Oracle and ARM team up to optimise embedded Java

Oracle and ARM have linked a multi-year partnership, in which the two companies will aim to optimise the Java programming language for ARM processors.

The effort will mainly focus on delivering improving throughput and greater scalability on ARM’s multi-core systems. The duo will further optimise Java SE for ARM 32-bit embedded platforms as well as adding Java support for ARMv8 64-bit multi-core systems, which are focused on server and network infrastructure specifically. Boot-up performance, power saving and library optimisation are all targeted as areas to improve in addition.

In recent months, Oracle has sounded out its intentions in seeing Java become an important language in the burgeoning machine-to-machine marketplace. Buddying up with ARM, whose energy-efficient processors are already present in embedded servers, could help Oracle get a foot in the door with Java.

Henrik Stahl, vice president of Java Product Management at Oracle, commented in a press release that “the long-standing relationship” between the two had enabled their technology to be “deployed across a broad spectrum of products.”

Collaboration between the two began in 1996, when ARM helped port JavaOS to their own architecture. ARM have taken an active role in recent months on the Java Community Process Executive Committee, helping steer Java technology in the embedded markets.

“The industry has reached a significant inflection point as enterprise infrastructure, including servers and network routers, is now able to leverage high-performance, energy-efficient ARM technology,” said Ian Drew, chief marketing officer and executive vice president of Business Development at ARM.

“A diverse, optimized software ecosystem must be in place to support these systems. This extended relationship with Oracle to enhance Java SE is an important step in growing the ARM ecosystem, which is enabling businesses and consumers worldwide to discover new levels of energy efficiency and advanced performance.“

The announcement comes right at the same time Oracle has made a renewed embedded push, releasing Java ME Embedded Version 3.3 at JavaOne Shangai, which includes ports to Raspberry Pi and the Keil boards for the first time.

More Java versions on endpoints and More risks for enterprises

According to the result of Bito research ,Java is a significant security risk to enterprises because it is the endpoint technology most targeted by cyber attacks,

Company's threat research team observed Java deployment statistics on approximately 1 million endpoints at hundreds of enterprises worldwide, and identified most of risks due to outdated versions of Java with many known vulnerabilities that remain widely deployed by many businesses.

Among the things discovered are that:

Most organizations has more than 50 versions of Java installed across all of its endpoints.
  5 %  of those enterprises have more than 100 versions of Java installed.
    Most of the endpoints have multiple versions of Java installed, in part because the Java installation and update process often does not remove old versions.
    Attackers can easily determine what versions of Java an enterprise is running and target the oldest, most vulnerable versions.
    The popular version of Java running on more endpoints analyzed by Bit9 is version 6 update, which is present on 9 percent of all systems and has 96 known vulnerabilities of the highest severity.
 And also Less than 1 percent of enterprises are running the latest version of Java.

“For the last 15 years or so, IT administrators have been under the misperception that updating Java would address its security issues."

They have been told that to improve security, they should continuously deploy Java updates on all of their endpoints. But in real they need to upgrade java not update, updating is not the same as upgrading. Until , those updates have failed to deliver the promised security upgrade because they have not removed older, highly intensed or vulnerable versions of Java they were intended to replace.

The company also found that it is fairly easy for attackers to target older versions of Java without the enterprise even realizing it. 82% percent of the analyzed endpoints are running the version 6 series of Java, which has the most known reported vulnerabilities.
Enterprise should concern about these old versions, if these are not used in their business then they should use a security check.

Expert says Oracle's latest Java 7 update,has some sandbox-bypass bugs.

After a week of Oracle's Java 7 update 11 to patch or mitigate two zero-day vulnerabilities in Java that were being actively exploited by attackers, expert Java bug hunter Adam Gowdiak of Security Explorations in Poland discovered two new insects in Java standard edition.

"We have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 (JRE version 1.7.0_11-b21)," wrote expert Adam Gowdiak in a post to the Full Disclosure mailing list. As a result, any attacker who used the bugs would be able to craft malware that tapped the JRE, thus fully compromising a vulnerable system.

Moreover, the two newly discovered bugs have nothing to do with Oracle's partial patch of the "MBeanInstantiator" flaw. This was announced by Oracle via changing the default Java security setting from medium to high, which also requires that an unsigned Java Web apps be authorized by a user before being allowed to run.The "MBeanInstantiator bug (or rather a lack of a fix for it) turned out to be quite motivational for us," said Gowdiak. "But, instead of relying on this particular bug, we just decided to dig our own issues. So, two new security vulnerabilities (51 and 52) were spotted in a recent version of Java SE 7 code and they were reported to Oracle today (along with a working Proof of Concept code)."

Critical Patch Update

Oracle released Critical Patch Update .

This patch update includes 40 security fixes and 37 of which aimed at stopping attackers or hackers acessing software's remotely, without having userid or password.

The majority of security fixes only affect client side. This type of vulnerabilities are 34. According to Oracle's CVSS Rating Schema, some of the flaws rate as typicle, that gets the highest rating of 10.

Four vulnerabilities are able to have their impact on client and server, with the flaw reaches to CVSS  score 7.5.

And one vulnerability also fixed in latest updates affects the JAVA installer, but it can be exploited locally.

The last fix affects the Javadoc tool and any documents created by any of Oracle's software.

 In Javadoc versions 1.5 or other versions after that, there is a vulnerability in Javadoc created HTML files, which hosted on a web server, that allows hackers to inject  malicious frames into that web page. which will makes visitors to redirect to other sites through web browsers.

The security patch from oracle recently launches a new tool-"Java API Documentation Updater Tool"- that will fix already created and therefore vulnerable HTML files.

Oracle announces next date of launching the patches updates to 15 October 2013 and 14 January next year.

Java interview questions

Q.1 What is the difference b/w abstract class and interface?
Ans. If a class is, abstract class then there must  be its subclass, and also, if a class is abstract then this does not mean that its method must be abstract.
In interface, methods are only declared but not defined. By the help of interface, multiple inheritance can also be achieved.

Q.2 What is the purpose of garbage collection in java?
Ans. The only purpose of garbage collection , is to avail the space by removing those resources which are not used from a long time and the space obtained by removing them, is used for other objects.
System.gc();

Q.3 Describe synchronization in respect to multithreading?
Ans. With respect to multithreading, In Java, synchronization is the capability to control the access of multiple threads to shared resources. In Java, without synchronization, it is possible for one thread to modify a shared variable while another thread is in the process of using or updating same shared variable. That normally leads to significant errors.

Q.4 What are pass by value and pass by reference?
Ans. In pass by reference the address of parameter or variable is passed while in pass by value , only copy of parameter or variable is passed. for ex:- in C and C++, Call by value and Call by reference.

Q.5 How can we use threads?
Ans. Threads could be used by implementing Runnable interface.
ex: public class Thread implements Runnable
{
Public void run()
{
System.out.println(“show is called”);
}
Public static void main(String args[])
{
//////////
}
}

Oracle TZUpdater tool

The senior director of Oracle ,in product management of Java platform group, Henrik Stahl a recent press conference announced that they removed the TimeZone Updater Tool on March 8 from Oracle Technology network.

The company told that this is due to maintenance and also noted that this tool was only for Oracle Java SE  customers. TZUpdater tool allows an Oracle JDK/JRE users to bind their installation with the most recent time zone data.Because of which, It becomes very difficult to keep Time Zone Updater tool,to update time to time, He said.

Java Tutorial

It is intended to let application developers "write once, run anywhere" (WORA), meaning that code that runs on one platform does not need to be recompiled to run on another. Java applications are typically compiled to bytecode that can run on any Java Virtual Machine (JVM). Java is one of the most popular programming languages in use, particularly for client-server web applications, with a reported 10 million users. Java was originally developed by James Gosling at Sun Microsystem (which has since merged into Oracle Corporation) and released in 1995 as a core component of Sun Microsystems' Java Platform. The language derives much of its syntex from C and C++, but it has fewer low-level facilities than either of them.

Today's world is growing very fast, with the technology and the technology works on certain languages."JAVA" is one of the leading computer language used to develop mobile applications and software's as well, which also plays a  crucial role in all other apps used in phones.

Versions:-

Major release versions of Java, along with their release dates:

• JDK 1.0 (January 21, 1996)
• JDK 1.1 (February 19, 1997)
• J2SE 1.2 (December 8, 1998)
• J2SE 1.3 (May 8, 2000)
• J2SE 1.4 (February 6, 2002)
• J2SE 5.0 (September 30, 2004)
• Java SE 6 (December 11, 2006)
• Java SE 7 (July 28, 2011)

So everybody should learn a computer language.So without wasting time we should focus on JAVA.

1. The first question arises in mind is " what is java"?

• JAVA is a programming language, used to develop applications and software's as well.Most of us knows JAVA as "object oriented language" but there is a concept which prove this concept completely wrong.

• when we take a value in 'float' for example-float f=3.14;

• JVM always takes out round values, like in above example it will take only 3,but what about '.14'. It means some data may be lost ,so that's why i asked you that JAVA is not a "pure" object oriented language.

   2.    Then what is "JVM" and "JDK"?

• JVM i.e-Java Virtual Machine.  JVM is a compiler ,which takes byte code as an input. You will be surprised to know that every machine consists of JVM.On the other hand JDK i.e-Java Developement Kit. JDK converts the source code into byte code.we call this byte code because every instruction in the code after conversion would be of ONE byte.
• So we need a JDK to run our program, in Java.

      The traditional HELLO WORLD can be written in Java as:

        class HelloWorldApp {

 
             public static void main(String[] args) {
             System.out.println("Hello World!"); // Display the string.
              }
        } 

  3. Is Java follows OOP concepts?

• Yes, of course.Inheritance plays a vital role in java.Since it is used for 'reusability of code' ,it not only reduces code but also the time taken to complete the code.In Java "extends" is used to inherit the base class.for example;-

class A
{
void show()
{
System.out.println("show");
}
}
class B extends A
{
void display()
{
 System.out.println("display");
}
}
class One
{
public static void main(String args[])
{
B obj=new B();
obj.show();
}
}

PAC7RZHYVPEQ