java

A post about searching a software developer on LinkedIn that didn’t go as planned

I was and still am in need of a freelance Android developer with experience in Java. After trying all other possibilities (my own network) I decided to post the job on LinkedIn. Due to the special requirements of the project, I needed a very close and good cooperation between myself, the customer and the developer. For this reason, I asked in my post on LinkedIn to be contacted by freelancers in the CET +/- 2 Timezone. Now, if you look on a map, this means approximately until Turkey in East and Portugal in West. I did not mention restrictions on nations because I have no prejudices with whom I work. I work now and have worked in the past with people from all around the world and I can really work with anybody. I published it on Thursday the 18.2.2021, on Friday I closed the comments, and finally I erased it on Saturday 20.2.2021 in the evening.   Let’s have a closer look on the post.   I wrote specifically : I need an experienced freelancer PM me only if you meet this requirement… “Companies are excluded”, because I want to build a long-term relationship with that person.    Let’s…


Hey, UniFi, why Java? Or “The Best way to destroy customer trust”

I am using at home Unifi to extend my WiFi through two access points. I am writing this post as a user who paid good money for these devices and feels betraid and left alone in the dark by Unifi. While installing the Unifi Controller on  new machine, I am prompted to install Java. I am forwarded on this page: https://www.java.com/en/download/win10.jsp     Of course, I know that Oracle changed licensing. Yes, this is supposed to be free for personal use. But I don’t like to support this concept, as I personally think that Java should be free for all. So, I tried to install OpenJDK, which is free to use for everybody: https://jdk.java.net/java-se-ri/14 And here started the problems: there is just a ZIP archive on that website. Sooooo, then I googled which environment variables are installed and I set all of them manually. That is a challenge itself, as the OJDK doesn’t seem to come with the required JAR files. Unfortunately, the Unifi Controller refuses to detect the OpenJDK. Then I started to google again on how to use Unifi with OpenJDK: Here As I was assuming, a lot of people are asking the very same thing. It appears…


JavaScript vs. Java

JavaScript and Java are similar in some ways but fundamentally different in some others. The JavaScript language resembles Java but does not have Java’s static typing and strong type checking. JavaScript follows most Java expression syntax, naming conventions and basic control-flow constructs which was the reason why it was renamed from LiveScript to JavaScript. In contrast to Java’s compile-time system of classes built by declarations, JavaScript supports a runtime system based on a small number of data types representing numeric, Boolean, and string values. JavaScript has a prototype-based object model instead of the more common class-based object model. The prototype-based model provides dynamic inheritance; that is, what is inherited can vary for individual objects. JavaScript also supports functions without any special declarative requirements. Functions can be properties of objects, executing as loosely typed methods. JavaScript is a very free-form language compared to Java. You do not have to declare all variables, classes, and methods. You do not have to be concerned with whether methods are public, private, or protected, and you do not have to implement interfaces. Variables, parameters, and function return types are not explicitly typed. Java is a class-based programming language designed for fast execution and type safety….


Microsoft EMET has a problem with Java – but who doesn’t ?

EMET stands for Enhanced Mitigation Experience Toolkit – and it is a tool that you MUST have installed on your Windows PC. EMET is a utility that helps prevent vulnerabilities in software from being successfully exploited.EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform. For more information about EMET, click the following article number to view the article in the Microsoft Knowledge Base: 2458544 The Enhanced Mitigation Experience Toolkit When EMET mitigations are applied to certain software or certain kinds of software, compatibility issues may occur because the protected software behaves similarly to how an exploit would behave. This article describes the kind of software that usually presents compatibility issues with EMET’s mitigations and a list of products that exhibited compatibility issues with one or more of the mitigations that are offered by EMET.   Java and EMET While I was installing a software that was needing JAVA, EMET popped up several time with an error: EMET version…


No Image

The sad state of Java security

I wrote many times about Java, their vulnerabilities, how to disable it… Just search in this blog for the term Java.         I’ve been asked many times why do I think that we are seeing these zero day vulnerabilities. The problem The problem of Oracle is that they bought a technology that was stretched out to be actually “write once, run everywhere”. The Virtual Machine that provides this functionality had to be ported to all devices, and lately (in the past few years) also on mobile devices. As written in the news, even if the “run everywhere” meant initially “run on every platform” – so cross platform, this concept has been now extended to actually run on platforms used by mobile devices as well (ubiquitous computing). The difference between updating and upgrading is a matter of interpretation by the implementer. Usually, the term update means to improve an existing version by fixing bugs or adding minor functionality. The main functionality, supported platforms and the interface remain the same in an update. An upgrade, on the contrary, might change the interface, add completely new features, remove old features, add or remove support for new or old platforms. Depending on the product…


No Image

More quotes of me about the Java zero-day exploit

“Developing critical software under pressure has only one consequence — even more bugs,” said Avira data security expert Sorin Mustaca. “I expect to soon see even more bugs and vulnerabilities related to this quick fix.”   http://www.linuxinsider.com/story/77079.html http://www.technewsworld.com/story/77079.html http://www.torontotelegraph.com/index.php/sid/211938962/scat/ebc9d7769bc0759e http://www.ecommercetimes.com/story/security/77079.html http://www.macworld.com/article/2025137/security-agency-recommends-disabling-java-due-to-exploit.html http://www.csoonline.com/article/726380/us-cert-disable-java-in-browsers-because-of-exploit http://www.cio.com/article/726307/US_CERT_Disable_Java_in_browsers_because_of_exploit http://www.computerworld.com/s/article/9235615/US_CERT_Disable_Java_in_browsers_because_of_exploit http://www.businesswire.com/news/home/20130114005440/en/Avira-Security-Software-Detects-Java-7-Exploits http://www.latinospost.com/articles/9642/20130115/java-flaw-patch-now-available-download-experts.htm     OMG.. my blog posts start to sound like those of Bruce Schneier : full of links where I am quoted … 🙂


No Image

Quoted in Oracle Journal about the Java zero day exploit

Source: http://oracle.sys-con.com/node/2510668 Avira Security Software Detects Java 7 Exploits   “Whenever a vulnerability like this is discovered – especially when it is in a widely distributed software like Java – the bad guys are quick to write exploits that take advantage of the flaw,” said Sorin Mustaca, IT security expert at Avira. “While Oracle ultimately needs to patch Java, in the meantime we can at least prevent our customers from falling victim to the exploits.”  


No Image

Articles about Java zero-day exploit

http://www.technewsworld.com/story/77079.html Oracle rushed out a patch for a Java flaw that was so serious the U.S. government advised users to uninstall the software. The fix might have come too quickly, however. “Developing critical software under pressure has only one consequence — even more bugs,” said Avira data security expert Sorin Mustaca. “I expect to soon see even more bugs and vulnerabilities related to this quick fix.”     http://www.mercurynews.com/business/ci_22371381/java-flaw-still-worries-some-experts-despite-fix “This is definitely a temporary fix,” said Sorin Mustaca, a data security expert with Avira, a German-based company that sells anti-virus software. “If you do a fix under a lot of pressure and very, very fast, then only one thing will happen: more vulnerabilities. So, for me, this is just the rain before the storm. I think it will get worse, it will get much worse.”


No Image

Another Strange bundle or did Sun and Yahoo merge ?

I was prompted today to update the Java framework on my laptop. I said, yes, update it and then I’ve seen the picture below: So, I ask, what the hack has Yahoo to do with Sun ? Why a stupid, useless and nerving toolbar is being installed with the Java framework ? Did Sun buy Yahoo or Yahoo did buy Sun ? No So why ? Of course, I am an ideologist and don’t accept the obvious answer: for money which Yahoo paid to Sun.


No Image

The power of money … or WTF has Java to do with Yahoo ?!

Immediately after I started my laptop today, I got a popup announcing me that I have to install a Java update. Well, knowing that it has vulnerabilities, I said… OK, do it. And then I continued to work … After a couple of seconds, I see the following popup : So, now the legitimate question: Why am I offered to get that damn toolbar ( I HATE toolbars !!!!) only because I wanted to update Java. What has Java (or Sun ) to do with Yahoo ? I think that nothing else than … money. I guess Yahoo pays a lot of money to Java to bundle their sh** toolbar. And what makes me really mad is the fact that it is by default installed. A user who does nothing else than click Next -> Next… will automatically install it. I consider this practice as bad as Adware and Spyware. Bad boys… Yahoo and even worse Sun !!! Shame on you !!!


%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close