Oracle CEO Larry Ellison didn't make it to his own keynote at this year's OpenWorld conference. (He was seen hanging out by the San Francisco Bay watching some boats.) But his redoubtable EVP of product development, Thomas Kurian, pitched in to announce a major expansion of the company's cloud services that will include Oracle Database as a Service (DaaS), Oracle Java as a Service and Oracle Infrastructure as a Service (IaaS).
Oracle unveiled its first public cloud at last year's conference. The Platform-as-a-Service (PaaS) offering is an enterprise cloud service designed to run Oracle apps, middleware and database products in a self-service, subscription-based, elastically scalable system. Currently, 21.5 million users of that PaaS complete 19 billion transactions a day across more than 10,000 companies in 180 companies in 34 languages, Kurian said. Oracle also announced a new enterprise social platform last year, which Kurian said is currently used by 900. The company is building on those systems with its new suite of cloud platform services, he said.
"This suite of platform services gives you great agility," he said. "It allows you to have a platform to extend your applications, and you also have a platform that can change the way you use and consume IT resources."
Kurian described the new Oracle DaaS this way: "It's taking the world's best database and making it available in the cloud." Now available as a preview, the DaaS is a dedicated instance of the Oracle DB running on a pre-configured Oracle VM image. The customer will have full administrative control of the database, and the system provides support for any database application, language, and connection method.
Oracle's new Java-as-a-Service offering, also in preview, is a dedicated WebLogic cluster or clusters running on an Oracle VM image. It's designed to provide an environment for developing and deploying Java applications, and the company says it supports any Java app. Oracle provides what it calls "flexible administrative control" of the app server, but also provides automated and simplified patching, backup and recovery, cloning and other lifecycle operations.
Oracle's IaaS is a general purpose compute and storage services designed to support any application and to give users greater flexibility and administrative control. It's an elastic compute service that is compatible with OpenStack Nova and provides virtual CPUs "to which Oracle Virtual Assembly Builder assemblies and Oracle VM templates may be deployed," the company said. It provides elastic block storage in the form of direct attached, network attached, or DBMS-backed storage that is fully persistent and portable between Oracle Cloud services. It also supports object storage for a range of the company's cloud services, and it's compatible with OpenStack Swift to support Java and REST APIs.
"One great thing about our cloud," Kurian said, "[is that] there's nothing proprietary about it," Kurian said. "If you want to extend our applications, you can do it 100 percent in Java. If you don't like Java, you can do it in Ruby. We don't require you to use our programming language or a language that only runs in the Oracle cloud to extent your applications."
Kurian said his company would soon be offering other cloud services, including a Business Intelligence Cloud designed to allow users to analyze data in the Oracle Database Cloud, a Documents Cloud that supports file sharing and collaboration, a Mobile Cloud for building mobile apps, and a Cloud Marketplace "where partners can publish applications and customers can find new solutions."
"It's not that we have more stuff than anybody else," Kurian said. "It's that our stuff is amazingly capable."
Lots of people attending the keynote were not happy about Ellison's absence, and the audience dwindled throughout Kurian's presentation. One attendee who asked not to be identified summed up the negative sentiment: "We spent a lot of money to be here; the least [Ellison] could do is show up." Some news organizations reported the CEO's absence as a "PR disaster." One called the keynote a "snubnote;" another called OpenWorld "SnubWorld."
For those who spend $2,600+ per attendee, not counting travel and hotel expenses, to attend the conference, these are fair criticisms… to a point. With all due respect to the man, Ellison isn't Steve Jobs, so what did attendees really miss? The timing sucked, but Oracle Team USA was thrashing it out with New Zealand that day -- and then they went on to stage one of the greatest comebacks in sports history to win the America's Cup and, as Forbes reporter Daniel Fisher put it, "change sailing forever."
Be honest: Where would you have been?
Posted by John K. Waters on 09/26/2013 at 11:52 AM0 comments
I've been saying in this blog for a while now that it's a great time to be a developer, but it's nice to hear that notion echoed from someone like IBM distinguished engineer John Duimovich.
Duimovich, who serves as Big Blue's Java CTO, spoke on Sunday in San Francisco at the annual JavaOne kickoff keynote. IBM is focusing on the developer this year, Duimovich told attendees, by sending 28 "engineers of all ranks" to present 28 talks, and limiting the marketing team to...one. (He had the guy wave from the audience.)
"Our developers are taking over the show for the week," Duimovich said.
Duimovich, who has trod the keynote stage at JavaOne for several years in a row and is IBM's go-to guy on Java, has some specific ideas about why the developer's star is rising. The title of his talk offers a clue: "Java Flies in Blue Skies and Open Clouds."
"This is a great time to be a developer," he said. "You've got languages, frameworks, tools, new things like social coding. These are all things developers need to develop great applications." But even more important, they have the cloud and platform-as-a-service (PaaS), which gives developers a way to take their good ideas, pack them up, test them, and deploy them worldwide, sometimes within a day. "This is how cloud is changing the landscape for developers," he added.
"These are things that we invest in to make a better stack for developers," he said.
Duimovich offered a big list of open technologies in which IBM currently invests, including two new cloud-based technologies: OpenStack and Cloud Foundry, new ecosystems around the open cloud, which is the next "really big thing that's going to happen for developers."
OpenStack is made up of several interrelated projects focused on delivering various components for a cloud infrastructure solution. As the community Web site describes it, the project aims to deliver "solutions for all types of clouds by being simple to implement, massively scalable, and feature rich." More than 180 companies participate in the OpenStack project, including AMD, Cisco, Citrix, Dell, HP, Intel and Microsoft.
Cloud Foundry is one of the first open PaaS offerings. Earlier this month, IBM announced that it would be contributing its WebSphere Liberty Buildpacks to the platform. Buildpacks, which lie at the core of Cloud Foundry, are the build-time adapters originally introduced by Heroku via Cedar, a general-purpose stack with no native language support. The IBM version started from a fork of the Cloud Foundry Java Buildpack code.
The IBM WebSphere Liberty Buildpack is a lightweight container for Java apps, available now for download. Although it's essentially a servlet container, Duimovich argues that it's more like a Java EE Web Profile. It's integrated with Eclipse tools and it's freely available to developers.
Duimovich also talked about "systems of engagement," a new type of app he described as user-centric and specifically targeted to support user workflow. These apps, which are typically mobile, bridge systems of record, social networks, and big data. And it's the cloud that makes them possible, he said.
IBM began experimenting with systems of engagement in June with BlueMix, an open cloud PaaS based on Cloud Foundry.
And it wouldn't be an IBM presentation without some hardware specs, which Duimovich had in abundance. But it wouldn't be the WatersWorks blog if I wrote about hardware.
Duimovich wrapped his presentation with a challenge to the assembled Java jocks.
"Java isn't done," he said. "Developers rule the world, but you've still got big challenges." Among those challenges: refining the cloud and virtualization; better management of "big everything," from big data to more threads and memory; the critical connection between software and security; and a continued focus on compatibility with a drive toward innovation.
As Duimovich pointed out, IBMers are leading several talks at this year's show. On Monday, IBM Fellow Rod Smith is speaking on cloud computing, and chief architect of IBM's Mobile First Platform group Greg Truty is speaking on the effect of mobile on enterprise developers. Keep an eye out for more.
And if you see Duimovich, tell him what you think of Java. He wants you to.
Posted by John K. Waters on 09/23/2013 at 10:14 AM0 comments
Think DevOps is still just a buzzword? The recently published results of a survey of 1,300 senior IT decision makers might change your mind.
Commissioned by CA Technologies and published in the white paper, "TechInsights Report: What Smart Businesses Know about DevOps," the survey suggests that IT execs are taking the DevOps movement quite seriously, investing resources in developing DevOps strategies and seeing "concrete business benefits" from their efforts.
Market researchers at Vanson Bourne concluded that the survey shows tha,t "IT leaders recognize they must change how their organizations work to accelerate time to market, improve software quality, speed application development and meet growing customer demand. It also confirms that two-thirds of IT leaders are deploying new technologies, updating processes and collaborating across IT domains to implement DevOps and achieve these goals."
Thirty-nine percent of respondents reported DevOps strategies already adopted in their organizations, and 27 percent said they plan to adopt such a strategy. Only 18 percent said they had no plans to adopt DevOps.
But they also found that one in six IT decision-makers are actually unfamiliar with the term "DevOps," even though they may be implementing key elements of it. And there appears to be wide disagreement among respondents on how a DevOps strategy should be implemented.
The term "DevOps" found its way into the popular tech lexicon in 2009 and has evolved into an enterprise discipline that addresses the disconnect between what is traditionally considered software development activity and what is traditionally considered technology operations activity. It aims to smooth out the interaction among Dev, Ops, and QA within an enterprise to improve efficiencies and increase productivity.
The survey results strongly suggest that, as the paper's authors declare, "DevOps is real" -- specifically, that it is yielding improved business in the form of increased revenue, faster time-to-market, improved competitive positioning, and enhanced customer experience. Between 17 percent and 23 percent of respondents reported these improvements.
The "spectrum of tools and technologies" respondents reported using in their DevOps implementations included: IT automation (52 percent), agile development (47 percent), collaborative teaming between development and operations (45 percent), and parallel development technologies such as service virtualization (42 percent).
The core driver of current DevOps adoption in the enterprise, the researchers believe, is the need to satisfy customer demands. Respondents reported a range of concerns underlying that driver, including: greater collaboration among IT teams (47 percent); a greater need for simultaneous deployment across different platforms (41 percent); the increasing use of mobile devices, such as smartphones and tablets (35 percent); an increasingly complex IT infrastructure that is part physical, part virtualized, and part cloud (28 percent); and the need to reduce IT costs (16 percent)
"DevOps is evolving from the theoretical into an essential strategic approach for all businesses," said Shridhar Mittal, general manager of CA Technologies' Application Delivery group, in a statement. The report "paints a clear picture" of what companies can expect to gain by embracing the new strategy and transforming their IT organization."
The market researchers surveyed 1300 IT executives in financial services, healthcare, manufacturing, public sector and telecommunications in 21 countries. The respondents held the titles of IT executive, management, project lead, or enterprise architect in companies with revenues of $100 million or more. The survey was conducted between May and July 2013.
Posted by John K. Waters on 09/19/2013 at 10:52 AM0 comments
More than 25,000 people have earned certification under the Open Group's TOGAF 9 program, the group reported recently, marking a milestone for what has become a standard framework and method for enterprise architecture (EA).
Andrew Josey, director of standards for The Open Group, announced the milestone in his blog. The number of certifications, he wrote, was evidence of "a huge surge in the popularity of open standards over the last few years." He also credited the recent economic downturn.
"…Since the financial crisis began," he wrote, "open standards have helped by providing a framework that allows Enterprise Architects to save their companies money, maintain and increase profitability and drive business efficiencies. And, on a professional level, certification has helped Enterprise Architects to differentiate themselves, delivering better job security and employment prospects through testing times."
TOGAF, which stands for The Open Group Architecture Framework, is designed to provide organizations with a structured process for governing their implementations of technology, primarily software. It's based on the U.S. Department of Defense Technical Architecture Framework for Information Management (TAFIM), and was developed by a diverse group of member companies, including PG&E, Oracle, Rolls Royce and Microsoft. The first version was released in 1995, and TOGAF 9 was introduced in 2009.
"This framework is a synthesis of stuff that has worked for a lot of people in a lot of different contexts," Leonard Fehskens, the Open Group's vice president of skills and capabilities, told ADTmag in an earlier interview.
The Open Group certifies individuals, service providers, tools, and training around TOGAF. In 2006 about 1,000 people were TOGAF-certified; that number had grown to nearly 9,000 by the start of 2009.
Currently in version 9.1, TOGAF comes with a set of supporting tools, called the TOGAF Resource Base, but at its heart it is a description of a step-by-step approach to the process called the Architecture Development Method (ADM).
The certifications come in two flavors: "TOGAF 9 Foundation," which demonstrates knowledge of the terminology, structure, and basic concepts of TOGAF 9, as well as an understanding of the core principles of EA and the TOGAF standard; and "TOGAF 9 Certified," which validates an ability to analyze and apply the Foundation competencies.
The Open Group is a vendor- and technology-neutral consortium focused on open standards and "global interoperability within and between enterprises." The organization was formed from the merger of the Open Systems Foundation and XOpen in the mid-1990s. The group's initial focus was the development of Unix standards and certification of Unix implementations. Over time, as the members' concerns moved away from Unix as a strategy for multiplatform integration and into the realm of enterprise architecture, the group's activities and focus also shifted.
Posted on 09/09/2013 at 11:22 AM0 comments
Need more evidence that it's all about developers? This week Rackspace, the San Antonio, Texas-based cloud company and initiator of the open source OpenStack project, reached out to "developers, hackers, devops people, and makers of the digital age" with a discount program aimed at codederos operating in a marketplace full of choices.
The Developer Discount program, unveiled on Tuesday, offers devs new to Rackspace a $50-per-month discount for the service at sign up. The deal lasts for six months, doesn't rollover month to month and applies to data centers in both the U.S. and the U.K. The deal doesn't apply to the company Cloud Sites Web site hosting service or the Managed Cloud hosting services.
The company made the announcement in a blog post by the company's newish open-source community advocate, Jesse Noller, a long-time Python Programmer (he's a core developer of the language and serves on the Python Software Foundation board).
"The Developer Discount program makes it easy for you to chase something you feel passionate about and simply need a place to build and deploy it," Noller wrote. "Regardless of what you make, or want to make, we celebrate and encourage your creativity. That's why Rackspace is dedicated to making developer lives easier. It's what keeps us passionate about supporting collaborative open source projects and communities."
Yes, there's a lot of marketing slobber in there, but there's no mistaking the dev deference. You can also see it in Noller's personal blog post announcing his move to Rackspace in April, a company he noted offers "fanatical support for developers." His and the company goal, he added, was to "Strive to make Rackspace the place where every developer wants to work; make Rackspace services the ones that every developer wants to use. Work to make Rackspace's Open Source projects the best of breed solutions in their areas (such as OpenStack)."
Rackspace is a recognized leader in the cloud hosting market, but it's facing stiff competition these days, from big players like Amazon, Microsoft, Google and Oracle, and a growing list of smaller players, such as developer fav Digital Ocean. (Netcraft analyzes the "meteoric rise" of Digital Ocean on its Web site). And they'll need the hearts and minds of a lot of developers to keep their lead. That the company knows this is evident in the title of Noller's post: "Developer Love: Welcome to the Rackspace Cloud Developer Discount."
In a previous post I covered a panel of in-the-trenches start-up execs discussing the growing power of the developer. Great insights from some thoughtful people.
Posted by John K. Waters on 09/06/2013 at 3:54 PM0 comments
NewSQL database startup NuoDB this week released an update of its nascent distributed relational database. Code-named "Starlings," version 1.2 of the database includes support for new drivers, frameworks and SQL functions.
NewSQL is the scalable, high-performance SQL databases that is going head-to-head with NoSQL. It offers full support for SQL queries and ACID (Atomicity, Consistency, Isolation, and Durability) transactions, built on a key-value storage manager that persists data to the file system.
"What the NewSQL guys like us are saying is that the NoSQL guys threw the baby out with the bathwater," said Barry Morris, NuoDB co-founder (with Jim Starkey) and CEO. "Just because traditional SQL databases don't scale, that doesn't mean that SQL doesn't scale. It
means that the old designs don't scale."
"Imagine you have all the capabilities of a NoSQL database without having to get rid of SQL," he added. "That's what NewSQL is."
Headquartered in Cambridge, Mass., the company was founded two years ago. NuoDB 1.0 went GA in January 2013, and version 1.1 was released in May. The NewSQL database runs on Linux, Windows, and Mac, and developers can use Java, C++, Hibernate, JRuby, nodeJS, and PHP, with more support coming, Morris said. And it'll run on Amazon, Google or a local machine.
The emphasis here, and increasingly everywhere, is on scaling out, Morris said, not scaling up. "It's all about commodity data centers," he said. "It's much cheaper to buy a hundred thousand-dollar machines than it is to buy one gigantic, steam-belching machine. A single database running on a hundred commodity servers -- and we can scale out to that kind of number -- it can run on the order ten million transactions per second, so it's an extremely fast database system running on cheap machine, and dynamically."
This release comes with some SQL Explorer improvements, including a Schema Definition facility for defining new schemas, tables, columns, and keys with easy-to-use UI gestures; and support for multi-line statements in the query window. (SQL Explorer is Eclipse technology, a thin SQL client that allows you to query and browse any JDBC compliant database." There's also a preview of the Tungsten Replicator, a high-performance, open-source, data replication engine for MySQL. It supports live replication of a MySQL database to NuoDB, and running NuoDB side-by-side with MySQL. There's also an enhanced Python driver that "marries Python productivity and ease of programming with the simple elastic scale-out of NuoDB;" and exposes NuoDB management APIs to Python scripting environments.
Another preview in this release, an open-source DJango driver, aims to streamline application development in conjunction with NuoDB's scale-out architecture, and offer the benefits of Django's easy-to-use web application framework.
NuoDB v1.2 also comes with enhanced SQL math functions to make it easy to manipulate and understanding data. And it adds a tool for "straightforward" migration of MySQL applications. Look, too, for enhanced command line tools, including one that allows developers to import MySQL backups directly from mysqldump files when in mysql dialect mode, and improved formatting of screen output.
"From a developer perspective, what this all adds up to is the kind of ease-of-use that people like a lot," Morris said. "You can download this thing in about three minutes, and it's a three-click install. And you can develop things on your laptop and deployment somewhere else with no changes. No need to ask permission from the guys in the data center. No white coats or triplicate forms involved. Just use it."
NuoDB comes in three editions: a Pro edition, for commercial use on a pay-as-you-scale basis; a free-for-development edition; and a Cloud edition for Amazon's AWS. More information is available here.
Posted by John K. Waters on 08/07/2013 at 9:25 AM0 comments
The CEOs and co-founders of some young companies focused on working with developers gathered in San Francisco recently for a roundtable discussion about the evolving role of the coders they serve. The group included GitHub Co-Founder and CEO Tom Preston-Werner, Mixpanel Co-Founder and CEO Suhail Doshi, Stripe Co-Founder and President John Collison, and New Relic Founder and CEO Lew Cirne. The event was hosted at New Relic's soon-to-be-swanky new digs in San Francisco (they made the construction guys take five during the roundtable), and it was moderated by Google Developer Advocate Don Dodge.
Did I say "evolving role"? I should have said growing power, which was the thrust of the discussion entitled "The Developer is King: The Power Behind the Throne." I guess with all the press about Kate and Andrew's royal progeny the metaphor was in the zeitgeist. Needless to say, I didn't hear a lot of grousing about the increasingly public-facing and indispensable developer, but some thoughtful insights from some in-the-trenches execs who know who's buttering their bread.
Dodge, who's resume includes five startups and a five-year stint in developer relations at Microsoft, kicked off the discussion with the central question: Why have developers become so important?
Part of the answer to that question, said Cirne, is a growing focus among software vendors on increasing sales and customer retention with product improvements, a strategy that necessarily emphasizes technical expertise.
"Today companies have a higher proportion of their headcount and focus on product," Cirne said, "[because] you reach more customers, not by doubling the number of sales people, but by delivering stronger products. At the top of your company you have to have a passion for building something your customers care about."
Cirne, who has been credited with creating the Application Performance Management (APM) market, founded his software analytics company in 2008 (though he confessed that he started coding way back in the olden days of 1982). New Relic provides developers with an all-in-one web app performance management tool for the cloud. (Nice intro video on the Web site.)
For Preston-Werner, the rise of the developer is a direct consequence of the rise of the Internet. "The Internet is changing everything about what it means to be a developer," he said. "You can create and distribute products with basically no costs. You have this infrastructure that allows you to transmit info and products to your customers with zero overhead. So now you have the opportunity to create a great product that can sell itself if you have a good market. You're going to need salespeople at some point to help you reach a broader audience, but you can get started immediately."
Preston-Werner's company, GitHub, has become one of the world's most popular social coding sites. Developers love the Git distributed version-control system developed by Linus Torvalds, and GitHub has played no small role in the growth of that popularity. The service has also enjoyed endorsements from the likes of the Eclipse Foundation, which has begun to allow the hosting of its projects on GitHub to attract new and maturing projects.
Collison sees the roots of the developer-is-king trend in the growth of such developer communities. "Over the past few years the online developer community has been getting increasingly verbal, thanks to companies like GitHub, which amounts to a modern day version of a Home Brew Computer Club (where Apple founders Steve Jobs and Steve Wozniac met)," he said. "One of the advantages for all the companies here is that they nurture an ever growing audience...The developer communities are very close knit. If the product is good enough, the word gets out."
Collison also noted a preference among certain VCs for developer founders.
"Pitching Stripe was tricky," he said. "It's a way of accepting payments on the Internet… Well… that already exists, right? But when we actually walked them through all the steps people had to go through before Stripe, and then showed them Stripe in action, they really understood it. I think investors want to find technical founders to invest in."
Preston-Werner agreed: "You need company founders who understand technology, who speak the same language as developers. And the more you have developers starting companies because it's easy and cheap, the more you need that kind of technical skill in a general partner."
Dodge pointed out that platforms shifts -- mainframes to minicomputers to PCs to the Internet and lately to mobile -- have been cited by industry watchers as another reason developers have become so important. "[E]very time there's a platform shift there are ten times as many developers, and the developer community also grows," he said. "There are hundreds of times more developers [now] than there were mainframe developers."
"In a sense, Stripe was the child of a platform shift," Collison said. "You had all these new kinds of things happening on the web, and people wanting to run businesses on the web, and companies that were not fundamentally not set up for that. It wasn't that companies were deliberately trying to make anything complex. They were operating in a completely different frame of reference. We build from the ground up for the web."
Developers are not only more important than ever to an enormous range of organizations, but they continue to be a very tough crowd to please, added Cirne.
"Their BS meters are incredibly sensitive," he said. "And that means that we're on the hook every day to deliver on whatever we're claiming. Developers also have this instinct, if you haven't guessed already, to ask, 'I wonder how hard it would be to build myself?' It holds us accountable for building quality products, as opposed to having a quality pitch or sales process."
"The only way to convince a developer is by giving them a demo and showing them how its better," said Preston-Werner. "The beauty is, you plant these seeds around the world, and those people will evangelize it for you. Because another thing that developers are great at is telling other developers what works for them.
But the rise of the developer may have simply been inevitable, said Doshi, because of the inherent power of the skillset in a software-centric world.
"Being a developer makes you feel like you've got a superpower," he said. "That's because you can think about something in the world that you want to build, and then you can go and build it. The reason the developer has become so important and valuable is [because] it feels limitless in terms of what your potential can be. You find that you can make this huge impact by building software. Then you get together with five or six other people with super powers and you're like the Avengers. And you go and do something great for the world. You go and build a Google or a GitHub."
Posted by John K. Waters on 07/29/2013 at 10:53 AM4 comments
Bit9 released a report last week underscoring the ongoing security risk to the enterprise posed by outdated versions of Java still up and running on company machines -- versions of the platform with vanishing support and known and easily exploitable vulnerabilities.
Bit9 sifted its own data on more than a million end points to assemble the report. It found that, among those end points with Java installed, more than 80 percent are currently running Java 6. That version reached the end of public support in April. Though Oracle customers with long-term support contracts continue to receive security updates for Java 6, most of the company's efforts to strengthen security have been focused on Java 7. The Bit9 researchers found that only 15 percent of the endpoints were running Java 7 -- and only 1 percent of those had installed Java 7 update 21 (the latest secure version at the time of the study).
Also, according to the report ("Java Vulnerabilities Report: Write Once, Pwn Anywhere"), 42 percent of the endpoints are running more than one version of Java, and 20 percent are running more than two versions. And 5 percent of the organizations analyzed had 100 or more distinct Java versions installed in their environments.
Why are so many endpoints running multiple versions of Java? Because the Java installation and update process often does not remove the older, vulnerable versions, observed Bit9 CTO Harry Sverdlove.
"IT administrators have essentially been lied to for 15 years," Sverdlove said in a video posted with the report. "They have been told that to protect themselves from the latest security vulnerabilities they should apply updates and apply them frequently. But for many years applying updates to Java left the older versions still present...Attackers are able to use those older versions."
Jerome Segura, senior security researcher at anti-malware solutions provider Malwarebytes, agrees. "Oracle advises its users to remove old versions [of Java], but does not automatically do it for various reasons," Segura said. "In some enterprises, old Java versions are required for backwards compatibility."
"Remember the saying 'never change a running system'?" said Sorin Mustaca, product manager and IT security expert at German security solutions provider Avira. "That's exactly what is happening out there. Ten or fifteen years ago, when many of those applications were written, there was no danger of hackers [doing] pen-testing on them with the only purpose of discovering vulnerabilities that can get exploited. Now we have this danger and Oracle sees itself in front of a big problem, which has many faces."
But even organizations running the latest version of Java are often not on top of their updates. In March, Websense published a report on its investigation of active Java versions running on tens of millions of endpoints. It found that 93 percent of users had not patched to the most recent version of Java. Like Bit9, the Websense researchers also found that enterprises have been slow to apply Java 7 update 21.
"This is not a new issue, of course," said Julien Sobrier, senior security researcher at Zscaler. "Java is an old technology and it has been running on many devices for many years. It's has always been a struggle to keep it up to date."
It may not be a new problem, but it is a serious one, said Brian Gorenc, manager of vulnerability research in Hewlett-Packard's Security Research organization. Gorenc runs the Zero Day Initiative, the world's largest vendor-agnostic bug bounty program.
"Those older versions of Java can have a lot of security flaws, which are actively targeted by attackers" Gorenc said. "You see it in the advanced exploits. They're verifying which versions of Java are running, and then targeting the older versions if they're installed. A company might think they're doing the right thing by updating their Java installations, but in reality they still have versions of Java 6 out there running on older patch levels, which means they still have the attack surface from Java 6."
Creators of exploit kits, which are marketed and sold to malicious hackers, regard older Java bugs as highly valuable, Gorenc said, and are still used to compromise machines.
"The best advice here is nothing new," Gorenc added. "Organizations need to know what software is running on their systems, what attack surface that software exposes, and how to use risk-management tools to properly address the reality of their situation."
Posted by John K. Waters on 07/24/2013 at 10:53 AM1 comments
Oracle has unveiled a summer campaign that includes a series of programs and activities for Java developers "and aspiring developers around the world." Dubbed "Make the Future Java," the campaign comprises webinars, new (and not-so-new) technical videos, a tool kit for Java User Group (JUG) leaders, a "Make the Future Java Global Celebration" Web site, and live events taking place in 47 countries.
Oracle says more than 100 Java-related events are scheduled as part of the campaign, which culminates with the annual JavaOne conference, scheduled for June 22-26 in San Francisco. JavaOne Shanghai takes place later this month (July 22 to 26) in China.
"This is really an aggregation of several important announcements and campaigns that do amount to a summer push and an effective way of getting the word out," said IDC analyst Al Hilwa. "This is a fun campaign and the Java community will love seeing some marketing go towards Java."
Oracle's Vice President of Development Cameron Purdy banged the Java drum loudly in the company's announcement. "Oracle is committed to, not only driving Java platform enhancements and technical innovations through collaboration with the Java community, but also, providing developers with the tools and resources they need to implement the latest releases," Purdy said.
Purdy pointed to the Make the Future Java EE 7 Tool Kit, which JUG leaders can order online, as an example of Oracle's commitment to the Java community. The kits include both technical and promotional resources ranging from a Java EE 7 technical presentation with speaker notes and a hands on lab with step-by-step instructions that speed up the creation of three-tier, end-to-end Java EE applications, to a Java flag (with portable stand) and "License to Code, Make the Future Java" entertainment video "celebrating the triumph of Java over evil."
The program also includes a Future of Java Summer Workshop, with which the company hopes to "inspire students' love of technology and computer science, and spark the next generation of Java innovation." The workshop is aimed at 13-18 year olds with an interest in Java programming, and will be staffed by Oracle Academy members and supported by Carnegie Mellon computer science professors. Oracle Academy, a group within the company focused on industry-related education, is set to host a three-day, in-person workshop from July 30 to August 1st at Oracle's Redwood Shores, CA, headquarters.
But the workshop will also rely on "Alice," a free 3D programming environment for animated story telling, playing an interactive game, or videos to share on the Web. The company is also making Greenfoot and BlueJ tools and tutorials available to workshop participants.
With the Make the Future Java Global Celebration Web site, Oracle is attempting to provide a new forum for Java community members to promote their Java EE 7 events and to "engage with the worldwide community" by sharing videos, contributing blog content, Tweets (#javaee7) and Facebook photos.
"It is useful to remind the world every now and then how important Java is in the enterprise," Hilwa added. "I also love the claim being made [by Oracle] that 80 percent of mobile developers target Java, because even though Java is widely deployed in the embedded space, you can't dismiss the importance of the Android mobile platform to the continued relevance of Java in the smartphone world."
Posted by John K. Waters on 07/10/2013 at 10:53 AM1 comments