An anonymous reader writes "Mozilla on Tuesday announced a massive change to the way it loads third-party plugins in Firefox. The company plans to enable Click to Play for all versions of all plugins, except the latest release of Flash. This essentially means Firefox will soon only load third-party plugins when users click to interact with the plugin. Currently, Firefox automatically loads any plugin requested by a website, unless Mozilla has blocked it for security reasons (such as for old versions of Java, Silverlight, and Flash)."

crankyspice writes "Having recently picked up the Erector set I've wanted since I was a kid, I quickly found myself wanting to plunge deeper into makerspace by adding more sophisticated electronics to moving devices (rovers, maybe eventually flying bots). My first instinct was Arduino (maybe because of brand recognition?), but that got me thinking — what's the 'best' platform out there (most flexible)? Arduino with its myriad options (Nano, Mega, Uno, Mini)? PICAXE? BASIC Stamp? Raspberry Pi? (The latter seems like it would easily be the most flexible, but at greater cost in terms of weight and complexity.) I'm a hobbyist programmer, having learned C and C++ in college and recently re-learning Java (took and passed the Oracle Certified Professional exam, FWIW)..."

Jeremiah Cornelius writes "Blogger Adam Howard at Port3000 has a post about Google's exposure of thousands of publicly accessible printers. 'A quick, well crafted Google search returns "About 86,800 results" for publicly accessible HP printers.' He continues, 'There's something interesting about being able to print to a random location around the world, with no idea of the consequence.' He also warns about these printers as a possible beachhead for deeper network intrusion and exploitation. With many of the HP printers in question containing a web listener and a highly vulnerable and unpatched JVM, I agree that this is not an exotic idea. In the meanwhile? I have an important memo for all Starbucks employees."

msm1267 writes "Oracle's long security nightmare with Java just gets worse. A post to Full Disclosure this morning from a security researcher indicated that two new sandbox bypass vulnerabilities have been discovered and reported to Oracle, along with working exploit code. Oracle released Java 7u11 last Sunday and said it fixed a pair of vulnerabilities being exploited by all the major exploit kits. Turns out one of those two bugs wasn't completely patched. Today's bugs are apparently not related to the previous security issues."

Nerval's Lobster writes "Software developer Jeff Cogswell writes: 'Let's compare Java and C#, two programming languages with large numbers of ardent fans and equally virulent detractors. I'm not interested in yet another test that grindingly calculates a million digits' worth of Pi. I want to know about real-world performance: How does each language measure up when asked to dish out millions of Web pages a day? How do they compare when having to grab data from a database to construct those pages dynamically? The results were quite interesting.' Having worked as a professional C# programmer for many years, Cogswell found some long-held assumptions challenged."

tsamsoniw writes "Mere days after Oracle rolled out a fix for the latest Java zero-day vulnerabilities, an admin for an Underweb hacker forum put code for a purportedly new Java exploit up for sale for $5,000. Though unconfirmed, it's certainly plausible that the latest Java patch didn't do the job, based on an analysis by the OpenJDK community. Maybe it's high time for Oracle to fix Java to better protect both its enterprise customers and the millions of home users it picked up when it acquired Sun."

An anonymous reader writes "After the Department of Homeland Security's US-CERT warned users to disable Java to stop hackers from taking control of users' machines, Oracle issued an emergency patch on Sunday. However, HD Moore, chief security officer of Rapid7, said it could take two years for Oracle to fix all the security flaws in the version of Java used to surf the web; that timeframe doesn't count any additional Java exploits discovered in the future. 'The safest thing to do at this point is just assume that Java is always going to be vulnerable,' Moore said."

An anonymous reader writes "After announcing a fix was coming just yesterday, Oracle on Sunday released Java 7 Update 11 to address the recently disclosed security vulnerability. If you use Java, you can download the latest update now from the Java Control Panel or directly from Oracle's website here: Java SE 7u11. In the release notes for this update, Oracle notes this version "contains fixes for security vulnerabilities." A closer look at Oracle Security Alert for CVE-2013-0422 details that Update 11 fixes two vulnerabilities."

snydeq writes "Simon Phipps sheds light on a fight for control over Vert.x, an open source project for scalable Web development that 'seems immunized to corporate control.' 'Vert.x is an asynchronous, event-driven open source framework running on the JVM. It supports the most popular Web programming languages, including Java, JavaScript, Groovy, Ruby, and Python. It's getting lots of attention, though not necessarily for the right reasons. A developer by the name of Tim Fox, who worked at VMware until recently, led the Vert.x project — before VMware's lawyers forced him to hand over the Vert.x domain, blog, and Google Group. Ironically, the publicity around this action has helped introduce a great technology with an important future to the world. The dustup also illustrates how corporate politics works in the age of open source: As corporate giants grasp for control, community foresight ensures the open development of innovative technology carries on.'"

An anonymous reader writes "After news broke on Thursday that a new Java 0-day vulnerability had been discovered, and was already being included in multiple popular exploit kits, two new important tidbits have come in on Friday. Firstly, this whole fiasco could have been avoided if Oracle had properly patched a previous vulnerability. Furthermore, not only is the vulnerability being exploited in the wild, but it is being used to push ransomware." Meanwhile, writes reader Beeftopia, the U.S. Department of Homeland Security is getting in on the action, and "has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw."

hypnosec writes "Following news that a Java 0-day has been rolled into exploit kits, without any patch to fix the vulnerability, Mozilla and Apple have blocked the latest versions of Java on Firefox and Mac OS X respectively. Mozilla has taken steps to protect its user base from the yet-unpatched vulnerability. Mozilla has added to its Firefox add-on block-list: Java 7 Update 10, Java 7 Update 9, Java 6 Update 38 and Java 6 Update 37. Similar steps have also been taken by Apple; it has updated its anti-malware system to only allow version 1.7.10.19 or higher, thereby automatically blocking the vulnerable version, 1.7.10.18." Here are some ways to disable Java, if you're not sure how.

tsu doh nimh writes "The miscreants who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they've added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. The curator of Blackhole, a miscreant who uses the nickname 'Paunch,' announced yesterday on several Underweb forums that the Java zero-day was a 'New Year's Gift,' to customers who use his exploit kit. The exploit has since been verified to work on all Java 7 versions by AlienVault Labs. The news comes days after it was revealed that Paunch was reserving his best exploits for a more closely-held exploit pack called Cool Exploit Kit, a license for which costs $10,000 per month."

Dr Herbert West writes with news that General Motors and Ford have both used CES to announce a Software Development Kit for developers to create in-car apps. "Ford is focusing on three primary categories for apps: news and information, music and entertainment, and navigation and location. Marchwicki said the automaker will “instantly deny” apps that incorporate video, excessive text and gaming in a bid to reduce the risk of distracted driving. After developers have incorporated the Sync AppLink code into a proposed app, they submit it to Ford engineers for review. Ford will certify the app is bug-free and appropriate for automobiles. Once approved, Ford will work with the developer to provide a distribution license and get the app on the market." Similarly GM seeks infotainment apps that can be downloaded directly to the dashboard. "GM will provide developers with an SDK through an online portal that allows them to work with the automaker to design, test and deliver relevant automotive apps. GM also is including an HTML5 Java Script framework in its SDK."

eldavojohn writes "I kickstarted a project undertaken by Daniel Shiffman to write a book on what (at the time) seemed to be a very large knowledge space. What resulted is a good book (amazing by CC-BY-NC standards) available in both PDF and HTML versions. In addition to the book he maintains the source code for creating the book and of course the book examples. The Nature of Code starts off swimmingly but remains front heavy with a mere thirty five pages devoted to the final chapter on neural networks. This is an excellent book for Java and Processing developers that want to break into simulation and modeling of well, anything. It probably isn't a must-have title for very seasoned developers (unless you've never done simulation and modeling) but at zero cost why not?" Read below for the rest of eldavojohn's review.

mikejuk writes "Every January it is traditional to compare the state of the languages as indicated by the TIOBE index. So what's up and what's down this year? There have been headlines that C# is the language of the year, but this is based on a new language index. What the TIOBE index shows is that Java is no longer number one as it has been beaten by C — yes C not C++ or even Objective C."

Last year a group of UK teachers started working on a Creative Commons licensed teaching manual for the Raspberry Pi. That work has produced the Raspberry Pi Education Manual which is available at the Pi Store or here as a PDF. From Raspberry Pi: "The manual is released under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 unported licence, which is a complicated way of saying that it’s free for you to download, copy, adapt and use – you just can’t sell it. You’ll find chapters here on Scratch, Python, interfacing, and the command line. There’s a group at Oracle which is currently working with us on a faster Java virtual machine (JVM) for the Pi, and once that work’s done, chapters on Greenfoot and Geogebra will also be made available – we hope that’ll be very soon."

An anonymous reader writes "First, some quick background: I am 26 years old and I have been working for a large software development company with more than 50,000 employees for about 5 years now. My actual title is Senior Software Engineer, and I am paid well considering I have no degrees and all of the programming languages I have learned (C, C++, C#, Java) are completely self taught. The only real reason I was able to get this job is because I spent a year or so in a support position and I was able to impress the R&D Lead Developer with a handful of my projects. My job is secure for the time being, but what really concerns me is the ability to find another job in the field without 95% of companies discarding me for lack of formal education. I started looking into local community colleges and universities, and much to my dismay, they offer neither nighttime or online courses for computer science. Quitting the job to pursue a degree is not an option, especially considering they will compensate me up to $10,000/yr for going back to school. Has anyone else been in a similar situation? Does anyone know of any accredited colleges and universities that offer a CS degree through online courses? Obviously excluding the scam 'colleges' such as Univ. of Phoenix and DeVry."

hypnosec writes "Oracle has proposed a new project for OpenJDK — Nashorn, which aims to implement a high-performance yet lightweight JavaScript runtime that would run on the JVM natively. Nashorn will be headed by Jim Laskey, multi-language Lead at Oracle and the project will be sponsored by HotSpot group. The project proposes an implementation of JavaScript such that it can run standalone JavaScript applications via the JSR 223 APIs. Nashorn's design will enable it to take advantage of new JVM technologies like the MethodHandles and the InvokeDynamic APIs."

First time accepted submitter Hatfield56 writes "I've been in IT since the mid-1980s, mainly working for financial institutions. After 16 years at a company, as a programmer (Java, C#, PL/SQL, some Unix scripting) and technical lead, my job was outsourced. That was in 2009 when the job market was basically dead. After many false starts, here I am 3 years later wondering what to do. I'm sure if I were 40 I'd be working already but over 60 you might as well be dead. SO, I'm wondering about A+. Does anyone think that this will make me more employable? Or should I being a greeter at Walmart?"

theodp writes "When it comes to monolithic IDEs, Wille Faler has lost that loving feeling. In IDEs Are a Language Smell, Faler blogs about a Eureka! moment he had after years of using Eclipse for Java development. 'If the language is good enough,' Faler argues, 'an IDE is strictly not needed as long as you have good support for syntax highlighting and parens matching in the case of Clojure, or indentation in the case of Haskell.' So why do Java coders turn to Eclipse? 'Because [of] a combination of shortcomings in the Java compiler and Java's OO nature,' explains Faler, 'we end up with lots and lots of small files for every interface and class in our system. On any less than trivial Java system, development quickly turns into a game of code- and file-system navigation rather than programming and code editing. This nature of Java development requires IDEs to become navigation tools above all.' Yes, only an IDE could love AbstractSingletonProxyFactoryBean!"