[Chugalug] Java Rant

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

[Chugalug] Java Rant

Michael Harrison
Why SysAdmins are an inherent security risk: 

The Raritan KVM attached to the servers needs Java/JRE. So I installed Java on my Mac to find out that it's essentially worthless, as modern Browsers won't run it (thank gawd!) and it is going to be a pain to un-install. So on my work around is the Pale Moon browser and the IBM Java/JRE 8 on Linux. This works. Partially because Pale Moon supports all the old insecure plugins via NPAPI. So that you can run those things that manage critical hardware, with invalid expired certificates and crunchy bad interfaces, and lots of pop-up warnings saying: "This is a bad idea, are you sure you want to do this?". The good news: Java is dying. The bad news: for some things, there are no replacements, yet.

Oh, yeah and OpenVPN ROCKS!



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Stephen Kraus
Oracles hostage game is strong.

On Sat, Nov 3, 2018, 11:30 PM Michael Harrison <[hidden email] wrote:
Why SysAdmins are an inherent security risk: 

The Raritan KVM attached to the servers needs Java/JRE. So I installed Java on my Mac to find out that it's essentially worthless, as modern Browsers won't run it (thank gawd!) and it is going to be a pain to un-install. So on my work around is the Pale Moon browser and the IBM Java/JRE 8 on Linux. This works. Partially because Pale Moon supports all the old insecure plugins via NPAPI. So that you can run those things that manage critical hardware, with invalid expired certificates and crunchy bad interfaces, and lots of pop-up warnings saying: "This is a bad idea, are you sure you want to do this?". The good news: Java is dying. The bad news: for some things, there are no replacements, yet.

Oh, yeah and OpenVPN ROCKS!


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Bret McHone
In reply to this post by Michael Harrison
I understand your pain, and share in it..

On Sat, Nov 3, 2018 at 11:30 PM Michael Harrison <[hidden email]> wrote:
Why SysAdmins are an inherent security risk: 

The Raritan KVM attached to the servers needs Java/JRE. So I installed Java on my Mac to find out that it's essentially worthless, as modern Browsers won't run it (thank gawd!) and it is going to be a pain to un-install. So on my work around is the Pale Moon browser and the IBM Java/JRE 8 on Linux. This works. Partially because Pale Moon supports all the old insecure plugins via NPAPI. So that you can run those things that manage critical hardware, with invalid expired certificates and crunchy bad interfaces, and lots of pop-up warnings saying: "This is a bad idea, are you sure you want to do this?". The good news: Java is dying. The bad news: for some things, there are no replacements, yet.

Oh, yeah and OpenVPN ROCKS!


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Lynn Dixon
Nothing like the frustration of trying to get the KVM console to work from IBM's SMC or a janky HP iLo.



On Sun, Nov 4, 2018, 12:05 AM Bret McHone <[hidden email] wrote:
I understand your pain, and share in it..

On Sat, Nov 3, 2018 at 11:30 PM Michael Harrison <[hidden email]> wrote:
Why SysAdmins are an inherent security risk: 

The Raritan KVM attached to the servers needs Java/JRE. So I installed Java on my Mac to find out that it's essentially worthless, as modern Browsers won't run it (thank gawd!) and it is going to be a pain to un-install. So on my work around is the Pale Moon browser and the IBM Java/JRE 8 on Linux. This works. Partially because Pale Moon supports all the old insecure plugins via NPAPI. So that you can run those things that manage critical hardware, with invalid expired certificates and crunchy bad interfaces, and lots of pop-up warnings saying: "This is a bad idea, are you sure you want to do this?". The good news: Java is dying. The bad news: for some things, there are no replacements, yet.

Oh, yeah and OpenVPN ROCKS!


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Dave Brockman
In reply to this post by Michael Harrison
On 11/3/2018 11:30 PM, Michael Harrison wrote:

> Why SysAdmins are an inherent security risk: 
>
> The Raritan KVM attached to the servers needs Java/JRE. So I installed
> Java on my Mac to find out that it's essentially worthless, as modern
> Browsers won't run it (thank gawd!) and it is going to be a pain to
> un-install. So on my work around is the Pale Moon browser and the IBM
> Java/JRE 8 on Linux. This works. Partially because Pale Moon supports
> all the old insecure plugins via NPAPI. So that you can run those things
> that manage critical hardware, with invalid expired certificates and
> crunchy bad interfaces, and lots of pop-up warnings saying: "This is a
> bad idea, are you sure you want to do this?". The good news: Java is
> dying. The bad news: for some things, there are no replacements, yet.
I deal with this constantly with switches, BMC consoles, (physical)
security systems, printer management, etc.  I try to keep an old desktop
that is firewalled off from everything but the management network and a
specific VPN tunnel that only admins use specifically for accessing said
management network.  Barring that, I run a VM on my laptop that I keep
in more or less unconfigured state, so I can install whatever ancient
version of Java/Flash/IE said PoS requires to operate.

Don't even get me started on firewall vendors and the shit you have to
run to configure those things with a GUI.  Or just UI design in general,
looking dead at you, Untangle!

Cheers,

-Dave


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Jonathan Calloway-2
Isn’t Oracle supposed to start charging for J2EE? Will this eventually kill it because people won’t want to pay for it annually?

Jonathan Calloway

Sent from my iPhone

> On Nov 4, 2018, at 2:31 PM, Dave Brockman <[hidden email]> wrote:
>
>> On 11/3/2018 11:30 PM, Michael Harrison wrote:
>> Why SysAdmins are an inherent security risk:
>>
>> The Raritan KVM attached to the servers needs Java/JRE. So I installed
>> Java on my Mac to find out that it's essentially worthless, as modern
>> Browsers won't run it (thank gawd!) and it is going to be a pain to
>> un-install. So on my work around is the Pale Moon browser and the IBM
>> Java/JRE 8 on Linux. This works. Partially because Pale Moon supports
>> all the old insecure plugins via NPAPI. So that you can run those things
>> that manage critical hardware, with invalid expired certificates and
>> crunchy bad interfaces, and lots of pop-up warnings saying: "This is a
>> bad idea, are you sure you want to do this?". The good news: Java is
>> dying. The bad news: for some things, there are no replacements, yet.
>
> I deal with this constantly with switches, BMC consoles, (physical)
> security systems, printer management, etc.  I try to keep an old desktop
> that is firewalled off from everything but the management network and a
> specific VPN tunnel that only admins use specifically for accessing said
> management network.  Barring that, I run a VM on my laptop that I keep
> in more or less unconfigured state, so I can install whatever ancient
> version of Java/Flash/IE said PoS requires to operate.
>
> Don't even get me started on firewall vendors and the shit you have to
> run to configure those things with a GUI.  Or just UI design in general,
> looking dead at you, Untangle!
>
> Cheers,
>
> -Dave
>
> _______________________________________________
> Chugalug mailing list
> [hidden email]
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Dave Brockman
On 11/5/2018 8:44 AM, Jonathan Calloway wrote:
> Isn’t Oracle supposed to start charging for J2EE? Will this eventually kill it because people won’t want to pay for it annually?
>
> Jonathan Calloway

Maybe.... there are some holes in the license language of the latest
release...

https://blog.joda.org/2018/08/java-is-still-available-at-zero-cost.html

-Dave



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Stephen Kraus
I doubt they'll start charging, they'd be facing one hell of legal battle to close source what's been open sourced for nearly a decade.

On Mon, Nov 5, 2018 at 9:47 AM Dave Brockman <[hidden email]> wrote:
On 11/5/2018 8:44 AM, Jonathan Calloway wrote:
> Isn’t Oracle supposed to start charging for J2EE? Will this eventually kill it because people won’t want to pay for it annually?
>
> Jonathan Calloway

Maybe.... there are some holes in the license language of the latest
release...

https://blog.joda.org/2018/08/java-is-still-available-at-zero-cost.html

-Dave


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Billy
OpenJDK is still being developed.

--b

On Nov 5, 2018, at 9:51 AM, Stephen Kraus <[hidden email]> wrote:

I doubt they'll start charging, they'd be facing one hell of legal battle to close source what's been open sourced for nearly a decade.

On Mon, Nov 5, 2018 at 9:47 AM Dave Brockman <[hidden email]> wrote:
On 11/5/2018 8:44 AM, Jonathan Calloway wrote:
> Isn’t Oracle supposed to start charging for J2EE? Will this eventually kill it because people won’t want to pay for it annually?
>
> Jonathan Calloway

Maybe.... there are some holes in the license language of the latest
release...

https://blog.joda.org/2018/08/java-is-still-available-at-zero-cost.html

-Dave


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Michael Harrison
In reply to this post by Jonathan Calloway-2
On Mon, Nov 5, 2018 at 8:44 AM, Jonathan Calloway <[hidden email]> wrote:
Isn’t Oracle supposed to start charging for J2EE? Will this eventually kill it because people won’t want to pay for it annually?


Many corporations will pay up, because the cost of replacing all that bad custom legacy code is insane. At least for a while. Some industries theoretically started banning Java application development years ago, and they have a long time to go to be java free. I just got done with a project that gives a few more years life to some 1998 Java code, because to replace it will cost millions (gotta replace everything associated with it, and the code is just part of the control system).

The question is: what will replace it? It fits in a weird niche of things for browser embedded web applications and desktop/server applications. 


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Stephen Kraus
Effectively Java isn't going away, its still the largest used language, but most smart companies are relegating it to service layer only and isolated it from the UI/Customer facing interface.

On Wed, Nov 7, 2018 at 8:48 AM Mike Harrison <[hidden email]> wrote:
On Mon, Nov 5, 2018 at 8:44 AM, Jonathan Calloway <[hidden email]> wrote:
Isn’t Oracle supposed to start charging for J2EE? Will this eventually kill it because people won’t want to pay for it annually?


Many corporations will pay up, because the cost of replacing all that bad custom legacy code is insane. At least for a while. Some industries theoretically started banning Java application development years ago, and they have a long time to go to be java free. I just got done with a project that gives a few more years life to some 1998 Java code, because to replace it will cost millions (gotta replace everything associated with it, and the code is just part of the control system).

The question is: what will replace it? It fits in a weird niche of things for browser embedded web applications and desktop/server applications. 

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Lynn Dixon


On Wed, Nov 7, 2018 at 10:37 AM Stephen Kraus <[hidden email]> wrote:
Effectively Java isn't going away, its still the largest used language, but most smart companies are relegating it to service layer only and isolated it from the UI/Customer facing interface.


There are still roughly 220 BILLION lines of COBOL code being used worldwide.  I'd say its still the most widely used language.  Which is freakishly odd.

 

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Stephen Kraus
If we're going by line count, maybe, but then you get into semantics: How many lines of Cobol does it take to achieve something that you could also achieve in Java.

Java is the most used Enterprise language still.

https://www.tiobe.com/tiobe-index/

On Wed, Nov 7, 2018 at 12:34 PM Lynn Dixon <[hidden email]> wrote:


On Wed, Nov 7, 2018 at 10:37 AM Stephen Kraus <[hidden email]> wrote:
Effectively Java isn't going away, its still the largest used language, but most smart companies are relegating it to service layer only and isolated it from the UI/Customer facing interface.


There are still roughly 220 BILLION lines of COBOL code being used worldwide.  I'd say its still the most widely used language.  Which is freakishly odd.

 
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Java Rant

Jonathan Calloway-2
It depends on how much the developers are getting paid per line!

Jonathan Calloway 

Sent from my iPhone

On Nov 7, 2018, at 12:36 PM, Stephen Kraus <[hidden email]> wrote:

If we're going by line count, maybe, but then you get into semantics: How many lines of Cobol does it take to achieve something that you could also achieve in Java.

Java is the most used Enterprise language still.

https://www.tiobe.com/tiobe-index/

On Wed, Nov 7, 2018 at 12:34 PM Lynn Dixon <[hidden email]> wrote:


On Wed, Nov 7, 2018 at 10:37 AM Stephen Kraus <[hidden email]> wrote:
Effectively Java isn't going away, its still the largest used language, but most smart companies are relegating it to service layer only and isolated it from the UI/Customer facing interface.


There are still roughly 220 BILLION lines of COBOL code being used worldwide.  I'd say its still the most widely used language.  Which is freakishly odd.

 
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug