Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Java 7 Ships With Severe Bug

Soulskill posted more than 3 years ago | from the meeting-expectations dept.

Java 180

Lisandro writes "Lucid Imagination just posted an announcement about a severe bug in the recently released Java 7. Apparently some loops are mis-compiled due to errors in the HotSpot compiler optimizations, which causes programs to fail. This bug affects several Apache projects directly — Apache Lucene Core and Apache Solr have already raised a warning, noting that the bug might be present in Java 6 as well."

Sorry! There are no comments related to the filter you selected.

The bug is widely known... (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#36923652)

...it's called "Java"

Re:The bug is widely known... (0)

Anonymous Coward | more than 3 years ago | (#36923700)

Says anonymous coward

Re:The bug is widely known... (2)

Dexter Herbivore (1322345) | more than 3 years ago | (#36924488)

Score 0, Informative anonymous coward.

Re:The bug is widely known... (0, Funny)

Anonymous Coward | more than 3 years ago | (#36923750)

Java is amongst the world's most widely installed malware. For some reason, Oracle was even championing the fact that this malware had over 1 billion downloads.

Re:The bug is widely known... (0)

Anonymous Coward | more than 3 years ago | (#36923928)

Hilarious AND original. You sir, are the total package.

Sounds just about right for Oracle. (3, Insightful)

Nadaka (224565) | more than 3 years ago | (#36923698)

So well known for product "quality"

Re:Sounds just about right for Oracle. (1)

HarrySquatter (1698416) | more than 3 years ago | (#36923796)

Yeah because the numerous bugs and security vulnerabilities in the Sun version of the JVM was such great "quality" in itself, right?

Re:Sounds just about right for Oracle. (3, Insightful)

Tridus (79566) | more than 3 years ago | (#36923942)

Can you name an instance where Sun knew the thing miscompiled loops before release and put it out anyway with no warning to users about the error?

I can't. Sun got stuff wrong sometimes, but this is an incredible level of actively poor judgement from Oracle. Anybody sane would have delayed this release.

Re:Sounds just about right for Oracle. (2)

NoNonAlphaCharsHere (2201864) | more than 3 years ago | (#36924062)

I know it's unfashionable to RTFA, but this quote might help:

Also Java 6 users are affected, if they use one of those JVM options, which are not enabled by default: -XX:+OptimizeStringConcat or -XX:+AggressiveOpts.

Emphasis in the original. So it looks more like Oracle turned on more aggressive optimizations by default. And if it's such an obvious bug, one would think it would have turned up in the last 29 version 6 releases?

Re:Sounds just about right for Oracle. (5, Informative)

dgatwood (11270) | more than 3 years ago | (#36924576)

And if it's such an obvious bug, one would think it would have turned up in the last 29 version 6 releases?

No, honestly. This wasn't caught before because nobody used those flags. Oracle decided that these flags should be turned on by default. Therefore, the onus was on Oracle to thoroughly and broadly test these flags before promoting them to be used by default.

I guarantee you'll find some hairy bugs if you enable lots of random, rarely enabled flags in just about any compiler. The difference between a good compiler and a bad compiler is that a good compiler tests flags thoroughly before either enabling any the flags by default or rolling them into a commonly used option. In effect, what Oracle did was to take an obscure, poorly tested code path and promote it into the hot path through their code. This is something that any first-year CS student should know is risky.

The best part of this is that (assuming other Slashdot comments are correct) this occurs in commonly used third-party libraries, and was disclosed to Oracle several days before the release shipped. Where I work, that's what is known as a P1 block-ship bug, and people will be called in to work on it day and night until the problem is resolved, and if necessary, features will get temporarily pulled (e.g. turning that optimization back off by default).

For shame, Oracle.

Re:Sounds just about right for Oracle. (1)

jensend (71114) | more than 3 years ago | (#36924878)

Nobody used aggressive optimizations? You're off your rocker. I think that's one of the first tweaks people go to when they're trying to tune Java performance. Yes, it wasn't used by the majority of people, but it would have been excusable to think that these options had seen enough testing from those enabling the option to catch any obvious bugs.

Re:Sounds just about right for Oracle. (1)

Applekid (993327) | more than 3 years ago | (#36925048)

Nobody used aggressive optimizations? You're off your rocker. I think that's one of the first tweaks people go to when they're trying to tune Java performance. Yes, it wasn't used by the majority of people, but it would have been excusable to think that these options had seen enough testing from those enabling the option to catch any obvious bugs.

Obviously "nobody" is a sweeping generalization, but if someone is tuning Java performance, and it breaks when a particular switch is turned on, the switch is just going to be left off from then on. Maybe they'll turn revert a few other previously changed options, but unless it stops being broken as a result...

Re:Sounds just about right for Oracle. (0)

Anonymous Coward | more than 3 years ago | (#36925468)

Yeah, that's one of the first things any physicist with huge data sets or simulations to grind will head for.

Re:Sounds just about right for Oracle. (1)

Amouth (879122) | more than 3 years ago | (#36924908)

exactly - and to top it off according to Apache.. Oracle has put the fix in a timeline to be released on Java 7 update 2.. so something that should never have gone out the door isn't going to be fixed for this or the next update.. that's just stupid.

Re:Sounds just about right for Oracle. (1)

blair1q (305137) | more than 3 years ago | (#36925164)

You'll find bugs in software every time you change software. Hopefully in alpha and regression testing. Or in Beta testing, if you do it old-school and dogfood it instead of pretending that the first release to the public is Beta testing, or just skip it altogether.

Seems Oracle should have had test cases for these (1)

mrflash818 (226638) | more than 3 years ago | (#36925402)

If not, I hope they update their validation testing suite to compile and run the code giving problems everyone is finding and sharing.

Re:Sounds just about right for Oracle. (0)

Anonymous Coward | more than 3 years ago | (#36924590)

If it's not enabled by default in Java 6, it's probably not used by very many people.

Re:Sounds just about right for Oracle. (1)

nedlohs (1335013) | more than 3 years ago | (#36925292)

Obviousness is irrelevant if the part of the article that says:

"""These problems were detected only 5 days before the official Java 7 release, so Oracle had no time to fix those bugs,"""

is accurate then Oracle are way past poor judgement.

You have a bug in your compiler/jvm/whatever which will cause some programs to crash and others to give the wrong output.Do you:

1. Release it anyway and hope no one notices.
2. Release it anyway and warn people about it.
3. Delay the release until it is fixed.
4. Disable that, purely performance related, feature for now.

 

Re:Sounds just about right for Oracle. (1)

HarrySquatter (1698416) | more than 3 years ago | (#36924204)

Did you miss the part from the article that this was a bug in the JVM since well before Oracle even took over? Oh right, you probably didn't. Who cares about pesky facts when we can bash Oracle instead.

Re:Sounds just about right for Oracle. (1)

locopuyo (1433631) | more than 3 years ago | (#36924410)

Oracle is an evil corporation bent on world domination. They deserve it anyways.

Re:Sounds just about right for Oracle. (1)

Plugh (27537) | more than 3 years ago | (#36924862)

Accuseth locopuyo:
Oracle is an evil corporation bent on world domination.

Well, I work there, and speaking strictly for myself: No on 1, Yes on 2

Re:Sounds just about right for Oracle. (2)

idontgno (624372) | more than 3 years ago | (#36925116)

I think the distinction between 2 and 1 is generally illusory or propaganda. "World Domination" is generally held to be an evil goal. In fact, the people most interested in making and emphasizing the distinction are the ones in the second category but don't want (for PR or ego reasons) to believe they're in the first.

Re:Sounds just about right for Oracle. (1)

MichaelKristopeit350 (1968134) | more than 3 years ago | (#36925370)

world domination is evil.

you're an idiot.

Re:Sounds just about right for Oracle. (1)

Smallpond (221300) | more than 3 years ago | (#36924776)

It was an Oracle product when they turned on the optimize flags that revealed the bug, were notified of the bug, and decided to ship with the flags on anyway.

If it had been Sun they would have delayed the release, because Java was Sun's poster product. Oracle has either canned or driven away so much talent that they probably have no clue what Java is at this point.

Re:Sounds just about right for Oracle. (1)

MrEricSir (398214) | more than 3 years ago | (#36925264)

"Anybody sane would have delayed this release."

The last major version of Java came out in December 2006. If that's not enough of a delay, I don't know what is.

Re:Sounds just about right for Oracle. (1)

lennier1 (264730) | more than 3 years ago | (#36923988)

Sounds all too familiar.

Just finished a project where several workarounds were needed because a well-known bug in Oracle's own damn JDBC driver hasn't been fixed in over three years.

Re:Sounds just about right for Oracle. (1)

Nadaka (224565) | more than 3 years ago | (#36924390)

Yea... Their most recent JDBC driver is also significantly slower than the previous version and contains a boolean conversion error.

Re:Sounds just about right for Oracle. (0)

Anonymous Coward | more than 3 years ago | (#36924452)

If I'm not mistaken, mis-compiled loops are patented!

Re:Sounds just about right for Oracle. (1)

Anonymous Coward | more than 3 years ago | (#36924454)

Ellison did this on purpose because he's mad at Google, the petulant cuntbag.

Re:Sounds just about right for Oracle. (1)

bill_mcgonigle (4333) | more than 3 years ago | (#36924728)

So well known for product "quality"

I once had a heck of a time installing an Oracle product for a client. I finally figure out that the install script had a developer's home directory hard-coded into it. When I googled this path, I found an Oracle messageboard thread that had started almost three years earlier on the problem.

I had downloaded the package from Oracle that day.

Re:Sounds just about right for Oracle. (0)

Anonymous Coward | more than 3 years ago | (#36924806)

Just Let Google fix it -

Should I turn off javascript in my browser for now (4, Funny)

kotku (249450) | more than 3 years ago | (#36923734)

Or is it only a desktop problem?

Re:Should I turn off javascript in my browser for (-1, Redundant)

Thantik (1207112) | more than 3 years ago | (#36923774)

Java has absolutely nothing to do with javascript.

Re:Should I turn off javascript in my browser for (0)

HarrySquatter (1698416) | more than 3 years ago | (#36923896)

Whoosh? GP was joking, bro.

Re:Should I turn off javascript in my browser for (1)

RichardJenkins (1362463) | more than 3 years ago | (#36924800)

Of course it does! I love a good cup of java in the morning, but my assistant keeps making it wrong. I tried explaining how to get it Done Right, but he just doesn't listen.

In the end I had to write out a script for him to follow. So yeah, in my experience, good Java comes from a good Javascript.

Java script means Everyday coffee made acceptably!

Re:Should I turn off javascript in my browser for (0)

arth1 (260657) | more than 3 years ago | (#36923776)

java != javascript

Re:Should I turn off javascript in my browser for (1)

leucadiadude (68989) | more than 3 years ago | (#36923802)

Troll fail.

Try again next time.

Re:Should I turn off javascript in my browser for (2)

HarrySquatter (1698416) | more than 3 years ago | (#36923820)

He was a fail troll yet got multiple people to fall for it? It's amazing how easy it is for people like the GP to continue to bait people with such obvious trolling.

Re:Should I turn off javascript in my browser for (1)

leucadiadude (68989) | more than 3 years ago | (#36923962)

Hehe, when I replied there were no other replies to him. Sad.

Re:Should I turn off javascript in my browser for (0)

Anonymous Coward | more than 3 years ago | (#36923806)

Javascript is unrelated.

Re:Should I turn off javascript in my browser for (1)

NoNonAlphaCharsHere (2201864) | more than 3 years ago | (#36924282)

You misspelled "unrelenting".

Re:Should I turn off javascript in my browser for (0)

DarkOx (621550) | more than 3 years ago | (#36923822)

This has NOTHING to do with emca/java script, they are not in anyway related to Java other than the really really unfortunate sharing of a brand and a little syntax also common to many other languages.

Re:Should I turn off javascript in my browser for (1, Funny)

Anonymous Coward | more than 3 years ago | (#36923874)

o -- Joke

O -- You
\|/
/ \

Re:Should I turn off javascript in my browser for (3, Funny)

arth1 (260657) | more than 3 years ago | (#36924016)

You may think that the joke was obvious, but today is System Administrator Day. People who don't know that difference (or the difference between a CPU and hard drive, for that matter) is what sysadmins deal with every day. Nine times out of ten when users ask a really stupid question it's because they really don't know.

You would probably think I was joking if I told you that a user was worried because his java had a hot spot. The joke would be on you.

Moderator Advice: mod parent +1 Funny (1)

JoshDM (741866) | more than 3 years ago | (#36923904)

:-D

Re:Should I turn off javascript in my browser for (0)

Anonymous Coward | more than 3 years ago | (#36924000)

If a man tells a joke, and nobody understands it, is it still funny?

Re:Should I turn off javascript in my browser for (0)

Anonymous Coward | more than 3 years ago | (#36924266)

Cool stary bra

Re:Should I turn off javascript in my browser for (1)

lucidlyTwisted (2371896) | more than 3 years ago | (#36924684)

No, but you should check your cafetiere for overflows.

An Warning (1)

Anonymous Coward | more than 3 years ago | (#36923784)

(/_-)

an warning (0)

Anonymous Coward | more than 3 years ago | (#36923808)

What are we now, Welsh?

Re:an warning (1)

AkkarAnadyr (164341) | more than 3 years ago | (#36924540)

Nah, it was just a memory leek.

Re:an warning (0)

Anonymous Coward | more than 3 years ago | (#36924744)

ITYM "Is it Welsh that we are now, lookyou?"

It's not a bug (0)

Anonymous Coward | more than 3 years ago | (#36923860)

It's a feature.

They released this anyway (5, Insightful)

Tridus (79566) | more than 3 years ago | (#36923886)

Relevant part:

These problems were detected only 5 days before the official Java 7 release,
so Oracle had no time to fix those bugs, affecting also many more
applications. In response to our questions, they proposed to include the
fixes into service release u2 (eventually into service release u1, see [6]).
This means you cannot use Apache Lucene/Solr with Java 7 releases before
Update 2! If you do, please don't open bug reports, it is not the
committers' fault! At least disable loop optimizations using the
-XX:-UseLoopPredicate JVM option to not risk index corruptions.

If this was known before the release and it's as severe as it's being made out to be, why the hell didn't they postpone the release? It's not like the world is dependent on Java 7 being released on time.

This isn't a little issue, either. It's extremely irresponsible for Oracle to put this kind of release out knowing of a bug this severe without any kind of warning on it.

Re:They released this anyway (2)

JoeMerchant (803320) | more than 3 years ago | (#36923946)

There's a manager at Oracle who would have lost his quarterly bonus if 7 didn't ship on time, you wouldn't have wanted him to do that, would you?

Re:They released this anyway (0)

Anonymous Coward | more than 3 years ago | (#36924086)

There's a manager at Oracle who would have lost his quarterly bonus if 7 didn't ship on time, you wouldn't have wanted him to do that, would you?

Oh, the sums up how the software industry can be so fucking retarded.

Messing up the ROI was another fucked up reason the PHBs had for the release. I'm sure there are others here who can attest to this happening at any other fucking software vendor.

Re:They released this anyway (1)

Tridus (79566) | more than 3 years ago | (#36924132)

Yeah that's probably the answer. Some suit somewhere decided on a release date and minor details like the product not working won't deter it.

Re:They released this anyway (2)

NoNonAlphaCharsHere (2201864) | more than 3 years ago | (#36924344)

Well, you wouldn't want them to have to deal with all the "Oracle misses ship date" headlines, would you? Some corner-case bug is only going to be reported in the tech media, not in the Wall Street Journal.

Re:They released this anyway (1)

Lisandro (799651) | more than 3 years ago | (#36925076)

This ain't no "corner case" . These guys enabled broken optimizations that break loops, knowingly... in a production release. I completely agree with the parent poster, this is way irresponsible of Oracle. It's akin to releasing a new car model where the steering wheel doesn't work properly.

Re:They released this anyway (1)

idontgno (624372) | more than 3 years ago | (#36925194)

Yeah, well, ok, but how many programs use these "loop" thingies? Right? You can code around them. Just do something else. I hear "recursion" is a good workaround. Amiright?

Good car analogy, btw, but I think it's more like the steering working just fine unless you want to turn. Then it snap-oversteers across the sidewalk and into the side of a building. Just keep steering straight and there'll be no problem. A steering system which permits turning, curving, or lane-changing is schedule for Q4 2011 or Q1 2012.

Re:They released this anyway (2)

boorack (1345877) | more than 3 years ago | (#36925204)

They could just turn off those two switches. But hey, this is Oracle. Everything they touch turns into crap.

Re:They released this anyway (0)

Anonymous Coward | more than 3 years ago | (#36924004)

Or, you know, make -XX:-UseLoopPredicate the default - but couldn't have that, it might hurt artificial benchmark numbers...

Re:They released this anyway (1)

ardle (523599) | more than 3 years ago | (#36924098)

Would you go as far as to say "culpably" irresponsible? Would some kind of lawsuit help, or are Oracle too big for the law?

Re:They released this anyway (2)

Smallpond (221300) | more than 3 years ago | (#36924884)

Would you go as far as to say "culpably" irresponsible? Would some kind of lawsuit help, or are Oracle too big for the law?

I believe they are willing to refund the entire purchase price for the compiler.

Re:They released this anyway (1)

jensend (71114) | more than 3 years ago | (#36924714)

I don't see any sign that this is affecting many users other than the two Apache projects noted. The linked article says that the best case with the loop optimizations is a crash and worst case is incorrect behavior- but they're conveniently not mentioning how likely it is that your code would trigger this bug. I see no signs that the "Donâ(TM)t use Java 7 for anything" conclusion is anything other than totally overblown.

The fact that the bug is also present in Java 6 if you enable the (fairly common) non-default optimizations makes this whole thing sound basically non-newsworthy. "Some users have problems with new default options! News at 11!"

A bug which only affects a few existing pieces of software and can be worked around with a simple command line option doesn't seem to me to be a release blocker. I'd agree, though, that they should have put something in the release notes.

Horse-puckey (1)

FranTaylor (164577) | more than 3 years ago | (#36924888)

Yeah because applications out there are magic, they read the release notes for each java release and they automatically use the correct command line switches for each of the different versions of java.

don't get smart with me, young man (2)

jensend (71114) | more than 3 years ago | (#36925188)

No, but if you're a sysadmin you should read release notes before making major upgrades. Not too many end-users out there using Lucene or Solr. It's also not like Sun has pushed Java 7 to end users through Java Update either (I imagine it will be quite some time before they do that).

So only the dedicated early adopters who replace what all their enterprise search software is running on with a brand-new release branch immediately after its release without reading the release notes would be affected.

Re:They released this anyway (1)

bill_mcgonigle (4333) | more than 3 years ago | (#36925150)

why the hell didn't they postpone the release?

You know the open source motto: Never show weakness to your enemies. Oh, no, wait, that's not how it works.

Those were known bugs. (3, Insightful)

Anonymous Coward | more than 3 years ago | (#36923888)

Damn those bugs where known but Oracle choose to ship Java 7, knowing that it would crash on some very known and used Apache libraries. (And most likely other code too).

To quote:
"These problems were detected only 5 days before the official Java 7 release,
so Oracle had no time to fix those bugs, affecting also many more. "

Here is a hint to Oracle: If you find a fatal bug 5 days before launch and don't have time to fix it, you either disable the specific optimization with the know bug, or you postpone the launch and start working on a fix. Just shipping like this is stupid.

Re:Those were known bugs. (3, Insightful)

rossjudson (97786) | more than 3 years ago | (#36925000)

Another way of looking at this is to realize that the pre-release versions of Java 7 have been out there for a long, long time, and nobody from these Apache projects felt like testing their (rather important) open source projects against it, so they could have found and reported the bug earlier.

It seems to me that fault lies in both directions here.

A more correct rewrite of the bug teaser would be, "Don't use Java 7 for anything if you are incapable of passing an extra command line argument to it".

Re:Those were known bugs. (1)

PickyH3D (680158) | more than 3 years ago | (#36925120)

Agreed. If the release was too close to cancel, then it should have already been released.

Otherwise, they should have disabled the optimization and put it into the release notes, thus avoiding the issue (as, apparently, using the optimizations in Java 6's HotSpot also caused the same problem) until they had time to resolve it.

Re:Those were known bugs. (1)

blair1q (305137) | more than 3 years ago | (#36925202)

How is 5 days "no time"?

Just how dumb are the people who write Java?

Re:Those were known bugs. (0)

Anonymous Coward | more than 3 years ago | (#36925444)

Nowhere near as dumb as you.

Timing is everything (0)

Anonymous Coward | more than 3 years ago | (#36923908)

I upgraded to Java 7 on Wednesday. Thursday I tried to fire up tomcat only to have it die on me. I spent a few hours trying to get it to work and eventually gave up and reverted back to Java 6. I realize it could be something completely unrelated (I'm developing a web app with a fair amount of ins and outs, so there are a lot of places for things to break), but somehow I wish I knew about this yesterday,

Re:Timing is everything (2)

JaneTheIgnorantSlut (1265300) | more than 3 years ago | (#36924272)

Frankly, upgrading to the latest version of your development environment, literally on the day of release, seems to be rather poor practice. Since "there are a lot of places for things to break," adding another one is unwise.

Re:Timing is everything (1)

shoppa (464619) | more than 3 years ago | (#36924604)

I tend to keep my linux development machines on the bleeding edge of the distro and there is rarely a problem. To be fair I doubt that any distro would put Java 7 in its bleeding edge. The bleeding edge of any distro has some kind of QC process already.

How else??? (1)

FranTaylor (164577) | more than 3 years ago | (#36924784)

"upgrading to the latest version of your development environment, literally on the day of release, seems to be rather poor practice."

It's THE ONLY REASONABLE practice if you wish to actually find the bugs in your system.

If you were talking about "production environment" I would agree with you.

If the software on your development system is not working right, the only one impacted is YOU.

The sooner you install that new software and fire it up, the sooner you can submit your bug reports and the sooner they will be fixed.

And if it's your own code that is having a problem you would also rather know about this sooner than later.

If your development environment won't handle multiple JDKs then you need a new development environment. You NEED to be testing with ALL of the shipping and supported JDKs if you actually have a real product that real people use.

Most of us developers have been testing with the JDK7 beta builds for quite some time now, so your "poor practice" remark seems even more odd.

Not just a malware trap (4, Interesting)

JoeMerchant (803320) | more than 3 years ago | (#36923916)

And I was only avoiding updating it because the last time our PCs were clamoring for Java updates it was actually a (well disguised) trojan.

The next thing Windows needs to add is a "don't bother me with this update" API where software vendors need to ask the OS permission before prompting the user for updates - and also allow preference settings like "don't install a damn desktop launch icon when you update" (looking at you Adobe.) Personally, I'd set my preferences to "don't tell me about updates until they are at least a month old." There is a balance to strike between getting the latest patches for security and waiting until a patch has proven itself in the wild.

Of course, we could all just stop using software from vendors who don't do these things voluntarily (like check for bugs before pushing an update, or making an easy to access preference for launch icon settings (hint: if I've deleted the last 12 of them, I likely don't want the 13th!) but the software that I'm talking about here is Java and Acrobat - kind of hard to get around the web without those.

Re:Not just a malware trap (1)

mark-t (151149) | more than 3 years ago | (#36924226)

When you see a popup alerting you to an update for software you actually have installed being available, the best thing to do is go directly to the company's website and update from there...

I learned a long time ago to never trust *ANY* popups.. regardless of what they appear to be from.

Re:Not just a malware trap (2)

CynicTheHedgehog (261139) | more than 3 years ago | (#36924256)

Perhaps a bit off-topic, but relevant to the OP...

In Linux everything I need comes from one or more trusted software repositories, and all of the updates are performed through the same tool in the same way, so I do not need to familiarize myself with the different update systems for different pieces of software.

In iOS everything is downloaded and installed through the app store, updates are similarly pushed through a single (presumably trusted) source. Same with Android and the various marketplaces and presumably with Windows-based smartphones. (Symbian and RIM aren't really in the game anymore, and it is likely related to this.)

So that leaves Mac OS X and Windows as really the only predominant platforms where you grab stuff from every which where and install it. And IIRC, even Mac OS X tries to consolidate the updates into a central tool (I remember Java and Adobe updates coming through the Mac OS X update tool).

I expect that this model will prevail and within 5 years the majority of software for any system (Windows included) will start coming through central repos (or "App Stores"). Linux has been there for over a decade, but hasn't got their act together with respect to branding, ease-of-use, and revenue sharing (Ubuntu is bridging that gap). So if we can get to a point where software is signed, or at least has a verifiable hash, and it all comes from the same trusted place, then a lot of these issues will be moot.

Re:Not just a malware trap (1)

Kitsuneymg (815431) | more than 3 years ago | (#36925312)

Mac OSX has the app store now.

Re:Not just a malware trap (0)

Anonymous Coward | more than 3 years ago | (#36924432)

but the software that I'm talking about here is Java and Acrobat - kind of hard to get around the web without those.

Huh? The only thing I've ever used Java for is literally Minecraft, and it's well known that a lot of the bugs that infest Minecraft are actually Java bugs. If it weren't for Minecraft, I'd have no reason to have Java installed at all.

I don't use Acrobat under Linux at all, since there are two dozen PDF readers for Linux. For Windows, there's always FoxIt.

You meant Flash, right? Yes, you lose out on a massive amount of content online without Flash.

But Java? I haven't seen a Java applet in five years, and the only one I can remember for the past decade was ported to Flash about five years ago.

OK, I'm pulling that five years figure out of my ass. I think it's closer to a decade, but let's give Java the benefit of the doubt and say five years anyway.

Not in the windows world (0)

Anonymous Coward | more than 3 years ago | (#36924868)

software vendors need to ask the OS permission before prompting the user for updates

That's not how it works in the windows world. Every windows software vendor has their own special install routine, their own special file locations and naming conventions, and their own special modifications to the registry. There is no standard convention, even through there is now supposed to be one. If a vendor can't find a valid technical reason to buck the system, they will do it simply because it can be done, or perhaps it offers a cheap way to make their product stand out.

If you want consistency and correctness in the packaging/installing system, where every software package is subject to the same rules and process, then you want a unix-based system. Car analogy: Windows package mangement is like driving in Singapore, where nobody follows the rules (or even knows what the rules are), horns are constantly honking for no apparent reason, people are getting cut off left and right, and cows are grazing on the highway. Unix package managment is more like riding the tomorrowland people mover in Disney World. Every car looks the same, goes the same speed, follows the same path, arrives on time, and never falls off the track. It's not quite as exciting, but excitement was never the goal.

Starbucks (0)

Anonymous Coward | more than 3 years ago | (#36923950)

I get my java only from a place that is evaluated by licensed inspectors: Starbucks. Why trust anyone else?

Larry Ellison can't hear you (2)

ThatsNotPudding (1045640) | more than 3 years ago | (#36923994)

over the seabreeze whipping past his yacht (not that he'd give a fsck about you, anyway).

Oracle DB (1)

roman_mir (125474) | more than 3 years ago | (#36924096)

So how often is this practice of releasing knowingly faulty software and not notifying the users is used to release other Oracle products, such as their database, weblogic, etc.etc?

Re:Oracle DB (0)

Anonymous Coward | more than 3 years ago | (#36924498)

The answer is yes. Always and frequently.

They key with Oracle is not to be an early adopter and let those suckers deal with all the shit software they release. Wait a year and it might be OK.

I have a weird love hate relationship with Oracle. I like their stuff when it works, but when it don't work, man it sucks.

Pity java is such a death trap. (0)

Anonymous Coward | more than 3 years ago | (#36924196)

Java is a awesome plugin and utility with hundreds of great uses in all kinds of devices but sadly java is a deathtrap in terms of trojans, malware and viruses because its always so shoddily slapped together. Only thing worse is acrobat.

Pity sun cant hire competant developers to make the software more secure and dependable.

I noticed a shipping bug too (1)

da5id (91814) | more than 3 years ago | (#36924244)

Except I called it the "it's still fucking Java" bug. That bug report didn't go over too well :P

Re:I noticed a shipping bug too (1)

VGPowerlord (621254) | more than 3 years ago | (#36924502)

Except I called it the "it's still fucking Java" bug. That bug report didn't go over too well :P

Brendan Eich didn't like it when I filed a similar bug about JavaScript. And yes, I know the two aren't related.

Oracle is a bug factory (1)

Anonymous Coward | more than 3 years ago | (#36924420)

You can see a lot of this kind of bugs on Oracle products which receive the seal of "ready for production". People who work with Oracle softwares are used with this situation. Here where I work we have several bugs filled and confirmed for products like Oracle Fusion Middleware 11.1.1.5, Oracle Identity Management 11.1.1.4 and many others.

I frankly believe that Oracle has serious issues with his Q&A team.

Re:Oracle is a bug factory (1)

srobring (577646) | more than 3 years ago | (#36924866)

The customers are Oracle's QA team.

God,talk about Sensitizing (0)

Anonymous Coward | more than 3 years ago | (#36924466)

There are a couple of flags for hotspot then enable/disable the relevant optimizations. You could, you know, just turn them off by flicking -XX:+OptimizeStringConcat and/or -XX:+AggressiveOpts

I can’t help feeling Apache are going for some cheap political point scoring here. It isn’t like the beta of Java 7 wasn’t publicly available for months.

7 days before the release?! (0)

Anonymous Coward | more than 3 years ago | (#36924522)

Java 7 has been in beta/RC/etc for a long, long time. I'm shocked such a fundamental issues(s -- there's also a nasty change that affects tokenization and may require a reindex once you upgrade) wasn't spotted sooner that 7 days prior to the official release...

God,talk about Sensitizing (0)

Anonymous Coward | more than 3 years ago | (#36924592)

There are a couple of flags for hotspot then enable/disable the relevant optimizations. You could, you know, just turn them off by flicking -XX:+OptimizeStringConcat or
-XX:+AggressiveOpts

I can’t help feeling Apache are going for some cheap political point scoring here. It isn’t like the beta of Java 7 wasn’t publicly available for months.

Re:God,talk about Sensitizing (4, Insightful)

thehossman (198379) | more than 3 years ago | (#36924794)

a) some of these bugs where filed months ago, and yet those hotspot "optimizations" are still on by default

b) it's true that some problems can be avoided by deliberately disabling these optimizations, but w/o raising big warning alarms to users, people aren't going to know they need to go out of their way to do that. For crash bugs, it may not be so bad -- they see the crash and google to find out why it crashed. For miss-evaluation of loops that can lead to silent data corruption it's a different story -- how would users ever know that they need to disable those options if developers don't yell and holler from the roof tops?

Bug? (2)

roc97007 (608802) | more than 3 years ago | (#36924706)

> This bug affects several Apache projects directly — Apache Lucene Core

So... from Oracle's standpoint, it's a feature?

Re:Bug? (0)

Anonymous Coward | more than 3 years ago | (#36925180)

> This bug affects several Apache projects directly — Apache Lucene Core

So... from Oracle's standpoint, it's a feature?

Bingo

Re:Bug? (2)

idontgno (624372) | more than 3 years ago | (#36925386)

Eerie. I thought I heard someone chanting something over by Redwood City. It sounded like "Java's ain't done til Apache won't run!"

The bug is called "Java" (1)

djp928 (516044) | more than 3 years ago | (#36925406)

And unfortunately it infects many, many computers.

Can anybody honestly tell me why people still develop in Java? It's nothing but a gigantic pain in the ass. And why does each new version of the JVM break programs written for previous versions? Is there no backwards compatibility at all??

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?