Subject: General Tech | January 25, 2019 - 12:55 PM | Jeremy Hellstrom
Tagged: steganography, Java, security, ios, VeryMal
If you are interested in how VeryMal works, The Register has a good write up here.
Here is some more Tech News from around the web:
- Intel reports 13% revenues growth for 2018 @ DigiTime
- Facebook to combine Instagram, WhatsApp and Messenger @ The Inquirer
- Nintendo throws out Metroid Prime 4 work, restarts with Retro Studios @ Ars Technica
- More money than sense? Turn your iPhone into a spoon with the Kickstarter nobody asked for @ The Inquirer
- Hole-punch, foldable screens rising as new handset designs @ DigiTimes
- Intel Is Working On A Vulkan Overlay Layer, Inspired By Gallium3D HUD @ Slashdot
- You're an admin! You're an admin! You're all admins, thanks to this Microsoft Exchange zero-day and exploit @ The Register
- Windows Server 2019 vs. Linux vs. FreeBSD Gigabit & 10GbE Networking Performance @ Phoronix
- Sprint subscribers: What do your updated iPhone and Tonga have in common? Both are cut off from the world @ The Register
Subject: General Tech | November 30, 2017 - 12:21 PM | Jeremy Hellstrom
Tagged: security, Java, cryptocurrency
Here is some more Tech News from around the web:
- Rubies Are a 3D Printer’s Best Friend @ Hack a Day
- Physicists Made An Unprecedented 53 Qubit Quantum Simulator @ Slashdot
- Can't wait for 5G? Don't then, Gigabit LTE will be around for ages @ The Register
- The End of Abandondroid? Treble might rescue Google from OTA Hell @ The Register
- Arozzi Verona V2 Gaming Chair @ TechPowerUp
Subject: General Tech | June 4, 2016 - 09:29 PM | Scott Michaud
Tagged: Java, lwjgl, vulkan
Don't be confused by the date on the LWJGL post -- its release date was June 3rd, as mentioned later in the thread, not February 27th. It looks like they disabled edit timestamps. Regardless, Lightweight Java Game Library (LWJGL) 3.0.0 was just released, which is a library that binds Java code to APIs that are, normally, not directly accessible through that platform.
To be clear: LWJGL is not a library like, say, Qt, which simplifies common tasks into classes. Its goal is to connect you to whatever API you need, and otherwise leave you alone. Unless you're the type who wants full control over everything, or you're actually making a framework yourself, you will want to use existing frameworks, engines, and/or middleware for your projects. The advantage, of course, is that these frameworks, engines, and middleware now have access to newer APIs, and can justify deprecating old features.
This release adds Vulkan support, which will provide a high-performance (and high-efficiency) base to abstract many other graphics and GPU compute tasks on. DirectX 12 and Vulkan are still being worked on, as an industry, but its mechanism is theoretically better, especially with multiple threads (and multiple graphics devices). They basically add a graphics layer to a GPU compute-style API, basing everything on lists of commands that start and end wherever the host code desires.
While Java has been taking a massive hit in public opinion lately, it is still a good platform for some applications. Gaming seems to having a resurgence of native APIs, especially with “AAA” engines becoming available to the general public, but more frameworks isn't a bad thing.
Subject: General Tech | January 30, 2016 - 07:05 PM | Scott Michaud
Tagged: web browser, web, shockwave flash, shockwave director, oracle, Java
After decades of semi-ubiquitous usage, Oracle has announced plans to stop providing the Java plug-in for web browsers. It will still be available in the upcoming Java 9 platform, but classified as a deprecated feature.
Java, Shockwave Director, and Shockwave Flash filled in a huge gap in Web standards during the late 90s and early 2000s. Plug-ins were about the only way to access files, per-pixel 2D animation functions, and even access to 3D graphics hardware. Web browsers can do almost all of that now, albeit file input and output is limited to individual files, because you don't want every website to be able to read and write files (and site-specific data lockers with APIs like IndexedDB and Web Storage) on the user's hard drive without the user's explicit control.
As such, browsers are trying to kill off native plug-ins. This could be a problem for games like Battlefield 3 and 4, which (Update Jan 30th @ 7:51pm: Used to... it's apparently been a while. Thanks wileecyte in the comments.) require plug-ins to launch the native application, but the browser vendors have been expressing their desires for quite some time. Even companies that are heavily invested in plug-ins for their products, like Oracle, are finally giving up.
Subject: Mobile | December 30, 2015 - 11:09 PM | Scott Michaud
Tagged: Android, oracle, google, Java, openjdk
The Android ecosystem was built atop a Java-like framework, although a native development kit was added later. Oracle, current owner of the Java copyrights and trademarks, was not too happy with this. The two companies, Google and Oracle, were in a legal battle for the last three-and-a-half years. The courts have not ruled overwhelmingly in favor of either side.
Google is now replacing their implementation with one that is derived from OpenJDK. Officially, this is so Google has more say in how the language evolves. This would also circumvent all legal issues, because OpenJDK is supported by Oracle, but Google is not commenting on that advantage. They are in an ongoing legal battle, so that is not surprising. It wouldn't immunize them from damages that are ruled for existing products. Changing now only limits the number of products that infringe, if it is eventually ruled illegal, and remove an awkward gap where nothing is legal until a fix is implemented.
From a performance and feature standpoint, the two JDKs are supposedly equivalent nowadays.
Subject: General Tech | March 5, 2013 - 06:26 AM | Tim Verry
Tagged: security, patch, mcrat trojan, Java, exploit
Java developer Oracle recently released a patch to its Java Platform Standard Edition client to address two exploits used by attackers to install the McRAT trojan onto users machines. Specifically, Oracle is issuing the patch for vulnerabilities CVE-2013-1493 and CVE-2013-0809.
The vulnerabilities were related to Java running in a web browser. When users visit a malicious web site with vulnerable versions of Java installed, attackers are able to remote execute the McRAT trojan. That trojan was subsequently used to download additional malware to further compromise the machines in question. According to Oracle, the vulnerability was first discovered on February 1st, 2013 but did not make it in time to be rolled into that month’s scheduled update. As a result, Oracle slated it for inclusion in the Java platform update on April 16, 2013, but reconsidered after seeing exploits using these vulnerabilities in the wild. While servers and standalone Java installations are not affected, consumers will need to apply the patch via Java SE’s automatic updater or by manually installing the patch from this page. Currently, all Java SE versions prior to this patch are affected, including JDK and JRE 7 Update 15, 6 Update 41, and 5.0 Update 40 (or earlier).
Oracle states that the patch is a critically important update, and users should update as soon as possible. If you have not already applied the update (or given up on Java and uninstalled it completely--heh), start up Java and check for updates to grab the patch.
Subject: General Tech | April 5, 2012 - 10:47 PM | Tim Verry
Tagged: apple, OS X, Java, trojan, flashback, botnet
Recently, word of a java bug that allowed malware -- namely a trojan known as “Flashback” -- to sneak onto OS X machines started making its way around the Internet. This piece of malicious code even managed to get its claws into Apple’s OS X operating system. Bit-Tech reports that a Russian anti-virus company known as Dr.Web has identified more than 550,000 OS X computers as taking part in a botnet -- a network of computers executing malicious code in unison, which can be used to DDoS websites, assist in harvesting information, and recruit new members to the nefarious network.
Located primarily in the United States, Canada, and the UK the Flashback trojan infected a number of computers and granted immediate access to the attackers. They estimate 56.6% of the infected computers were located in the US while 19.8% were in Canada and 12.8% where stationed int he UK. This makes for a very widespread infection, and it has taken Apple a few weeks to push out a patch.
If you are reading this on a Mac, don’t panic. Be sure to apply the recent Apple update, and double check that your Java version you are running is Java 6 update 31. Even if you are on a Windows machine, make sure you are using the latest version of Java to keep you as secure as possible. Identifying if you are already affected is a bit tricky, but Digital Trends has posted instructions on how to find out if you are infected and provided links to several methods of virtual bug spray to get rid of the malware.
While this does not suddenly mean OS X is a buggy wasteland full of vulnerabilities as some articles have suggested, it is a gentle (and rather horrid for those that are infected) reminder to be safe out there on the Internet and that a little anti-virus combined with safe browsing habits can go a long way to keeping you safe whether you are a Windows, Mac, or Linux user. Even if it is AV that you only run every now and then and doesn’t run all the time, it can provide a bit of piece of mind by letting you know your system is clean. Also, if you have to use Java, keep it updated along with all your other programs.