Bitcoin Forum

http://www.nbclosangeles.com/news/local/US-Government-Department-of-Homeland-Security-Tells-Computer-Users-to-Disable-Java-186580121.html


I'm ignorant on stuff like this, but deemed it important for the community.

NITE, ALL! (for real this time)

I never run Chrome with Java or other plugins active.

Interesting they only mention disabling it on computers - I'm pretty sure many late model phones use Java too.

Chrome disable instructions
Open Chrome and type chrome://plugins into the location bar.
Click Disable underneath the Java plugin.

Firefox disable instructions
Open Firefox and click the Firefox button -> Add-ons (Tools -> Add-ons in Linux, OS X and Windows XP).
Choose the Plugins tab.
Select the Java plugin(s) and click disable.

Internet Explorer disable instructions
http://nakedsecurity.sophos.com/how-to-disable-java-internet-explorer/ (http://nakedsecurity.sophos.com/how-to-disable-java-internet-explorer/)

Oracle's JRE is terrible. Security vulnerabilities are found all the time. Someone should write a more secure replacement. Flash, too.

Flash is a lot safer than Java. Adobe needs:

1) multithread it, add some highly requested features by devs
2) squeeze out more performance out of the vm
3) open source a lot of the code, so foss people feel happy and don't scramble to HTML5

But java is notoriously insecure. Most people probably would've uninstalled Java if not for Minecraft.

Won't that cause me to not be able to view YouTube videos?

I don't hear that often that java was compromised on the server side. Yea, when my browser tries to run an applet, it bitches first - do you really want to run this applet... Then simply gives up since Chrome on OSX wont work with 64 bit java.

With HTML5 you don't need applets, kill them already.

Doesn't work on the phone or the server (i dont think phones run applets) It's exploits targeting the sandbox of the browser, by breaking out with a class loader attack.

You may be confusing Javascript with Java applets. Even Flash is not required for all youtube videos (but it is for many), just enable html5 at https://www.youtube.com/html5
 

I do not think Oracle will ever get rid of issues like the last one.
Java is an interpreted language and the bottom line is this.

Program is modified at run-time in an interpreted language.

This is a backdoor in itself. For security/privacy sake do not use anything Java.

To me, Java is a language to explain programming concepts and not something to back serious infrastructure like the internet.

The whole interoperability argument is wrong. There are many reasons why.
Coders are just not proficient enough to make ports of their software written in compiled language to different places probably because they do not understand what coding really is.

Java is just a modern day buzz word.

https://bitcointalk.org/index.php?topic=135819.0

What about minecraft? What about my house?
I have several Klein Stars fully loaded with EMC - it seems so unfair.

Okay, clever software developer, you...
 
Of course, you know that compiled languages generate machine code from source. Java does not do that.
Java "compiler" (clearly a misnomer) makes bytecode which then is processed in the JRE before it goes into the CPU. This JRE step is what make JAVA an interpreted language.

Why do you get so offended when people say the right thing?

One cannot avoid java in the corporate world.... Slowly tho it is changing.

JVM is using JIT to generate "machine" code on the fly, go enable the interpreter. JIT code is even better than static compiling like C++. Duh. Even damn processors don't even use the machines code directly, they translate it right away and optimize it.

Java is very close to the performance of C++, in some things java is MUCH faster.

So basically you no fucking clue what you talk about.

JRE? May you meant JVM? Yea, clueless.

1. My argument is not about performance. My argument is about Java's security. Why would you take performance over security in a networked world?
2. JVM is a part of JRE (Java Runtime Environment) - just so you know...

Now, imagine a scenario in which a PC runs 10 network/non-network applications written in C and a PC that runs 10 network/non-network applications written in Java.

A hacker only has to breach the java machine once and he can get access to all applications.
On contrary though, a hacker has to breach 10 applications on a C machine.

In reality, Java does not have anything to offer the world besides the " possibly hyped up" JVM. Java is good for learning programming.

Are you saying that Java is insecure or the browser's sandbox? Java was never designed to run within a browser, it's like running a C++ application in a browser. Java applets are horrible, kill these. Java/JVM are awesome.




it's also part of Scala, JRuby and etc. And they don't include JRE. Just so you know.... They use JRE name, so because you know it doesn't include any development stuff, like JDK... Duh.


Huh? I think you have no idea what you're talking about. Java is one the best languages out there, C# may be slight better designed. But it doesn't run on 100 platforms. And these securities issues, wasn't just a bitcoin site hacked because of Ruby on Rails? And the best online wallet runs on Java??? LOL.



Java was always faster than C in network handling code. That's because there is no centralized network handling library like in Java.



LOL I don't know what you just wrote. In C/Java you just need breach one layer, it's called "uid 0"

Keep posting these dumb facts, it's entertains me.

Thanks, I'm done.

That's one thing we agree on :-)

Whenever this is the case (which is rare), the C++ program can always be made faster. The reverse is not true of Java. HotSpot is itself written in C++, so no Java program is going to be faster than an optimal C++ program.

JVM can optimize on a fly for a target CPU, C++ cannot (like detecting if the cpu support SSE3/SSE4.1 instructions, so it would optimize better for Intel or AMD cpus). If you deploy a same binary across 100 different x86 cpus, java would optimize better for each of them - Atom, Pentium 4, AMD, etc.

Java in general is faster in memory alloc/dealloc.

Java can also optimize the bytecode on the fly, like inlining of the library functions. Can't really do that with static compiling.

Why it theoretically possible to implement the same in C++, practically its already done in Java out of the box. Yes, Java would lose to optimally written C++ program.. But when you run a C++ program designed for Intel SSE4.1 on a AMD cpu, java will simply optimize for AMD.

I written a lot of C/C++ code, it may be not so bad if you're the only person on the project. But when you have 100 people, Java IS so much better. Strong typing with verbosity helps a lot to understand what the heck 100 people wrote over 5 years.

As I've stated in the OP, I haven't a clue.

Youtube vids use flash, not java. Some games use java, but ~95% of computer users will never notice that they've turned off java.

You're comparing a language and a framework. Boo.

Would turning off Java speed up the computer?

Am I? I am somewhat confused since I haven't heard that Java Applets become a language. Last time I checked it was a framework.

Unless it's set up to always run (a possibility, but not, I think, the default option), no. It's usually something invoked when needed.

Read more: http://www.montrealgazette.com/technology/Oracle+releases+patch+Java+that+fixes+flaw+Homeland+Security/7818742/story.html#ixzz2I6PXnjTN

I don't think the exploit affects mobile phones, unless i'm wrong

Anyone know if this stuff affects services running on Java, like Freenet?

i think the thing is, you should disable java because someone could write some very dangerous viruses / key logger, and just by visiting a site you could get infected, if you have java enabled just make sure you go to trusted places you should be fine.

can someone correct or confirm this ?

 anyway lets all do it...
http://nakedsecurity.sophos.com/2012/08/30/how-turn-off-java-browser/

i normally never install java, but their was a site i wanted to see that needed java... so i was like fuck it why not... bad move  :P

I have always thought Java sucked... Isn't java an interpreted language and this is why it can run anywhere?
my view is that it all sucks balls, everything barely hangs together, the web-code is one half baked idea thrown on top of another, and its only getting more convoluted as time goes on.
Time for evolution to kick in and kill off alot of crap? why do i have a feeling its going to take millions of years  :P?

That kind of makes sense, although I guess there are levels of security - untrusted code, and then what it has access to, etc.


As I understand it, Java compilers are pretty efficient these days. Android apps are written in Java apparently - but don't get Java the language confused with Java the compatible-compilers - Android apps don't run on Oracle's Java engine. Oracle seem to be the problem more than "Java" in this case.

Well that's a wrong view. Java is fast, well aside from ASM/C/C++ it kills anything in performance Ruby, Python, PHP, Perl....

The applet API is outdated. You cant really write a secure sandbox in the environment that isn't designed from scratch for one. JVM wasn't designed to be secure as a linux kernel, and java applets are probably the only case of the java app being sandboxed. Android apps are sandboxed via an *nix kernel.


Oracle VM isn't the only one around.. Linux comes with an open source by default.

You can disable Java in your browser (which this thread is about), this will not affect stand-alone applications using Java, like Freenet or Freemind.