Credits : Infoworld


JavaFX, Oracle’s 10-year-old rich client development technology for Java, will be decoupled from the Java Development Kit (JDK) and broken out into its own separate module.

Making JavaFX its own module will make it easier to adopt and clear the way for new contributors, Oracle said. The company added that with the faster release schedule being implemented for standard Java and the JDK, JavaFX needs to be on its own pace driven by contributions from Oracle and others in the OpenJFX community.
JavaFX will be removed from the Java JDK as of JDK 11, which is due in September 2018. It is bundled in the current JDK 9 and will remain in JDK 10, due this spring. Commercial support for JavaFX in JDK 8 will continue through at least 2022. Featuring a set of packages for graphics and media, JavaFX has been part of the JDK download since 2012.

JavaFX was introduced in May 2007 by Java founder Sun Microsystems in an attempt to bring Java to the forefront of rich client development for desktops and mobile devices, competing with Adobe Flash and Microsoft Silverlight. Oracle took control when it acquired Sun in 2010. The technology, which was open-sourced in 2011, has maintained a following but never really took the industry by storm. Like Silverlight and Flash Player, JavaFX receded to the background as developers looked to more standards-based technologies, particularly HTML5, to deliver rich internet applications.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Channelworld


The open source database company MariaDB is aggressively courting Oracle customers, offering more portability and ease of migration to help enterprises make the switch.

The open source database company MariaDB is aggressively courting Oracle customers, offering more portability and ease of migration to help enterprises make the switch.

MariaDB was developed by some of the original developers of the MySQL relational database, including Michael “Monty” Widenius, who jumped ship after MySQL was acquired by Oracle. It has always been developed as an open source ‘drop in’ replacement for MySQL.

Michael Howard, who worked at Oracle for four years between 1996-2000, has been CEO of MariaDB since December 2015.

Speaking on stage at MariaDB’s M18 user conference in New York last week, Howard acknowledged his experience in the proprietary technology world, and admitted that “it’s hard to change. Resistance is everywhere, inside or outside the organisation. The very complexity of migrating, the physical reality of them, the mastering of skills, the establishment of processes and the fear of mystery of the unknown.”

“If you do not change, you will be beholden to a company who doesn’t have your best interests in mind. I know this, I was there. You will pay 10 times more for that privilege,” he said.

Speaking to Computerworld UK, Howard added: “When we’re talking to Oracle customers, they’ve already made the decision to switch. We don’t go into a customer site to compete mano-a-mano on features; rather, there is a predisposition to change, and it usually begins with decisions regarding infrastructure, which for the most part, are based on open source or commodity technologies.

“For us, there are two important parts of the Oracle marketplace – the MySQL base and the Oracle Enterprise base. Typically, Oracle customers transition from MySQL to MariaDB first then they start addressing their proprietary and more complex environments as the conversation continues.”

He does, however, admit that certain customers still have doubts about open source.

“There is always skepticism when a company has never used open source, although that is more of an exception than a rule these days,” he said. “If you were to partition the world into those that embrace open source and those that are skeptical about it – it’s probably somewhere in the 95 percent range that wholeheartedly embrace it.

“For those companies, there are new things to be learned such as contracts that are different from proprietary models and the way in which companies relate to one another, which is collaborative versus being dictated to.”


MariaDB has recently been buoyed by a $54 million funding round which included Alibaba and the European Investment Bank.

Howard said during his keynote: “With these resources comes bigger expectations, we have to make it easier for global enterprises to be able to easily change and migrate.”

Ease of migration to MariaDB will always be a vital part of the company’s plans for growth, but Howard also spoke about “creating momentum” and “solving hard problems”. That last point links nicely with the announcement the company made on Monday that it was investing in a new set of labs with the aim of solving some of the industry’s hardest problems.

Read next: MariaDB launches innovation labs

Speaking about the latest release of MariaDB Server, version 10.3, Howard said it is vital the company continues to provide “portability and familiarity in terms of code, but also portability and familiarity in terms of skill sets.”

Channelling his inner Alanis Morissette, he added: “Isn’t it ironic that MariaDB is offering an Oracle compatibility layer when MySQL, a part of Oracle, doesn’t?

“Isn’t it ironic that Oracle Enterprise, MySQL’s bigger brother, provides data warehousing yet it is MariaDB that is delivering it to you, this community? They don’t want you to succeed with MySQL, they certainly don’t want MySQL to cannibalise things like Exadata.”

Autonomous database

Oracle, for its part, is focusing on machine learning and automation to help it hold off these new open source competitors. The company announced a new ‘self-driving’ database at its OpenWorld conference late last year, promising the “world’s first autonomous database”.

Howard isn’t concerned though. “It’s going to be more difficult for Oracle to fulfill the requirements of an autonomous database due to the severe complexity of the Oracle environment,” he said. “An autonomous database cannot exist if there are literally thousands of bugs that exist and even if the most qualified people have a hard time using it.

“I adore the notion of an autonomous database and I truly believe that MariaDB has a much better place to start than Oracle to live up to that expectation.”

What the customers say

Howard spoke about how the Development Bank of Singapore (DBS) has been “forklifting out Oracle Enterprise and moving transactional environments to MariaDB and they were the ones who collaborated and motivated us to build an Oracle compatibility layer.”

The bank has already moved 54 percent of critical applications to MariaDB and wants to run primarily on MariaDB by the middle of 2019. The bank is set to save $4.1 million in net savings over five years after initial investment by moving to the open source rival.

When Computerworld UK spoke to Peng Khim, head of technology and digital innovation at DBS, he explained that the bank had tried to move to a more scalable version of Oracle Enterprise but that it “doesn’t work” due to the development effort required and cost constraints of licences.

Similarly, US financial services company Financial Network spoke at M18 about the limitations of Oracle RAC for smaller, fast-growing organisations.

William Wood, director of database architecture at Financial Network, said: “Your Oracle licence is based by processor. That’s not very scalable from an economic, fiscal standpoint.”

“We can’t afford to upgrade hardware because we go from a quad-core processor to the latest and greatest that has 96 cores in a single CPU,” he said. “Can you imagine the cost of that at $47,500 per core? That is a big chunk of money.

“It’s astronomical just to get that licence. Then once you’re licensed you’re hit every year after for support and if you want to expand then you’re hit with more licensing, and some very interesting sales strategies.

“We are a small company, if we had to keep investing in Oracle we would eventually probably go out of business.”

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Newburghgazette


The announcement also marks the introduction of the first joint solution following McAfee’s acquisition of Cloud data security company Skyhigh Networks in November a year ago. Cybersecurity firm McAfee on Wednesday announced that its Cloud Security Platform will now protect Microsoft Azure and claimed to deliver the industry’s most extensive solution to secure Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) computing. Skyhigh now is part of McAfee’s cloud security business unit. Anand Ramanathan, McAfee’s vice president of product development, tells Channel Partners the latest security service for Azure creates “tremendous new opportunities” for McAfee’s partners. McAfee’s partners work with large multinational enterprises who have complex architectures in Azure. And these very customers will require a comprehensive cloud security solution to help them fulfill their end of cloud security’s shared responsibility model. McAfee’s solution is created to indicate security misconfigurations, with the ability to track “60 Azure security configurations across all Azure services”, according to McAfee. There are multiple aspects in securing cloud infrastructure that includes securing applications, users, hosts, storage and networks, Ramanathan said. CASBs are also used to control data access and prevent the uploading of sensitive data. This solution is created to check for threats in virtualized infrastructure and block them. These workloads are typically mission critical, and Microsoft’s service updates are aimed at making it easier to run them in Azure, which could motivate more customers to move their applications onto the tech titan’s cloud. Microsoft Corp. today announced a slew of new services and updates to its Azure public cloud platform created to make it easier for users to migrate database workloads to its cloud data centers. “The Azure cloud ensures we are best placed to make this happen and offer our customers robust technology on a secure and proven platform”. The McAfee Cloud Workload Security product became available for use with Azure earlier this year. “One of the biggest challenges for enterprise security teams today is that they’re using so many different cloud environments”, Gupta said. “At the same time, the adoption of cloud allows organizations to transform their business”. “We’re extending numerous security controls we have for AWS to Azure”, Rajiv Gupta, senior vice president of McAfee’s cloud security business unit and former CEO of Skyhigh, told SearchSecurity.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Infoq


In order to optimise the performance of their MySQL instances, LinkedIn has created a Query Analyzer tool in order to analyze and tune expensive queries. It runs on the network layer, stores everything within a centralized server, and provides a UI for users to analyze metrics.

LinkedIn runs a multitenant MySQL architecture. This is mainly due to having over 500 applications which are dependant on it, meaning that single tenancy would cause extremely high resource costs. The tradeoff to this approach means that queries from one application can negatively detriment the performance for another, which is why it is important for them to be able to understand and optimise them as much as possible.

The query analyzer is split into three components:

  1. Agent: Runs on the MySQL nodes and collects metrics about running queries and their performance.
  2. Centralized Server: Where all the data about queries is stored for reporting.
  3. UI: Sits on top of the server and provides a user-friendly means to analyze the data.

Karthik Apigatla, senior database engineer at LinkedIn, highlights its benefits as:

… allowing our database engineers to identify problematic queries at a single glance, to compare a week-over-week overlay of query activity, and to troubleshoot database slowdowns quickly and efficiently.

Originally, out of the box solutions such as MySQL Performance Schema and slow query log were considered, but they came with too much of a performance penalty when introduced. Unlike those tools, the Query Analyzer runs on the network layer, minimising any kind of performance hit to the instances.

The agent captures raw query packets and reconstructs the query using the MySQL protocols, and then calculates response times based on a time diff between when packets first enter the port and when they are first produced by the database response.

The UI provides a tabular view of distinct queries for hosts, allowing the user to filter by periods of time. Individual queries can also be selected, providing graphs and other useful metrics such as load and average time.

The tool also provides a query load metric which is calculated as ‘execution time * number of executions’. By taking this and converting it into a ratio, it can be compared against other queries to see which ones took the largest percentage of load. For example, even if a query takes a few milliseconds, the metric would still correctly report if it is running too many times, thus taking up the majority of the load.

LinkedIn has not laid out a specific timeline, but intends to open source the tool in the near future.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Bloomberg


Toyota Motor Corp. ans to spend $2.8 billion to make sure its system for writing self-driving vehicle software will be just as efficient as the factories that build its cars.

The company needs faster and more reliable methods for writing software because self-driving cars require “millions and millions” of lines of computer code, according to James Kuffner, who’ll lead the new effort. That compares with tens of thousands of lines of code in cars just a generation ago.

The Japanese automaker is seeking an edge over rival car giants as well as newcomers such as Alphabet Inc.’s Waymo as the industry charts a path toward self-driving vehicles. Kuffner said he plans to hire 1,000 programmers as soon as he can find them and is seeking to lure global talent.

“We’re not just doubling down but quadrupling down in terms of the budget,” Kuffner said in an interview. “We have nearly $4 billion to really have Toyota become a new mobility company that is world-class in software.”

For the effort, Toyota is setting up a new company in Tokyo with two of its suppliers. On Friday, Kuffner was named chief executive officer of the venture, called Toyota Research Institute-Advanced Development.

Robotics, AI

Toyota had already allocated $1 billion to start a free-standing unit called Toyota Research Institute in 2015 to study self-driving, robotics and artificial intelligence. Kuffner, 47, has been serving as chief technology officer for TRI, which now has about 250 employees. Before that, he was the leader of robotics and cloud computing research at Alphabet’s Google unit.

Toyota’s two biggest suppliers,Denso Corp. and Aisin Seiki Co., will invest in the new venture, each taking a 5 percent stake, the carmaker said.

Currently, Kuffner said teams of programmers work in isolation to solve portions of a big problem like self-driving and then spend “years and years” piecing their work together and testing it with AI and other tools. Toyota plans to streamline this process by validating each chunk of software as it’s written to make sure it’s robust enough for the cars and trucks that Toyota sells.

Kuffner compared the process he hopes to establish to the Toyota Production System, which achieved industry-leading quality and efficiency by requiring workers to shut down assembly lines rather than tolerate defects that need to be repaired later.

Coexisting With Coders

Jeff Liker, a University of Michigan engineering professor who’s authored several books on Toyota, said he’s a bit surprised by the company’s announcement. When Toyota launched TRI, the company was so determined to let Silicon Valley veterans like Kuffner chart their own course that they weren’t asked to adhere to Toyota Production System principles.

“They thought it might kill their creativity,” Liker said.

TRI and its offshoot’s full-throated embrace of the Toyota Production System shows the automaker’s executives are getting a better understanding of how software writers work, and learning how a traditional manufacturer can both help and benefit from them, Liker said.

2020 Olympics

Kuffner said he hopes to apply the new software system to the electric, fully self-driving  delivery vans that Toyota plans to showcase at the 2020 Tokyo Olympics, and to the increasingly sophisticated safety equipment Toyota is installing in vehicles on sale today.

The company recently introduced a Lexus LS 500 sedan that automatically initiates split-second steering and braking maneuvers after identifying a pedestrian in its path.

“The whole idea is, can we build a vehicle with highly-reliable software that is uncrashable, that will never be the cause of an accident,” Kuffner said.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : techworld


Developers have a vast array of programming languages to choose from. Node.js and PHP are both popular and powerful web development tools, but which one should you choose?

What is Node.js programming language?

Node.js is an open source, cross-platform run-time environment built on Chrome’s V8 JavaScript engine. It uses an event-driven, non-blocking I/O model which makes it lightweight and efficient.

The Node.js environment enables JavaScript users to deploy the language for server-side scripting, whilst also running scripts to produce dynamic web page content.

Node.js was written by Ryan Dahl in 2009, with the initial release developed to support Linux and Mac OS X. A build was then added to support Windows in 2011.

The average salary for a Javascript Developer is £62,500 as of January 2018, according to CW Jobs.

Pros of Node.js programming language

As Node.js is not the traditional programming language, but rather a runtime environment, it is easy to learn for both front and back-end developers.

Back-end Node.js programmers are likely to benefit from its efficiency, high speed, and high performance, plus code-sharing and the addition of free tools such as monitoring and debugging.

Node.js does not have strict conventions, which provides developers with the freedom to select the best architecture, design patterns, modules and features.

Cons of Node.js programming language

One of Node.js‘ main disadvantages is its lack of consistency, based on the API changes that regularly occur and that are often incompatible for back-end users.

As the environment is built in a single-threaded format, it minimises the efficient handling of CPU applications like editing graphics, audio and video files. There have also been complaints from developers who say Node.jsapplications tend to become unresponsive when processing large files.

Lastly, the open source ecosystem of Node.js means several of its tools appear unsupervised.

The modules, therefore, appear immature as they are either noticeably poor quality or have been documented incorrectly.

What is PHP programming language?

PHP is a server-side scripting language for web development, which can also be used as a general-purpose programming language.

The language can be embedded into HTML code, or used in combination with several web template systems, web content management systems, and web frameworks.

It was originally created by Rasmus Lerdorf in 1994; however, the PHP reference implementation is now produced by The PHP Group.

The average salary for a PHP Developer is £42,500 as of January 2018, according to CW Jobs.

 Pros of PHP programming language

As one of the most popular server-side scripting languages available, there are a selection of different built-in functions available on PHP, and a lot of the scripts run on different operating systems such as Windows and Unix-like.

PHP also offers a wide open source community that includes over 70,000 open source libraries to help developers build a dynamic web-based application.

Cons of PHP programming language

PHP needs global extensions, which requires bridges between the C code and PHP to be installed globally. It also requires modifying the global configuration file in order to make it accessible.

Some developers may also suggest that PHP lacks the quality to handle errors, and although it offers free debugging tools there are not many provided compared to other programming languages.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Infoworld


MySQL, the popular open-source database that’s a standard element in many web application stacks, has unveiled the first release candidate for version 8.0.

Features to be rolled out in MySQL 8.0 include:

First-class support for Unicode 9.0 out of the box.
Window functions and recursive SQL syntax, for queries that previously weren’t possible or would have been difficult to write.
Expanded support for native JSON data and document-store functionality.
[ From InfoWorld’s experts: What is SQL? The language of databases explained. | Database slow? Improve the speed and scalability of your RDBMS with these 21 rules for faster SQL queries. ]
With version 8.0, MySQL is jumping several versions in its numbering (from 5.5), due to 6.0 being nixed and 7.0 being reserved for the clustering version of MySQL.

MySQL 8.0’s expected release date
MySQL hasn’t committed to a release date for MySQL 8.0, by MySQL’s policy is “a new [general] release every 18-24 months.” The last general release was October 21, 2015, for MySQL 5.7, so MySQL 8.0’s production version is likely to come in October 2017.

MySQL 8.0’s road to standard Unicode
Moving to Unicode by default is arguably one of the biggest changes planned. MySQL has long had persistent, persnickety problems with Unicode. So, a long standing game plan for MySQL 8.0 was to fix as many of those lingering Unicode issues as possible.

MySQL 8.0 no longer uses latin1 as the default encoding, to discourage new users from choosing a troublesome legacy option. The recommended default character set for MySQL 8.0 is now utf8mb4, which is intended to be faster than the now-deprecated utf8mb3 character set and also to support more flexible collations and case sensitivity.

The improved Unicode will not only support non-Western character sets but the rise of emoji.

MySQL 8.0 gets current with window functions
Many other implementations of SQL support window functions, a way to perform aggregate calculations across multiple rows while still allowing access to the individual rows from the query. It’s possible to do this in MySQL without window function support in the database, but it’s cumbersome and slow. To overcome its window deficit, MySQL 8.0 adds window functions via the standard OVER SQL keyword, in much the same way it is implemented in competing products like PostgreSQL.

Another feature in the same vein, recursive common table expressions, lets you perform recursive operations as part of a query, without having to resort to cursors or other performance-sapping workarounds.

MySQL 8.0 works better with documents and JSON
With MySQL 5.7 came JSON support, to make MySQL competitive with NoSQL databases that use JSON natively. MySQL 8.0 expands JSON support with better performance, functions to allow extracting ranges from a JSON query (such as a “top N”-type request), and new aggregation functions that let MySQL-native structured data and semistructured JSON data be merged in a query.

Another improvement related to JSON involve MySQL’s document-store abilities. Reads and writes to MySQL’s document store are transactionally consistent, allowing rollback operations on changes to JSON data. Document data stored in the open GeoJSON format for geospatial data can be indexed, so you can search by proximity.

The other key features in MySQL 8.0
Other changes planned for MySQL 8.0 include:

More options for how to handle locked rows, via the SKIP LOCKED and NOWAIT keywords. SKIP LOCKED allows locked rows to be skipped during an operation; NOWAIT throws an error immediately on encountering a locked row.
MySQL can automatically scale to the total amount of memory available, to make the best possible use of virtual machine deployments.
Indexes can be manually excluded from the query optimizer via the “invisible index” feature. Indexes marked as invisible are kept up to date with changes to tables, but aren’t used to optimize queries. One suggested use for this is to nondestructively determine if a particular index needs to be kept or not.
Where to download MySQL 8.0
You can download the beta versions of MySQL 8.0 now for Windows, MacOS, several versions of Linux, FreeBSD, and Solaris; the source code is also available. Scroll down the downloads page and go to the Development Releases tab to get them.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Businesswire


NEW YORK & PARIS & NUREMBERG, Germany–(BUSINESS WIRE)–Embedded World–AdaCore, a trusted provider of software development and verification tools with headquarters in New York and Paris, today announced that Scandinavian Real Heart AB in Sweden is using a suite of AdaCore software solutions to develop reliable embedded software for its revolutionary Total Artificial Heart.

Scandinavian Real Heart’s Total Artificial Heart mimics the way that the natural heart functions to “save patients with heart failure, and give them a better quality of life than the alternatives that are available today,” said Fredrik Pahlm, Chief Technology Officer (CTO) and Project Manager at Scandinavian Real Heart.

Scandinavian Real Heart is in the final development phase of the heart pump’s motor control software, which is both complicated and truly unique in its ability to adjust to the patient’s blood pressure. Real Heart employs AdaCore software solutions throughout its end-to-end embedded software development workflow, including:

The GNAT Programming Studio (GPS) Integrated Development Environment (IDE) for designing, implementing, and managing applications that demand high reliability,
The SPARK Pro verification toolset based on formal methods and oriented toward high-assurance systems,
The GNAT Pro Ada for ARM multi-language development environment for use with ARM processors,
The GPRbuild advanced build system that helps automate the construction of multi-language systems and
The GNATstack static analysis tools for stack usage computation.
“Our heart pump has to work uninterrupted throughout the life of the patient,” said Professor Lars Asplund, Main Software Architect at Scandinavian Real Heart. “The quality and reliability of all parts of the system are crucial. We want to create software with the highest level of safety, and we know that SPARK together with Ada is the best option.”

“The programming tools and programming language were selected considering optimum reliability and quality assurance,” added Azad Najar, Scandinavian Real Heart Chief Executive Officer (CEO).

“Innovators like Scandinavian Real Heart continue to choose AdaCore’s comprehensive suite of software development and verification solutions, particularly for lifesaving and safety-critical applications,” said Jamie Ayre, Commercial Team Lead at AdaCore. “AdaCore provides the open-source tools and libraries embedded systems developers need to craft the most complex software with high assurance, integrity, and reliability while lowering development and verification costs.”

AdaCore software solutions have been the software development and verification tools of choice for safety-critical and mission-critical applications for decades. AdaCore continues to advance and adapt its trusted tools to meet the most stringent requirements and high-assurance, high-integrity needs of modern projects across multiple markets.

AdaCore is presenting its suite of software tools – including Version 18.1 of its industry-leading GNAT Pro, CodePeer, SPARK Pro and QGen products, as well as GNAT Pro Assurance, GNAT Pro Enterprise, and GNAT Pro Developer tailored to specific user needs – in Booth # 4-149 at Embedded World 2018. The annual Embedded World exhibition and conference is taking place at the Nuremberg Exhibition Centre in Nuremberg, Germany, from 27 February through 1 March 2018.

About Scandinavian Real Heart AB
Scandinavian Real Heart AB, a medical technology company in Västerås, Sweden, has developed a Total Artificial Heart (TAH) with an innovative pump that mimics the natural function of the biological heart. The Real Heart is designed to be used as a transitional solution for patients who are in a queue awaiting a heart transplant, helping extend their lives and providing the opportunity for increased mobility and a higher quality of life. In the future, Real Heart could be a more permanent solution for patients who, for various reasons, are unable to receive a donated heart.

About AdaCore
Founded in 1994, AdaCore supplies software development and verification tools for mission-critical, safety-critical, and security-critical systems. Over the years, customers have used AdaCore products to field and maintain a wide range of critical applications in domains such as commercial avionics, automotive, railway, space, military systems, air traffic management/control, medical devices, and financial services.

AdaCore products are open source and come with expert online support provided by the developers themselves.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits ; Adtmag


Oracle’s first Quarterly Critical Patch Update (CPU) of 2018 provided fixes for 237 vulnerabilities across its product lines, including patches for 21 security holes in the Java Platform Standard edition (Java SE), 18 of which are remotely exploitable without authentication.

The latest CPU provides the fewest fixes for Oracle’s products since last April — except for Java SE, for which the company provided 22 fixes last quarter. The consistent number of patches, quarter to quarter, is a reminder that people must keep up with Java security, said John Matthew Holt, CTO of security firm Waratek, because the vulnerabilities are not going away any time soon.

Holt also pointed out that 28.5 percent of the vulnerabilities patched for the Java platform in this CPU address unsafe deserialization. Serialization is the process of converting an object into a stream of bytes for transport and storage. Deserialization reverses the process when the data is received.

“Oracle began fixing the first of the unsafe deserialization vulnerabilities discovered in the Java Platform last January,” Holt noted. “People were hoping that there would be one or two in isolation. But there has been a significant footprint of unsafe deserialization in every CPU since. It shows how challenging it is to deal with this vulnerability type in the core Java platform.”

Waratek, a Dublin-based app security tools provider with a special focus on Java, discovered two of the unsafe deserialization flaws patched with this CPU. “Waratek researched the JRE (Java Runtime Environment) codebase and has identified two new unbounded memory allocation vulnerabilities in two JRE subcomponents that may be remotely exploitable without authentication,” the stated in an advisory released Jan. 18.

An unsafe deserialization flaw was discovered last year in Apache Struts web app framework, which allowed attackers to seize control of any server running REST apps built with Struts. The Apache Software Foundation released a patch in September. A month later, an unsafe deserialization flaw was found in RubyGems, the maintainers of which issued a patch.

“We should all remember that the same unsafe deserialization problem is not only linked to the Java Platform,” Holt said, “but also the major frameworks and software components that are going to be built from Java.”

Oracle’s latest CPU includes patches for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) processor vulnerabilities that were disclosed on Jan. 3.

“This CPU is released into an environment where virtually every enterprise on the planet that is working to deploy the patches released for the Spectre and Meltdown chip vulnerabilities on top of the routine patches that must be routinely applied,” said Waratek EVP James Lee in a statement. “Companies that do business in the European Union are also coming to realization that a breach is not their only risk of incurring a large fine under the pending GDPR security rules – so is a failure to patch.”

“I think it’s also important to recognized that Oracle and the community’s investment in Java means that problems and vulnerabilities are found and fixed at a faster rate than many of the other software development languages,” Hole said. “The apparent proliferation of these vulnerabilities is evidence of a good quality security program being applied to the platform to find them and try to fix them.”

Each Oracle Quarterly CPU is a set of patches for multiple vulnerabilities put together since the previous update. They do not include the security advisories from previous updates; those are available on the Oracle Technology Network. However, most CPUs are cumulative, Oracle has said, which means the application of this CPU should resolve new vulnerabilities and previously-reported security issues.

Oracle’s CPUs are issued on a quarterly schedule announced at the beginning of the year. The purpose of that schedule is to provide users of Oracle products with a level of predictability that will foster regular maintenance activity, the company has said. The next four dates are:

  • 17 April 2018
  • 17 July 2018
  • 16 October 2018
  • 15 January 2019


About the Author

John has been covering the high-tech beat from Silicon Valley and the San Francisco Bay Area for nearly two decades. He serves as Editor-at-Large for Application Development Trends ( and contributes regularly to Redmond Magazine, The Technology Horizons in Education Journal, and Campus Technology. He is the author of more than a dozen books, including The Everything Guide to Social Media; The Everything Computer Book; Blobitecture: Waveform Architecture and Digital Design; John Chambers and the Cisco Way; and Diablo: The Official Strategy Guide.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.

Credits : Universe.byu


With the high demand in the tech industry, many people are trying to get their foot in the door and develop coding and programming skills. So what are the best steps to become a web developer? Whether students are looking to study computer science or web development, here are some resources to build IT skills.

Online resources

1. CodeAcademy is a free service used by more than 45 million people worldwide. It offers a variety of courses in platforms such as HTML, CSS, JavaScript and Python.

2.  CodeSchool is another popular online tool that offers 71 interactive courses for $29 a month. More than 2 million people use CodeSchool and it is known for its emphasis on HTML, CSS and JavaScript courses.

3. CareerFoundry offers two different courses in web development. It offers a free seven-day step-by-step introductory web development course to allow people to see if web development is right for them. The second web development course at CareerFoundry is a paid six-month course designed to take participants from beginner to professional.

4.  Udemy offers a $200 web development course entitled “Become a Web Developer from Scratch.” The course consists of more than 30 hours of content and covers the basics of both front-end developing and back-end. It will introduce students to JavaScript, jQuery, HTML5, CSS3, PHP and MySQL.

BYU resources

  1. CS 142 — BYU has an Intro to Computer Programming class in the computer science department which teaches object-oriented program design and principles of algorithm formulation and implementation.

2. DIGHT 250 — The Digital Humanities department also offers a web developing course. This course is an introduction to web programming.

It’s important as students build programming skills that they maintain a portfolio of the websites and other projects they’ve constructed. A final resource for students building and maintaining a portfolio is GitHub, which allows users to host and review their code.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.