|
|
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
Page 2 of 3
Java's licensing change troubles Canonical
Oracle also is raising dander over a recent license change limiting distribution of Oracle's commercial Java. Canonical says
that Oracle has retired its license that permitted Linux distros to redistribute Java. Under the new Oracle license, users
now must download Java directly from Oracle's website.
"That left us in a pickle, because the current version of Java that we're distributing had known security issues that were being exploited," says Canonical CEO Jane Silber. Security problems in Java 6 include problems with remote exploits enabled through the Java browser plug-in, she says. To address the security issue, though not solve it, Canonical is pushing out an update that will disable part of the Java version on users' machines.
Canonical can still distribute the open source OpenJDK version of Java, but it is not equivalent to the commercial Oracle implementation, Silber says. Canonical's troubles date back to Oracle's announcement last summer that OpenJDK would become the reference implementation of Java, which resulted in the discontinuance of the "non-free" operating system distributor license for Java used by Canonical. The bottom line is that Oracle wants Linux distributions to migrate to OpenJDK, even if a distributor believes the commercial version is better for its customers.
Java's security questioned
Oracle also has been receiving flak elsewhere over the security of Java. F-Secure Security Labs recently posted a notice,
"Java considered harmful," that advises people to remove the Java plug-in from their browsers. "The risks of Java are nicely illustrated by the recent
Java Rhino vulnerability (aka CVE-2011-3544). If you're running Java, but not the latest version, you're vulnerable. So either you have to check at all times that you
have the latest version of Java -- or get rid of it altogether," F-Secure writes.
Keeping Java secure is no mean feat, as it is a popular target for hackers. "Java is currently the lowest-hanging fruit of the third-party software that gets attacked," says Sean Sullivan, an F-Secure security advisor. While Java is a great platform on back-end systems, Java on Windows PCs facilitates the running of undesirable code, he says.
Oracle's thankless job
Oracle has numerous Java projects to maintain and update, such as last week's release of the NetBeans 7.1 IDE equipped with support for the JavaFX 2.0 rich Internet application platform. With Java being such a ubiquitous technology after 16-plus years, whoever is in charge
of it is sure to upset some folks with how the platform is proceeding. In fact, disagreements over Java are nothing new: The
Apache Software Foundation's efforts to get proper certification for its Apache Harmony implementation of Java have spanned both the Sun and Oracle reigns over Java, for example.
Oracle, however, perhaps should cut back on the heavy-handedness, perceived or actual, if it hopes to preserve and maximize its substantial investment in Java. Otherwise, Oracle risks sending users looking for alternatives.