The flogging will continue until the security improves!
<end rant and flogging>
a: why would I ever take anything said on the internet personally?
b: apparently OSX security instantly improved between your last sentence and your closing tags, or you're too lazy to keep flogging. Either way, my point still stands...
And seeing noone has confirmed how much Snow Leopard will cost when it's finally replaced, Apple could simply make it a real upgrade and charge $25. That would sound like a deal to me. But we'll just have to wait another 2.5 weeks to find all this out now won't we?
The issue with Java on the Mac wouldn't surprise me as the Mac version of Java is FAR behind the windows version (no JavaFX support yet, Apple is still on J2SE, version 5.x, when Windows, Linux and Solaris has had Java 6.x for quite a while now). Apple barely updates Java for Mac; they don't seem to be on top of it. They seem to update certain technologies only when they really feel like it.
I doubled checked and found a news release from 2008/05/01 titled "Java 6 on Mac. Worst release ever" which starts out "Yesterday Apple finally released Java 6 for Mac OS 10.5.2"
On apple's own website Java for Mac OS X 10.5 Update 2 (September 24, 2008):
"Java for Mac OS X 10.5 Update 2 delivers improved reliability and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.4 and later. The release updates Java SE 6 to version 1.6.0_07, J2SE 5.0 to version 1.5.0_16, and J2SE 1.4.2 to 1.4.2_18. "
I even found an article called "Installing Java 6 on Mac OS X" March 30, 2008
Java 6 has been available for the mac since March 30, 2008, from Apple since May 1, 2008 and got an update from Apple September 24, 2008. Mind telling us what cave you have been in for the last YEAR?
Other than Apple's mistake in not turning off Java in the browser with 10.5.7 I just don't see a big security issue here at all.
You mean other than applets being able to execute arbitrary code with user rights outside the sandbox (e.g. rm -rf $HOME) and Apple being unable to push the fix to their users *despite* Sun having fixed that particular exploit half a year (!) ago?
Your utter and unquestionable believe in Apple never ceases to amaze me.
Reminds me: Weren't you the one who claimed Safari 3/4 would be TEH BESTEST AND SECURIEST browser ever before Chrome came out as the only unexploited browser in the Pwn2own contest?
I might guess though that Webkit is optimized for browser rendering of HTML and HTML interactions. But WebObjects began its design at Next for industrial strength internet commerce using the same OO-design principles as NextStep (remember the design actually started before the web was popular at all, the internet was still wild-west lack of standards).
If WebObjects was all done all over again from scratch I would think it would become AJAX related, but still integrated in a very NextStep/Cocoa manner. Then WebKit would become very useful.
Wrong, Wrong, Wrong.
WebObjects 1.0 arrived after Openstep. WOF 2.0 was the first official free release. WOF 3.0 was when WEBMANIA at Moscone Center occured and the pricing for Fre, Small Business and Enterprise tiers were delivered.
Versions:
Webobjects
WebObjects Pro
WebObjects Enterprise
Java was at the Client-side along with Javascript just when it was finalizing it's first version. NeXT added compiled Java for WOF 3.1 to work for interfaces to interact with Objective-C on the WOF AppServer side.
Sun clearly wanted that server-side and during the Apple merger no one was manning the ship and driving WOF. They moved to Java throughout and the rest it history--the once king of enterprise app server platforms is now a niche platform.
Steve even commented on the name change from NeXT Computers Inc, to NeXT Software Inc.
It was a good conference. It wasn't as cool as the NeXTSTEP EXPOs but still cool.
FLASH FORWARD:
If WOF 6 were to drop Java they would restore it's rightful Objective-C/Cocoa [Openstep actually] foundation.
They'd use AJAX for their DirectToWeb bridge with Objective-C and thus reinstill WebScript as an AJAX ready scripting language for WOF 6.0. jQuery, Prototype, Objective-J and the rest would work without hindrance and Apple would most likely promote that by making them accessible via IB interfaces, thus making much of the Client-side Web interfacing easy for customers.
Enterprise Objects Framework would be restored at EOF 5 and not some Core Data version that is EOF Lite.
They'd most certainly write EOAdaptors for Oracle, PostgreSQL, Sybase, MySQL, SQLite and DB2, while offering an API so people can write a SQL Server EOAdaptor while not being officially supported [expect such a business move] and then they could extend WebScript to make sure it uses the WebKit Javascript Engine, WebKit backend for all it's capabilities, while extending APIs for companies to leverage XML/XSL/XSLT, XPath, XIncludes and more.
They should do this and make their backend for WOF 6 be a key backend for the iPhone/iTouch platform.
Instead of worrying about Java they'd give Cocoa devs more reach to write interactive backends and front ends for clients wanting iPhone/Mac platform enterprise integration.
Duh, there is no Mac version and it's very brand new.
Nobody has had the chance to exploit it yet.
And? Safari was hacked on all officially supported platforms, both the stable as well as the beta version. It actually adds to the indignity that Chrome was able to stay unvanquished on a platform Apple fans touted as being the far less secure one (which we now know is bollocks but that's another story).
No. Sun doesn't support Java on Macs. Sun reluctantly wrote the JVM for windows because MS wouldn't license it. No windows JVM, no Java.
Sun didn't support the Linux JVM until very recently, it used to be a open source reverse engineering project called Blackdown. Reverse engineered to avoid the licensing fees Sun imposes on packaging a JVM into an operating system. But when Sun decided to start open sourcing and growing closer to IBM with it's Apache ecosystem, they took the Blackdown JVM in-house and support it out of business survival motivation.
Apple and the mobile OS providers actually have to pay Sun for the right to write a JVM. That is because Apple and the mobile OS providers aren't big enough business-wise to force Sun to play for free as business survival, the opposite is partially true.
Given that Java has been GPL for a couple years "very recently" is probably not the adjective I would have used. There have been many 3rd party JVMs and only if you want Sun's source code license do you pay. IBM didn't have to pay to develop J9 not did BEA pay to develop JRockit AFAIK.
Blackdown wasn't a reverse engineering effort but a port of Sun's JVM with Sun's permission. J9 from IBM is a clean room JVM implementation. Apache Harmony has significant IBM and Intel contributions but is an Apache project and also clean room.
Apple's old JVM was made by Symantec but has maintained their own Hotspot port since OSX. Java development on the Mac is either really great (great LAF) or really sucky (non-64bit Intel processor).
Sun always supported Java on Windows given that MS had all the marketshare. They just didn't want MS to muddy the waters with an incompatible "Java". Good thing given that Java is IMHO an inferior desktop development language in comparison to C#/.NET/WPF although I'd rank J2EE above .ASP development.
Java 6 has been available for the mac since March 30, 2008, from Apple since May 1, 2008 and got an update from Apple September 24, 2008. Mind telling us what cave you have been in for the last YEAR?
The same cave I'm in with a rev A MBP. In that 32 bit cave without java 6. Actually, I do play a bit with my new mini but my primary java dev environment is windows.
Comments
<begin rant, don't take it personally>
...
The flogging will continue until the security improves!
<end rant and flogging>
a: why would I ever take anything said on the internet personally?
b: apparently OSX security instantly improved between your last sentence and your closing tags, or you're too lazy to keep flogging. Either way, my point still stands...
And seeing noone has confirmed how much Snow Leopard will cost when it's finally replaced, Apple could simply make it a real upgrade and charge $25. That would sound like a deal to me. But we'll just have to wait another 2.5 weeks to find all this out now won't we?
That's it.
The issue with Java on the Mac wouldn't surprise me as the Mac version of Java is FAR behind the windows version (no JavaFX support yet, Apple is still on J2SE, version 5.x, when Windows, Linux and Solaris has had Java 6.x for quite a while now). Apple barely updates Java for Mac; they don't seem to be on top of it. They seem to update certain technologies only when they really feel like it.
I doubled checked and found a news release from 2008/05/01 titled "Java 6 on Mac. Worst release ever" which starts out "Yesterday Apple finally released Java 6 for Mac OS 10.5.2"
On apple's own website Java for Mac OS X 10.5 Update 2 (September 24, 2008):
"Java for Mac OS X 10.5 Update 2 delivers improved reliability and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.4 and later. The release updates Java SE 6 to version 1.6.0_07, J2SE 5.0 to version 1.5.0_16, and J2SE 1.4.2 to 1.4.2_18. "
I even found an article called "Installing Java 6 on Mac OS X" March 30, 2008
Java 6 has been available for the mac since March 30, 2008, from Apple since May 1, 2008 and got an update from Apple September 24, 2008. Mind telling us what cave you have been in for the last YEAR?
Other than Apple's mistake in not turning off Java in the browser with 10.5.7 I just don't see a big security issue here at all.
You mean other than applets being able to execute arbitrary code with user rights outside the sandbox (e.g. rm -rf $HOME) and Apple being unable to push the fix to their users *despite* Sun having fixed that particular exploit half a year (!) ago?
Your utter and unquestionable believe in Apple never ceases to amaze me.
Reminds me: Weren't you the one who claimed Safari 3/4 would be TEH BESTEST AND SECURIEST browser ever before Chrome came out as the only unexploited browser in the Pwn2own contest?
Duh, there is no Mac version and it's very brand new.
Nobody has had the chance to exploit it yet.
Sorry, I don't have knowledge of that.
I might guess though that Webkit is optimized for browser rendering of HTML and HTML interactions. But WebObjects began its design at Next for industrial strength internet commerce using the same OO-design principles as NextStep (remember the design actually started before the web was popular at all, the internet was still wild-west lack of standards).
If WebObjects was all done all over again from scratch I would think it would become AJAX related, but still integrated in a very NextStep/Cocoa manner. Then WebKit would become very useful.
Wrong, Wrong, Wrong.
WebObjects 1.0 arrived after Openstep. WOF 2.0 was the first official free release. WOF 3.0 was when WEBMANIA at Moscone Center occured and the pricing for Fre, Small Business and Enterprise tiers were delivered.
Versions:
- Webobjects
- WebObjects Pro
- WebObjects Enterprise
Java was at the Client-side along with Javascript just when it was finalizing it's first version. NeXT added compiled Java for WOF 3.1 to work for interfaces to interact with Objective-C on the WOF AppServer side.Sun clearly wanted that server-side and during the Apple merger no one was manning the ship and driving WOF. They moved to Java throughout and the rest it history--the once king of enterprise app server platforms is now a niche platform.
Steve even commented on the name change from NeXT Computers Inc, to NeXT Software Inc.
It was a good conference. It wasn't as cool as the NeXTSTEP EXPOs but still cool.
FLASH FORWARD:
If WOF 6 were to drop Java they would restore it's rightful Objective-C/Cocoa [Openstep actually] foundation.
They'd use AJAX for their DirectToWeb bridge with Objective-C and thus reinstill WebScript as an AJAX ready scripting language for WOF 6.0. jQuery, Prototype, Objective-J and the rest would work without hindrance and Apple would most likely promote that by making them accessible via IB interfaces, thus making much of the Client-side Web interfacing easy for customers.
Enterprise Objects Framework would be restored at EOF 5 and not some Core Data version that is EOF Lite.
They'd most certainly write EOAdaptors for Oracle, PostgreSQL, Sybase, MySQL, SQLite and DB2, while offering an API so people can write a SQL Server EOAdaptor while not being officially supported [expect such a business move] and then they could extend WebScript to make sure it uses the WebKit Javascript Engine, WebKit backend for all it's capabilities, while extending APIs for companies to leverage XML/XSL/XSLT, XPath, XIncludes and more.
They should do this and make their backend for WOF 6 be a key backend for the iPhone/iTouch platform.
Instead of worrying about Java they'd give Cocoa devs more reach to write interactive backends and front ends for clients wanting iPhone/Mac platform enterprise integration.
Chrome came out as the only unexploited browser
Duh, there is no Mac version and it's very brand new.
Nobody has had the chance to exploit it yet.
And? Safari was hacked on all officially supported platforms, both the stable as well as the beta version. It actually adds to the indignity that Chrome was able to stay unvanquished on a platform Apple fans touted as being the far less secure one (which we now know is bollocks but that's another story).
It also looks like they pulled the discussion thread on the discussions forums also.
No. Sun doesn't support Java on Macs. Sun reluctantly wrote the JVM for windows because MS wouldn't license it. No windows JVM, no Java.
Sun didn't support the Linux JVM until very recently, it used to be a open source reverse engineering project called Blackdown. Reverse engineered to avoid the licensing fees Sun imposes on packaging a JVM into an operating system. But when Sun decided to start open sourcing and growing closer to IBM with it's Apache ecosystem, they took the Blackdown JVM in-house and support it out of business survival motivation.
Apple and the mobile OS providers actually have to pay Sun for the right to write a JVM. That is because Apple and the mobile OS providers aren't big enough business-wise to force Sun to play for free as business survival, the opposite is partially true.
Given that Java has been GPL for a couple years "very recently" is probably not the adjective I would have used. There have been many 3rd party JVMs and only if you want Sun's source code license do you pay. IBM didn't have to pay to develop J9 not did BEA pay to develop JRockit AFAIK.
Blackdown wasn't a reverse engineering effort but a port of Sun's JVM with Sun's permission. J9 from IBM is a clean room JVM implementation. Apache Harmony has significant IBM and Intel contributions but is an Apache project and also clean room.
Apple's old JVM was made by Symantec but has maintained their own Hotspot port since OSX. Java development on the Mac is either really great (great LAF) or really sucky (non-64bit Intel processor).
Sun always supported Java on Windows given that MS had all the marketshare. They just didn't want MS to muddy the waters with an incompatible "Java". Good thing given that Java is IMHO an inferior desktop development language in comparison to C#/.NET/WPF although I'd rank J2EE above .ASP development.
Java 6 has been available for the mac since March 30, 2008, from Apple since May 1, 2008 and got an update from Apple September 24, 2008. Mind telling us what cave you have been in for the last YEAR?
The same cave I'm in with a rev A MBP. In that 32 bit cave without java 6. Actually, I do play a bit with my new mini but my primary java dev environment is windows.