritten handler.
Basically, SEH overwrites provide a second method to exploit a vulnerability in the event that a RET overwrite is unsuccessful or not exploitable. Obviously, more vectors being available to facilitate exploiting a vulnerability increases the number of vulnerabilities that are exploitable. SEH overwrites reduce the number of vulnerabilities that only produce a denial of service condition.

Mitigations have been developed to prevent SEH overwrites. These include SafeSEH and SEHOP. Methods are known that allow bypassing both mitigations.

SafeSEH is bypassed if only one component of the program doesn't implement this mitigation; it is common that not all components implement SafeSEH.

SEHOP is bypassed if ASLR is compromised via a memory disclosure vulnerability.

So, what does this have to do with the security benefits of a UNIX foundation?

UNIX and UNIX-like operating systems, such as Mac OS X and Linux, don't have structured exception handling. So, SEH overwrites, as a vector to increase the number of exploitable vulnerabilities, doesn't exist in these operating systems. The signalling system used in these operating systems isn't liable to this type of manipulation.

SEH overwrites do provide a plausible explanation for more vulnerabilities being exploitable in Windows.

http://www.i-hacked.com/freefiles/Ea...ploit_v1.3.pdf

http://www.sysdream.com/sites/defaul...s/sehop_en.pdf

8) Windows has far more public and/or unpatched vulnerabilities than OS X.

http://m.prnewswire.com/news-release...110606584.html -> article about 18 year old UAC bypass vulnerability.

9) Password handling in OS X is much more secure than Windows.

The default account created in Windows does not require a password. The protected storage API in Windows incorporates the users password into the encryption key for items located in protected storage. If no password is set, then the encryption algorithm used is not as strong. Also, no access controls are applied to items within protected storage.

In Mac OS X, the system prompts the user to define a password at setup. This password is incorporated into the encryption keys for items stored in keychain. Access controls are implemented for items within keychain.

Also, Mac OS X Lion uses a salted SHA512 hash, which is still considered cryptographically secure. It is more robust than the MD4 NTLMv2 hash used to store passwords in Windows 7.

http://www.windowsecurity.com/articl...ord-Part1.html -> article about Windows password hashing.

10) The new runtime security mitigation improvements to be included in Windows 8 have already been defeated.

http://vulnfactory.org/blog/2011/09/...op-mitigation/

To put this into perspective, methods to bypass the new runtime security mitigations in Mac OS X Lion are not yet available.

11)In regards to recent earlier version of Mac OS X:

The following article relates to varying levels of security mitigations in different Linux distros but it is applicable in revealing that the runtime security mitigations in some earlier versions of Mac OS X prior to Lion were far from inadequate.

http://www.blackhat.com/presentation...slr-slides.pdf

While Mac OS X Leopard/SL lack full ASLR, Windows Vista/7 have stack canaries (aka stack cookies) that are trivial to bypass.

The following link shows the issues with stack canaries in Windows. -> http://www.blackhat.com/presentation...rman-paper.pdf

So:

Windows Vista/7 = NX + ASLR
Mac OS X Leopard/SL = NX + stack cookies

These articles show that NX in combination with stack canaries is more difficult to bypass than a combination of NX and ASLR.

12) Mountain Lion only improves upon the security of Lion.

BTW, Safari on a Mac running Lion was not hacked at the last pwn2own.
munkery is offline   2 Reply With Quote
Old Jan 11, 2013, 08:58 PM   #128
grahamperrin
macrumors 68000
 
grahamperrin's Avatar
 
Join Date: Jun 2007
Location: not in Kansas anymore.
Please see the update to the article

Quote:
Originally Posted by 3lite View Post
So I Java 6 the safest to use right now?
No.

Java 6 is no safer than the current Java 7 Update 10.

Please see the update to the article.

Last edited by grahamperrin; Jan 11, 2013 at 09:02 PM. Reason: clarification
grahamperrin is offline   0 Reply With Quote
Old Jan 11, 2013, 09:07 PM   #129
Solomani
macrumors 68000
 
Solomani's Avatar
 
Join Date: Sep 2012
Quote:
Originally Posted by mreed911 View Post
Wow. The Apple fix for this is both elegant and scary - I tested it on mine and I definitely get the popup that Java is unsecure and out of date, and blocked - but I didn't have to do anything to get that update to xprotect.plist. No software update, no nothing. That's rather scary.

I suppose at this point I'm willing to trade the 0-day security for Apple's ability to reach in and tweak settings.
Is there any way to know exactly WHEN Apple makes these "background updates"? Like... does it happen any time I connect to the App Store under the (Checking for) Updates tab? I'm not as paranoid about this, but I am curious to know when files are modified on my Mac.
Solomani is offline   0 Reply With Quote
Old Jan 11, 2013, 09:22 PM   #130
Morshu9001
Banned
 
Join Date: Dec 2012
Location: the capital of Assyria
Quote:
Originally Posted by xionxiox View Post
Java is the worst thing ever. Always buggy and slow. Oracle doesn't give a **** about Macs.
Well, NOW they do. But it doesn't matter. Java still sucks except when it's used, ironically, in browsers, in which case it's useful. But why the heck is Minecraft made in Java?
Quote:
the U.S. Department of Homeland Security has recommended that users disable the Java 7 browser plug-in entirely until a patch is made available by Oracle.


----------

Java: Compile your malware once, run it on any machine!!11

----------

Quote:
Originally Posted by Stella View Post
Tell us why 'Java Sucks'?

Thanks.
It's inefficient and buggy; it should only be used in small web apps.

----------

Quote:
Originally Posted by krravi View Post
And Eclipse is written in? Terrible response times! Almost puts you to sleep looking at the IDE.
That's just Eclipse. It sucks!!! One of the worst things that happens is when it fails to acknowledge that certain files that I need exist, but I can't drag them in because they already "exist". In truth, they DO exist, but it can't see them and use them as resources for my code. So I have to take everything out then put it back in. Also, it deleted a bunch of my old assignments (not a problem, but scary) for no reason.
Morshu9001 is offline   0 Reply With Quote
Old Jan 11, 2013, 09:36 PM   #131
grahamperrin
macrumors 68000
 
grahamperrin's Avatar
 
Join Date: Jun 2007
Location: not in Kansas anymore.
a little more about com.apple.xprotectupdater

Code:
macbookpro08-centrim:PreferencePanes gjp22$ sudo launchctl list com.apple.xprotectupdater
{
	"Label" = "com.apple.xprotectupdater";
	"LimitLoadToSessionType" = "System";
	"OnDemand" = true;
	"LastExitStatus" = 0;
	"TimeOut" = 30;
	"ProgramArguments" = (
		"/usr/libexec/XProtectUpdater";
	);
};
macbookpro08-centrim:PreferencePanes gjp22$ defaults read /System/Library/LaunchDaemons/com.apple.xprotectupdater
{
    Label = "com.apple.xprotectupdater";
    ProgramArguments =     (
        "/usr/libexec/XProtectUpdater"
    );
    RunAtLoad = 1;
    StartInterval = 86400;
}
macbookpro08-centrim:PreferencePanes gjp22$
86400 seconds = twenty-four hours.

----------

Quote:
Originally Posted by Hinnenk1amp View Post
… Apple's ability to …
If you prefer less security, please go ahead:

Mac Help: Advanced pane of Security & Privacy preferences

Last edited by grahamperrin; Jan 11, 2013 at 10:36 PM.
grahamperrin is offline   0 Reply With Quote
Old Jan 11, 2013, 09:37 PM   #132
AidenShaw
macrumors G5
 
AidenShaw's Avatar
 
Join Date: Feb 2003
Location: The Peninsula
Quote:
Originally Posted by mreed911 View Post
I suppose at this point I'm willing to trade the 0-day security for Apple's ability to reach in and tweak settings.
Check the meaning of "zero-day", and fix your post.
__________________
6 October 2014 - the day that the debate about marriage equality ended. And equality prevailed.
nul
AidenShaw is offline   0 Reply With Quote
Old Jan 11, 2013, 09:38 PM   #133
Tophersky
macrumors member
 
Join Date: Feb 2005
Location: Tampa, FL
Does this have anything to do with why I could not VPN into my work Mac from home tonight?
__________________
2008 8-core Mac Pro | iPhone 5 - 32 GB
Tophersky is offline   0 Reply With Quote
Old Jan 11, 2013, 09:49 PM   #134
A Hebrew
macrumors 6502a
 
A Hebrew's Avatar
 
Join Date: Jan 2012
Location: Minnesota
Java makes a mistake with their HUGE software services? Yep. They suck.
__________________
2012 13" MacBook Air | 2012 27" iMac | iPad 3 | iPhone 5
A Hebrew is offline   0 Reply With Quote
Old Jan 11, 2013, 10:02 PM   #135
Stella
macrumors 603
 
Stella's Avatar
 
Join Date: Apr 2003
Location: Canada
Quote:
Originally Posted by Morshu9001 View Post
But why the heck is Minecraft made in Java?
[COLOR="#808080"]

It's inefficient and buggy; it should only be used in small web apps.[COLOR="#808080"]
Actually, IMO, Java is absolutely not ideal for small webapps, other languages, such as Python ( with many choices of web app frameworks ) and Ruby on rails are far less heavy weight and generally more efficient to develop in.

Minecraft - Java is absolutely their choice of language and does the job well, and given it is multi-platform on the desktop.
__________________
Hardware / Software: The right tools for the job - be it Apple or otherwise.

Last edited by Stella; Jan 11, 2013 at 10:26 PM.
Stella is offline   0 Reply With Quote
Old Jan 11, 2013, 10:06 PM   #136
richard371
macrumors 65816
 
Join Date: Feb 2008
Any safe workaround fro accessing SSLVPN?

Any safe workaround fro accessing SSLVPN?

Thanks
richard371 is offline   0 Reply With Quote
Old Jan 11, 2013, 10:46 PM   #137
Morshu9001
Banned
 
Join Date: Dec 2012
Location: the capital of Assyria
Quote:
Originally Posted by Stella View Post
Minecraft - Java is absolutely their choice of language and does the job well, and given it is multi-platform on the desktop.
Does the job well? Yeah it works, but it uses way too much RAM and CPU. You need a good computer to play it without turning the settings all the way down and still having it lag. That's where all the "90s graphics, 2012 computer" jokes come from.

They've made an XBOX 360 version that is probably C++ and an iOS version that must be Objective C.
Morshu9001 is offline   0 Reply With Quote
Old Jan 11, 2013, 11:31 PM   #138
Morshu9001
Banned
 
Join Date: Dec 2012
Location: the capital of Assyria
"Java 7 Plugin"
I'm assuming this means the browser plugin. The article should specifically say that.
Morshu9001 is offline   0 Reply With Quote
Old Jan 11, 2013, 11:55 PM   #139
Eric5h5
macrumors 68020
 
Join Date: Dec 2004
Quote:
Originally Posted by Morshu9001 View Post
They've made an XBOX 360 version that is probably C++ and an iOS version that must be Objective C.
The iOS version is C++.

--Eric
Eric5h5 is offline   0 Reply With Quote
Old Jan 11, 2013, 11:57 PM   #140
dderusha
macrumors newbie
 
Join Date: Jan 2013
Fixed my SSL VPN

File Location
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/
File
XProtect.meta.plist

I opened terminal and entered

cat /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

it showed me that the file was updated last night. I went into time machine and restored the whole CoreTypes.bundle

rebooted and I could use safari to VPN again.
my file looks like this

<?xml version=“1.0” encoding=“UTF-8”?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=“1.0”>
<dict>
<key>LastModification</key>
<string>Fri, 14 Dec 2012 23:29:22 GMT</string>
<key>PlugInBlacklist</key>
<dict>
<key>10</key>
<dict>
<key>com.macromedia.Flash Player.plugin</key>
<dict>
<key>MinimumPlugInBundleVersion</key>
<string>11.3.300.271</string>
</dict>
<key>com.oracle.java.JavaAppletPlugin</key>
<dict>
<key>BlockedPlugInBundleVersions</key>
<array>
<string>1.7.06.24</string>
</array>
</dict>
</dict>
</dict>
<key>Version</key>
<integer>2026</integer>
</dict>
</plist>

From terminal

java -version

returns

java version "1.6.0_35"
Java(TM) SE Runtime Environment (build 1.6.0_35-b10-428-11M3811)
Java HotSpot(TM) 64-Bit Server VM (build 20.10-b01-428, mixed mode)

Running OS 10.8.2

I've attached the plist
Attached Files
File Type: zip XProtect.meta.plist.zip (550 Bytes, 7 views)
dderusha is offline   0 Reply With Quote
Old Jan 12, 2013, 12:13 AM   #141
a0me
macrumors 6502a
 
Join Date: Oct 2006
Location: Tokyo, Japan
1. Open Terminal
2. sudo /usr/libexec/java_home
3. ???
4. Profit!
__________________
iMac 24"; MacBook Pro 15"; iPhone 4; iPhone 5s; iPod touch; tv
a0me is offline   0 Reply With Quote
Old Jan 12, 2013, 01:32 AM   #142
grahamperrin
macrumors 68000
 
grahamperrin's Avatar
 
Join Date: Jun 2007
Location: not in Kansas anymore.
/System

Quote:
Originally Posted by dderusha View Post
… restored the whole CoreTypes.bundle …
No!

/System resources are provided by Apple and and must not be modified.

Please never promote modifications to the system domain.

Readers, please ignore the file and method provided by dderusha.

If you have an immediate requirement to run a Java applet, either:
  1. try a browser that does not respect Apple XProtect; or
  2. for browsers that work with XProtect, consider the workaround above.

Last edited by grahamperrin; Jan 12, 2013 at 01:48 AM.
grahamperrin is offline   1 Reply With Quote
Old Jan 12, 2013, 02:33 AM   #143
gonzalezz
macrumors newbie
 
Join Date: Jan 2013
terminal version

Hi,

thx for this confirmation, was fighting my laptop yesterday and went to sleep with a headache. Great workaround!

Firefox was showing me my java 7 version and my terminal java 6. After installating the 7 JDK my terminal was also showing 7; but no luck.

Cheers,
gonzalezz is offline   0 Reply With Quote
Old Jan 12, 2013, 02:33 AM   #144
123
macrumors 6502
 
Join Date: Mar 2002
Quote:
Originally Posted by camnchar View Post
Seriously? From a programmer's perspective: http://tech.jonathangardner.net/wiki/Why_Java_Sucks
"Programmer"? Seriously? This idiot doesn't even know the language.
123 is offline   3 Reply With Quote
Old Jan 12, 2013, 03:09 AM   #145
Mr. Retrofire
macrumors 601
 
Mr. Retrofire's Avatar
 
Join Date: Mar 2010
Location: www.emiliana.cl
Quote:
Originally Posted by hayesk View Post
Slow, buggy, insecure, poor UI frameworks.
Java is a good language. Java programs can run on any platform. And the security is not the problem of the language. And regarding the reaction time of the GUI: Under Windows XP (and newer) the Java GUI is pretty fast.
__________________

“Only the dead have seen the end of the war.”
-- Plato --
Mr. Retrofire is offline   1 Reply With Quote
Old Jan 12, 2013, 05:17 AM   #146
jafingi
macrumors 65816
 
jafingi's Avatar
 
Join Date: Apr 2009
Location: Denmark
In Denmark we have NemID which is a security measure / digital signature. We use it to log into public sites (tax, citizen info), web bank, and also gambling/betting websites in Denmark use it for login.

Problem is: NemID uses java plugin for the login!!? How the f will I be able to submit my annual tax return? Check/buy lottery tickets? Pay my bills?
__________________
Late-2013 15" rMBP (2GHz, 16GB DDR3, 256GB SSD, Iris Pro) iPhone 5 16GB iPad Mini 16GB WiFi iPad 2 16GB WiFi + a lot of old Apple stuff
jafingi is offline   2 Reply With Quote
Old Jan 12, 2013, 06:19 AM   #147
Mr.damien
Guest
 
Quote:
Originally Posted by Stella View Post
"Java is slow" is inaccurate today and has been for a long time.
Repeating the same sentence forever without any facts.

Yeah, Java is so good that it's used - as planned - by everybody, everywhere and it killed all other languages. Wait...
  0 Reply With Quote
Old Jan 12, 2013, 07:05 AM   #148
Reason077
macrumors 65816
 
Join Date: Aug 2007
Quote:
Originally Posted by xionxiox View Post
Java is the worst thing ever. Always buggy and slow. Oracle doesn't give a damn about Macs.
Correction: Java Plug-In is the worst thing ever

----------

Quote:
Originally Posted by Stella View Post
Actually, IMO, Java is absolutely not ideal for small webapps, other languages, such as Python ( with many choices of web app frameworks ) and Ruby on rails are far less heavy weight and generally more efficient to develop in.
Server-side Java performs far better than either Python or Ruby. A well written Java web app will scale much better - handling more traffic with less server resources - than one written in Python or Ruby.

In fact, for a long time the fastest implementations of both Python and Ruby were the variants that ran on top of the Java VM (Jython / JRuby).

Java is "heavyweight" only in the sense that most cheap shared web hosting environments don't include Java (the standard VM isn't really designed for such shared environments), so you need your own virtual server where you can install your own Java VM, or use something like Google App Engine.

----------

Quote:
Originally Posted by Morshu9001 View Post
That's just Eclipse. It sucks!!! One of the worst things that happens is when it fails to acknowledge that certain files that I need exist, but I can't drag them in because they already "exist". In truth, they DO exist, but it can't see them and use them as resources for my code.
Click on the folder that contains the "missing" files and press F5 to refresh it.
Reason077 is offline   0 Reply With Quote
Old Jan 12, 2013, 07:17 AM   #149
Stella
macrumors 603
 
Stella's Avatar
 
Join Date: Apr 2003
Location: Canada
Quote:
Originally Posted by Mr.damien View Post
Repeating the same sentence forever without any facts.

Yeah, Java is so good that it's used - as planned - by everybody, everywhere and it killed all other languages. Wait...
My facts that Java isn't slow? Personal and industry observations - Java performs suitably well. In short.


Quote:
Originally Posted by Reason077 View Post
Server-side Java performs far better than either Python or Ruby. A well written Java web app will scale much better - handling more traffic with less server resources - than one written in Python or Ruby.

In fact, for a long time the fastest implementations of both Python and Ruby were the variants that ran on top of the Java VM (Jython / JRuby).

Java is "heavyweight" only in the sense that most cheap shared web hosting environments don't include Java (the standard VM isn't really designed for such shared environments), so you need your own virtual server where you can install your own Java VM, or use something like Google App Engine.[COLOR="#808080"]
I agree a Java server side app will scale well, but should you use Java every time? Depends what you are doing ultimately . I like said previously, I've seen many companies using Java when it hasn't been necessary, other languages would have suited them better for many reasons. Two of them being - and I'll take Python and Ruby as example - building the solution in these would have lead to much shorter development times, far less complexity and still would have provided the necessary performance that they require for now and the future. These companies have the skill set in house to use something else other than Java.
__________________
Hardware / Software: The right tools for the job - be it Apple or otherwise.

Last edited by Stella; Jan 12, 2013 at 07:49 AM.
Stella is offline   1 Reply With Quote
Old Jan 12, 2013, 07:28 AM   #150
newagemac
macrumors 68000
 
Join Date: Mar 2010
Quote:
Originally Posted by dilbert99 View Post
Not a very good article, points out many insignificant points and some inaccuracies.
Not a very good post. Didn't point out anything specific at all.
newagemac is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Releases New Java 6 Updates With Enhanced Security, Uninstalls Apple-Provided Java Applet Plug-in MacRumors Mac Blog Discussion 49 Oct 22, 2013 10:58 AM
Apple Releases Safari and Java Updates With Plug-In and Security Improvements MacRumors MacRumors.com News Discussion 77 Apr 23, 2013 04:09 PM
Apple Once Again Blocks Java 7 Web Plug-in MacRumors MacRumors.com News Discussion 151 Mar 29, 2013 12:56 PM
Oracle Releases Java 7 Update 13 to Address Security Issues, Reenable Web Plug-in on OS X MacRumors MacRumors.com News Discussion 134 Feb 17, 2013 01:40 PM
Oracle Updates Java 7 to Address Security Vulnerability MacRumors MacRumors.com News Discussion 72 Jan 19, 2013 12:00 PM

Forum Jump

All times are GMT -5. The time now is 11:38 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC