or Connect
AppleInsider › Forums › Software › Mac OS X › Security firm warns of Java vulnerability in Mac OS X
New Posts  All Forums:Forum Nav:

Security firm warns of Java vulnerability in Mac OS X - Page 2

post #41 of 55
Quote:
Originally Posted by iPilya View Post

Java is evil and ugly on any OS since it never actually gives an OS integrated experience. That is IMHO one of its greatest downfalls.

wow, that must be why the NeoOffice guys use java for the GUI right?

seriously, how can anyone "love" or "hate" java? It's a f*king programming language for god's sake
post #42 of 55
Quote:
Originally Posted by MacTripper View Post

<begin rant, don't take it personally>
...
The flogging will continue until the security improves!

<end rant and flogging>

a: why would I ever take anything said on the internet personally?
b: apparently OSX security instantly improved between your last sentence and your closing tags, or you're too lazy to keep flogging. Either way, my point still stands...

And seeing noone has confirmed how much Snow Leopard will cost when it's finally replaced, Apple could simply make it a real upgrade and charge $25. That would sound like a deal to me. But we'll just have to wait another 2.5 weeks to find all this out now won't we?
post #43 of 55
Apple's focus on Java has been centered around WebObjects and it's feature set.

That's it.
post #44 of 55
Apple doesn't care about Mac people

iPod nano 5th Gen 8GB Orange, iPad 3rd Gen WiFi 32GB White
MacBook Pro 15" Core i7 2.66GHz 8GB RAM 120GB Intel 320M
Mac mini Core 2 Duo 2.4GHz 8GB RAM, iPhone 5 32GB Black

Reply

iPod nano 5th Gen 8GB Orange, iPad 3rd Gen WiFi 32GB White
MacBook Pro 15" Core i7 2.66GHz 8GB RAM 120GB Intel 320M
Mac mini Core 2 Duo 2.4GHz 8GB RAM, iPhone 5 32GB Black

Reply
post #45 of 55
It "might" fix the vulnerability.
post #46 of 55
Quote:
Originally Posted by lakorai View Post

The issue with Java on the Mac wouldn't surprise me as the Mac version of Java is FAR behind the windows version (no JavaFX support yet, Apple is still on J2SE, version 5.x, when Windows, Linux and Solaris has had Java 6.x for quite a while now). Apple barely updates Java for Mac; they don't seem to be on top of it. They seem to update certain technologies only when they really feel like it.

I doubled checked and found a news release from 2008/05/01 titled "Java 6 on Mac. Worst release ever" which starts out "Yesterday Apple finally released Java 6 for Mac OS 10.5.2"

On apple's own website Java for Mac OS X 10.5 Update 2 (September 24, 2008):

"Java for Mac OS X 10.5 Update 2 delivers improved reliability and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.4 and later. The release updates Java SE 6 to version 1.6.0_07, J2SE 5.0 to version 1.5.0_16, and J2SE 1.4.2 to 1.4.2_18. "

I even found an article called "Installing Java 6 on Mac OS X" March 30, 2008

Java 6 has been available for the mac since March 30, 2008, from Apple since May 1, 2008 and got an update from Apple September 24, 2008. Mind telling us what cave you have been in for the last YEAR?
post #47 of 55
Quote:
Originally Posted by Virgil-TB2 View Post

Other than Apple's mistake in not turning off Java in the browser with 10.5.7 I just don't see a big security issue here at all.

You mean other than applets being able to execute arbitrary code with user rights outside the sandbox (e.g. rm -rf $HOME) and Apple being unable to push the fix to their users *despite* Sun having fixed that particular exploit half a year (!) ago?

Your utter and unquestionable believe in Apple never ceases to amaze me.

Reminds me: Weren't you the one who claimed Safari 3/4 would be TEH BESTEST AND SECURIEST browser ever before Chrome came out as the only unexploited browser in the Pwn2own contest?
post #48 of 55
Chrome came out as the only unexploited browser

Duh, there is no Mac version and it's very brand new.

Nobody has had the chance to exploit it yet.
The danger is that we sleepwalk into a world where cabals of corporations control not only the mainstream devices and the software on them, but also the entire ecosystem of online services around...
Reply
The danger is that we sleepwalk into a world where cabals of corporations control not only the mainstream devices and the software on them, but also the entire ecosystem of online services around...
Reply
post #49 of 55
The problem must've been filed in Steve's in-tray!
post #50 of 55
Quote:
Originally Posted by Hiro View Post

Sorry, I don't have knowledge of that.

I might guess though that Webkit is optimized for browser rendering of HTML and HTML interactions. But WebObjects began its design at Next for industrial strength internet commerce using the same OO-design principles as NextStep (remember the design actually started before the web was popular at all, the internet was still wild-west lack of standards).

If WebObjects was all done all over again from scratch I would think it would become AJAX related, but still integrated in a very NextStep/Cocoa manner. Then WebKit would become very useful.

Wrong, Wrong, Wrong.

WebObjects 1.0 arrived after Openstep. WOF 2.0 was the first official free release. WOF 3.0 was when WEBMANIA at Moscone Center occured and the pricing for Fre, Small Business and Enterprise tiers were delivered.

Versions:
  • Webobjects
  • WebObjects Pro
  • WebObjects Enterprise

Java was at the Client-side along with Javascript just when it was finalizing it's first version. NeXT added compiled Java for WOF 3.1 to work for interfaces to interact with Objective-C on the WOF AppServer side.

Sun clearly wanted that server-side and during the Apple merger no one was manning the ship and driving WOF. They moved to Java throughout and the rest it history--the once king of enterprise app server platforms is now a niche platform.

Steve even commented on the name change from NeXT Computers Inc, to NeXT Software Inc.

It was a good conference. It wasn't as cool as the NeXTSTEP EXPOs but still cool.

FLASH FORWARD:

If WOF 6 were to drop Java they would restore it's rightful Objective-C/Cocoa [Openstep actually] foundation.

They'd use AJAX for their DirectToWeb bridge with Objective-C and thus reinstill WebScript as an AJAX ready scripting language for WOF 6.0. jQuery, Prototype, Objective-J and the rest would work without hindrance and Apple would most likely promote that by making them accessible via IB interfaces, thus making much of the Client-side Web interfacing easy for customers.

Enterprise Objects Framework would be restored at EOF 5 and not some Core Data version that is EOF Lite.

They'd most certainly write EOAdaptors for Oracle, PostgreSQL, Sybase, MySQL, SQLite and DB2, while offering an API so people can write a SQL Server EOAdaptor while not being officially supported [expect such a business move] and then they could extend WebScript to make sure it uses the WebKit Javascript Engine, WebKit backend for all it's capabilities, while extending APIs for companies to leverage XML/XSL/XSLT, XPath, XIncludes and more.

They should do this and make their backend for WOF 6 be a key backend for the iPhone/iTouch platform.

Instead of worrying about Java they'd give Cocoa devs more reach to write interactive backends and front ends for clients wanting iPhone/Mac platform enterprise integration.
post #51 of 55
Apple is to blame for this one. They need to address it quickly.
Most of us employ the Internet not to seek the best information, but rather to select information that confirms our prejudices. - Nicholas D. Kristof
Reply
Most of us employ the Internet not to seek the best information, but rather to select information that confirms our prejudices. - Nicholas D. Kristof
Reply
post #52 of 55
Quote:
Originally Posted by MacTripper View Post

Chrome came out as the only unexploited browser

Duh, there is no Mac version and it's very brand new.

Nobody has had the chance to exploit it yet.

And? Safari was hacked on all officially supported platforms, both the stable as well as the beta version. It actually adds to the indignity that Chrome was able to stay unvanquished on a platform Apple fans touted as being the far less secure one (which we now know is bollocks but that's another story).
post #53 of 55
Apple has a new developer preview of Java for 10.5 update 4 on their dev site but seemingly still no fix for the current issue we all face.

It also looks like they pulled the discussion thread on the discussions forums also.
post #54 of 55
Quote:
Originally Posted by Hiro View Post

No. Sun doesn't support Java on Macs. Sun reluctantly wrote the JVM for windows because MS wouldn't license it. No windows JVM, no Java.

Sun didn't support the Linux JVM until very recently, it used to be a open source reverse engineering project called Blackdown. Reverse engineered to avoid the licensing fees Sun imposes on packaging a JVM into an operating system. But when Sun decided to start open sourcing and growing closer to IBM with it's Apache ecosystem, they took the Blackdown JVM in-house and support it out of business survival motivation.

Apple and the mobile OS providers actually have to pay Sun for the right to write a JVM. That is because Apple and the mobile OS providers aren't big enough business-wise to force Sun to play for free as business survival, the opposite is partially true.

Given that Java has been GPL for a couple years "very recently" is probably not the adjective I would have used. There have been many 3rd party JVMs and only if you want Sun's source code license do you pay. IBM didn't have to pay to develop J9 not did BEA pay to develop JRockit AFAIK.

Blackdown wasn't a reverse engineering effort but a port of Sun's JVM with Sun's permission. J9 from IBM is a clean room JVM implementation. Apache Harmony has significant IBM and Intel contributions but is an Apache project and also clean room.

Apple's old JVM was made by Symantec but has maintained their own Hotspot port since OSX. Java development on the Mac is either really great (great LAF) or really sucky (non-64bit Intel processor).

Sun always supported Java on Windows given that MS had all the marketshare. They just didn't want MS to muddy the waters with an incompatible "Java". Good thing given that Java is IMHO an inferior desktop development language in comparison to C#/.NET/WPF although I'd rank J2EE above .ASP development.
post #55 of 55
Quote:
Originally Posted by Maximara View Post

Java 6 has been available for the mac since March 30, 2008, from Apple since May 1, 2008 and got an update from Apple September 24, 2008. Mind telling us what cave you have been in for the last YEAR?

The same cave I'm in with a rev A MBP. In that 32 bit cave without java 6. Actually, I do play a bit with my new mini but my primary java dev environment is windows.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Security firm warns of Java vulnerability in Mac OS X