LWJGL 3.0.0 Released

Subject: General Tech | June 4, 2016 - 09:29 PM |
Tagged: Java, lwjgl, vulkan

Don't be confused by the date on the LWJGL post -- its release date was June 3rd, as mentioned later in the thread, not February 27th. It looks like they disabled edit timestamps. Regardless, Lightweight Java Game Library (LWJGL) 3.0.0 was just released, which is a library that binds Java code to APIs that are, normally, not directly accessible through that platform.

To be clear: LWJGL is not a library like, say, Qt, which simplifies common tasks into classes. Its goal is to connect you to whatever API you need, and otherwise leave you alone. Unless you're the type who wants full control over everything, or you're actually making a framework yourself, you will want to use existing frameworks, engines, and/or middleware for your projects. The advantage, of course, is that these frameworks, engines, and middleware now have access to newer APIs, and can justify deprecating old features.

java-logo.png

This release adds Vulkan support, which will provide a high-performance (and high-efficiency) base to abstract many other graphics and GPU compute tasks on. DirectX 12 and Vulkan are still being worked on, as an industry, but its mechanism is theoretically better, especially with multiple threads (and multiple graphics devices). They basically add a graphics layer to a GPU compute-style API, basing everything on lists of commands that start and end wherever the host code desires.

While Java has been taking a massive hit in public opinion lately, it is still a good platform for some applications. Gaming seems to having a resurgence of native APIs, especially with “AAA” engines becoming available to the general public, but more frameworks isn't a bad thing.

Source: LWJGL

Java Browser Plug-in Soon Killed Off by Oracle

Subject: General Tech | January 30, 2016 - 07:05 PM |
Tagged: web browser, web, shockwave flash, shockwave director, oracle, Java

After decades of semi-ubiquitous usage, Oracle has announced plans to stop providing the Java plug-in for web browsers. It will still be available in the upcoming Java 9 platform, but classified as a deprecated feature.

ie-wheeee-dead.jpg

This has nothing to do with JavaScript, which is a scripting language that web browsers use. JavaScript is not a plug-in, and it's very secure in terms of the machine the browsers run on. Pretty much all exploits that we see either trick the user to download and run a program, have them disclose sensitive information (passwords, identity, etc.) to the wrong people, try to make the browser impossible to use until it is shut down and restarted, or launch a plug-in that is the actual problem. The joke is “Java is to JavaScript as Car is to Carpet” -- but that's not true: cars often have carpets.

Java, Shockwave Director, and Shockwave Flash filled in a huge gap in Web standards during the late 90s and early 2000s. Plug-ins were about the only way to access files, per-pixel 2D animation functions, and even access to 3D graphics hardware. Web browsers can do almost all of that now, albeit file input and output is limited to individual files, because you don't want every website to be able to read and write files (and site-specific data lockers with APIs like IndexedDB and Web Storage) on the user's hard drive without the user's explicit control.

As such, browsers are trying to kill off native plug-ins. This could be a problem for games like Battlefield 3 and 4, which (Update Jan 30th @ 7:51pm: Used to... it's apparently been a while. Thanks wileecyte in the comments.) require plug-ins to launch the native application, but the browser vendors have been expressing their desires for quite some time. Even companies that are heavily invested in plug-ins for their products, like Oracle, are finally giving up.

Source: Ars Technica

Google Switching to OpenJDK in Android N

Subject: Mobile | December 30, 2015 - 11:09 PM |
Tagged: Android, oracle, google, Java, openjdk

The Android ecosystem was built atop a Java-like framework, although a native development kit was added later. Oracle, current owner of the Java copyrights and trademarks, was not too happy with this. The two companies, Google and Oracle, were in a legal battle for the last three-and-a-half years. The courts have not ruled overwhelmingly in favor of either side.

OpenJDK_logo.png

Google is now replacing their implementation with one that is derived from OpenJDK. Officially, this is so Google has more say in how the language evolves. This would also circumvent all legal issues, because OpenJDK is supported by Oracle, but Google is not commenting on that advantage. They are in an ongoing legal battle, so that is not surprising. It wouldn't immunize them from damages that are ruled for existing products. Changing now only limits the number of products that infringe, if it is eventually ruled illegal, and remove an awkward gap where nothing is legal until a fix is implemented.

From a performance and feature standpoint, the two JDKs are supposedly equivalent nowadays.

Source: VentureBeat

Java Releases Patch Addressing Vulnerability Used By McRat Trojan

Subject: General Tech | March 5, 2013 - 06:26 AM |
Tagged: security, patch, mcrat trojan, Java, exploit

Java developer Oracle recently released a patch to its Java Platform Standard Edition client to address two exploits used by attackers to install the McRAT trojan onto users machines. Specifically, Oracle is issuing the patch for vulnerabilities CVE-2013-1493 and CVE-2013-0809.

Java Logo.jpg

 

The vulnerabilities were related to Java running in a web browser. When users visit a malicious web site with vulnerable versions of Java installed, attackers are able to remote execute the McRAT trojan. That trojan was subsequently used to download additional malware to further compromise the machines in question. According to Oracle, the vulnerability was first discovered on February 1st, 2013 but did not make it in time to be rolled into that month’s scheduled update. As a result, Oracle slated it for inclusion in the Java platform update on April 16, 2013, but reconsidered after seeing exploits using these vulnerabilities in the wild. While servers and standalone Java installations are not affected, consumers will need to apply the patch via Java SE’s automatic updater or by manually installing the patch from this page. Currently, all Java SE versions prior to this patch are affected, including JDK and JRE 7 Update 15, 6 Update 41, and 5.0 Update 40 (or earlier).

Oracle states that the patch is a critically important update, and users should update as soon as possible. If you have not already applied the update (or given up on Java and uninstalled it completely--heh), start up Java and check for updates to grab the patch.

Source: Oracle

Java Vulnerability Exposed OS X Machines To Flashback Trojan

Subject: General Tech | April 5, 2012 - 10:47 PM |
Tagged: apple, OS X, Java, trojan, flashback, botnet

Recently, word of a java bug that allowed malware -- namely a trojan known as “Flashback” -- to sneak onto OS X machines started making its way around the Internet. This piece of malicious code even managed to get its claws into Apple’s OS X operating system. Bit-Tech reports that a Russian anti-virus company known as Dr.Web has identified more than 550,000 OS X computers as taking part in a botnet -- a network of computers executing malicious code in unison, which can be used to DDoS websites, assist in harvesting information, and recruit new members to the nefarious network.

Apple Macbook Air 11 Inch.png

Located primarily in the United States, Canada, and the UK the Flashback trojan infected a number of computers and granted immediate access to the attackers. They estimate 56.6% of the infected computers were located in the US while 19.8% were in Canada and 12.8% where stationed int he UK. This makes for a very widespread infection, and it has taken Apple a few weeks to push out a patch.

If you are reading this on a Mac, don’t panic. Be sure to apply the recent Apple update, and double check that your Java version you are running is Java 6 update 31. Even if you are on a Windows machine, make sure you are using the latest version of Java to keep you as secure as possible. Identifying if you are already affected is a bit tricky, but Digital Trends has posted instructions on how to find out if you are infected and provided links to several methods of virtual bug spray to get rid of the malware.

While this does not suddenly mean OS X is a buggy wasteland full of vulnerabilities as some articles have suggested, it is a gentle (and rather horrid for those that are infected) reminder to be safe out there on the Internet and that a little anti-virus combined with safe browsing habits can go a long way to keeping you safe whether you are a Windows, Mac, or Linux user. Even if it is AV that you only run every now and then and doesn’t run all the time, it can provide a bit of piece of mind by letting you know your system is clean. Also, if you have to use Java, keep it updated along with all your other programs.

Source: Bit-Tech