hypnosec writes "Just yesterday Apple released updates to fix Java vulnerabilities, but it seems the patch doesn't actually target the recently discovered high-profile Java bug that has been the talk of the web during the last two weeks. The two updates – Java for OS X 2012-005 for OS X Lion and Java for Mac OS X 10.6 Update 10 for Mountain Lion, are meant to tackle the vulnerability described in CVE-2012-0547. But according to KerbsOnSecurity, it seems Cupertino hasn't addressed the recent mega-vulnerabilities in Java as described in CVE-2012-4681." Update: 09/07 12:00 GMT by S : As readers have pointed out, these updates address flaws in Java 6, which is the version Apple maintains. The recently-reported Java vulnerabilities primarily affect Java 7, the patching of which is handled solely by Oracle. Nothing to see here.

First time accepted submitter WIn5t0n writes "Just a day after the alleged leak of 12million Apple UDID's, both Apple and FBI have denied the story that Anonymous, a global hacking community, gained access to the files by hacking into an FBI laptop through a Java vulnerability. Earlier this morning the FBI claimed that, even though the agent cited in Anonymous's story is an actual FBI operative, neither he nor anyone else in the agency has or has had access to Apple device information. This afternoon Apple followed up on the FBI's statement, with an unidentified Apple representative claiming that, 'The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization.' It should also be noted that while the hackers claim to have accessed 12 million UDID's, only 1 million were publicly released. The Apple representative who made the previous statements also said that, 'Apple has replaced the types of identifiers the hackers appear to have gotten and will be discontinuing their use.' Even though neither Anonymous nor the FBI/APPLE will admit where the data actually came from, it does appear that at least some of the leaked UDID's are legit and can be tied back to current, privately owned devices. So far no information besides the devices UDID, DevToken ID, and device name has been released, however the original hackers claimed that some devices were tied to details as exact as phone numbers and billing addresses."

Orome1 writes "A file containing a million and one record sets containing Apple Unique Device Identifiers (UDIDs) and some other general information about the devices has been made available online by Anonymous hackers following an alleged breach of an FBI computer. 'During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,' the hackers claim." Update: 09/04 13:44 GMT by T : A piece at SlashCloud points out that if the leak is genuine, this raises some sticky questions about privacy and security; in particular: "[H]ow did the agency obtain said information, and to what purpose? Why did all that personal data reside on the laptop of one special agent?"

PCM2 writes "The Register reports that Security Explorations' Adam Gowdiak says there is still an exploitable vulnerability in the Java SE 7 Update 7 that Oracle shipped as an emergency patch yesterday. 'As in the case of the earlier vulnerabilities, Gowdiak says, this flaw allows an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.'"

First time accepted submitter JavaBear writes "Oracle have just released the u7 release of their Java 7. From the article: 'In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem. In the past week, a new vulnerability was unveiled in Oracle's Java 7 runtime, which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet."

dutchwhizzman writes "Polish security researcher Adam Gowdiak submitted bug reports months ago for the current Java 7 zero-day exploit that's wreaking havoc all over the Internet. It seems that Oracle can't — or won't? — take such reports seriously. Is it really time to ditch Oracle's Java and go for an open source VM?"

tsu doh nimh writes "A new exploit for a zero-day vulnerability in Oracle's Java JRE version 7 and above is making the rounds. A Metasploit module is now available to attack the flaw, and word in the underground is that it will soon be incorporated into BlackHole, a widely used browser exploit pack. KrebsOnSecurity.com talked to the BlackHole developer, who said the Java exploit would be worth at least $100,000 if sold privately. Instead, this vulnerability appears to have been first spotted in targeted/espionage attacks that used the exploit to drop the remote control malware Poison Ivy, according to experts from Deep End Research. Because Oracle has put Java on a quarterly patch cycle, and the next cycle is not scheduled until October, experts have devised and are selectively releasing an unofficial patch for the flaw."

Trailrunner7 writes "The Windows version of the Crisis Trojan is able to sneak onto VMware implementations, making it possibly the first malware to target such virtual machines. It also has found a way to spread to Windows Mobile devices. Samples of Crisis, also called Morcut, were first discovered about a month ago targeting Mac machines running various versions of OS X. The Trojan spies on users by intercepting e-mail and instant messenger exchanges and eavesdropping on webcam conversations. Launching as a Java archive (JAR) file made to look like an Adobe Flash Installer, Crisis scans an infected machine and drops an OS-specific executable to open a backdoor and monitor activity. This week, researchers also discovered W32.Crisis was capable of infecting VMware virtual machines and Windows Mobile devices."

An anonymous reader writes "Today the source code to the Rootbeer GPU Compiler was released as open source on github. This work allows for a developer to use almost any Java code on the GPU. It is free, open source and highly tested. Rootbeer is the most full featured translator to convert Java Bytecode to CUDA. It allows arbitrary graphs of objects to be serialized to the GPU and the GPU kernel to be written in Java." Rootbeer is the work of Syracuse University instructor Phil Pratt-Szeliga.

theodp writes "Back in the day, getting traction for a new programming language was next to impossible. First, one needed a textbook publishing deal. Then, one needed a critical mass of CS profs across the country to convince their departments that your language was worth teaching at the university level. And after that, one still needed a critical mass of students to agree it was worth spending their time and tuition to learn your language. Which probably meant that one needed a critical mass of corporations to agree they wanted their employees to use your language. It was a tall order that took years if one was lucky, and only some languages — FORTRAN, PL/I, C, Java, and Python come to mind — managed to succeed on all of these fronts. But that was then, this is now. Whip up some online materials, and you can kiss your textbook publishing worries goodbye. Manage to convince just one of the new Super Profs at Udacity or Coursera to teach your programming language, and they can reach 160,000 students with just one free, not-for-credit course. And even if the elite Profs turn up their nose at your creation, upstarts like Khan Academy or Code Academy can also deliver staggering numbers of students in a short time. In theory, widespread adoption of a new programming language could be achieved in weeks instead of years or decades, piquing employers' interest. So, could we be on the verge of a programming language renaissance? Or will the status quo somehow manage to triumph?"

jfruh writes "One of the odder moments during the Oracle v. Google trial over Java patents came when patent blogger Florian Mueller disclosed that he had a 'consulting relationship' with Oracle. Now it looks like we're going to find out which other tech bloggers and journalists were on the payroll of one of the two sides in this epic fight. Judge William Alsup has ordered (PDF) that both parties disclose 'all authors, journalists, commentators or bloggers who have reported or commented on any issues in this case and who have received money (other than normal subscription fees) from the party or its counsel during the pendency of this action.'"

The Mars Science Laboratory, a.k.a. Curiosity, is now less than an hour from touchdown on Mars. It's scheduled to land at 1:31 AM EDT (0531 UTC). The landing will be monitored by the Odyssey orbiter, which will be the data relay between Curiosity and Earth. The Mars Reconnaissance Orbiter will be listening to Curiosity as well (yes — two of our probes orbiting another world will be watching a third). While Odyssey will be giving us close to real-time updates (as close as possible, given the 14-minute time delay), MRO's data will take a bit longer to be processed and evaluated. NASA is broadcasting from the JPL mission room right now. If you'd like to watch a pretty awesome graphical visualization of the mission, check out eyes.nasa.gov. If you'd like to play around with a Java app showing Mars-local times and seasons, check out Mars24. If you'd like to watch unofficial coverage, Bad Astronomer Phil Plait and a bunch of other astronomers are hosting a public Google Hangout. If you'd like to read a detailed explanation of the landing, checkout NASA's press kit (PDF), and there's also a post about what to expect when the rover starts sending pictures back to Earth, which will be about two hours after the rover lands. Good luck to everyone involved! We'll update this post when we get word on the landing.
Update: 08/06 05:33 GMT by S : Curiosity is on the ground! Everything looks nominal, and everybody at JPL is cheering. Congratulations, folks. They're continuing to receive telemetry from Odyssey, and the connection is strong. They've now received the first images back from Mars of Curiosity on the ground. A press briefing is scheduled in a little bit (2:15AM EDT, 0615 UTC), and several more throughout the day as more data comes back.

An anonymous reader writes "Ex-Sun employees did what Sun/Oracle failed to do since the iPhone launched. They brought Java to iOS and other mobile devices. They are getting major coverage from Forbes, DDJ, hacker news and others. They are taking a unique approach of combining a Swing-like API with a open source and SaaS based solution."

phaedrus5001 writes with this quote from Ars: "Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform. The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the user's computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform."

mikejuk writes "Although the TIOBE Index has its shortcomings, the finding that Objective-C has overtaken C++ is reiterated in the open source Transparent Language Popularity Index. The reason is, of course, that Objective-C is the language you have to use to create iOS applications — and as iPads and iPhones have risen in popularity, so has Objective-C. If you look at the raw charts then you can see that C++ has been in decline since about 2005 and Objective-C has shot up to overtake it with amazing growth. But the two charts are on different scales: if you plot both on the same chart, you can see that rather than rocketing up, Objective-C has just crawled its way past, and it is as much to do with the decline of C++. It simply hasn't reached the popularity of C++ in its heyday before 2005. However the real story is that C, a raw machine independent assembler-like language, with no pretense to be object oriented or sophisticated, has beaten all three of the object oriented heavy weights — Java, C++ and Objective C. Yes C is number one (and a close second in the transparent index)."

An anonymous reader writes in with a Wired story about the problems caused by the leap second last night. "Reddit, Mozilla, and possibly many other web outfits experienced brief technical problems on Saturday evening, when software underpinning their online operations choked on the “leap second” that was added to the world’s atomic clocks. On Saturday, at midnight Greenwich Mean Time, as June turned into July, the Earth’s official time keepers held their clocks back by a single second in order to keep them in sync with the planet’s daily rotation, and according to reports from across the web, some of the net’s fundamental software platforms — including the Linux operating system and the Java application platform — were unable to cope with the extra second."

First time accepted submitter MtownNaylor writes "I graduated high school two days ago and am currently enrolled to attend college for studying Computer Science. I spent last summer working as a contractor, programming in Java doing work for a single company. I am looking to further either my career, my education, or both this summer. The problem is that I have found it difficult to find summer employment or internships programming for a multitude of reasons (lack of opportunities, lack of experience, lack of degree.) So what is a high school graduate who wants to work as a programmer to do?"

An anonymous reader writes "Will Microsoft take advantage of .NET's Java-like CIL and allow .NET code to run on Windows 8, or force developers to switch to HTML5 Metro apps instead for porting apps to Windows 8? This article brings up important insights into both paradigms' advantages and disadvantages, and even correlates the options with Microsoft's past NT-era support of MIPS and PPC, as well as Windows CE's way of supporting embedded architectures."

New submitter SouthSeaDragon writes "I'm a computer professional who has performed most of the functions that could be expected over a 39 year career, including hardware maintenance and repair, sitting on a 800 support line, developing a help desk application from the ground up (terminal-based), writing a software manual, plus developing and teaching software courses. In recent years, I've worked for computer software vendors doing pre-sales support generally for infrastructure products including applications, app servers, integration with Java based messaging and ESB product and most recently a Business Rules product. I was laid off recently due to a restructuring and am now trying to figure out the next phase. With the WIA displaced worker grants now available I am attempting to figure out what training would be good to pursue. I am hearing that 'the Cloud' is the next big thing, but I'm also looking into increasing my development skills with a current language. I wonder what the readers might suggest for new directions."

CWmike writes "Oracle CEO Larry Ellison declared the company is ready to offer 'the most comprehensive cloud on the planet Earth,' during a webcast event on Wednesday. 'It's been a long time coming,' Ellison said of the Oracle Public Cloud, which encompasses Oracle's suite of Fusion Applications delivered as both SaaS (software as a service) and PaaS (platform as a service) features, including the Java Cloud Service and Database Cloud Service. It's also the home of Oracle Social Network, the company's foray into Facebook-like collaboration tools for enterprises. Wednesday's event — and Twitter (where his first tweet is a gem) — also provided Ellison with an opportunity to tout what he called Oracle Public Cloud's many advantages over rivals such as SAP and Salesforce.com, as well as to engage in some of his traditional competitive trash talk."