Just as our CTO predicted back in April, the Oracle-Sun deal has started to break third-party Java code.
A piece of Java software no less than Eclipse has stopped working on the latest Java SE 6u21 under Windows, thanks to Oracle changing the COMPANY_NAME field in java.dll version information to, well, “Oracle Corporation”. (If you want the details, Alex Blewitt at InfoQ has compiled the respective links into a story.)
It is interesting to note that Oracle developers did not change the value of the java.vm.vendor property in Update 21, as if they knew that would break many more apps.
There must be more than a handful of legacy components with JVM-dependent behavior in thousands of legacy applications deployed. Given that Oracle owns two JVMs now – HotSpot and JRockit, and had developed its own JVM in the past, this is yet another reason for those applications to never move to the latest Java version.
Who said “WORA”?
The CERT Secure Coding Standard for Java is a comprehensive set of rules and recommendations for writing secure Java applications. If you care about the security of Java code that you write, make sure to check it out (the C Secure Coding Standard has already made it into a book, and its C++ sibling is in progress, just in case.)
In practice, however, developers that read secure coding guidelines or best practices documents mostly apply the new knowledge to their future work. In the best case, they may have the time to review the code they have written recently. And even then, their now-more-secure code may be just a tiny portion of a large enterprise application combining lots of legacy stuff with code written in other departments, commercial components, etc., running on top of an open-source framework inside a proprietary container.
Even with the help of static code analysis tools, the costs of discovering and eliminating all the security vulnerabilities in such an application may be prohibitive. However, the costs of reducing their exposure may be acceptable. But why is the level of such exposure so high for Java apps in the first place?
For further discussion, continue to my article “Protect Your Java Code - Through Obfuscation And Beyond“.
Excelsior provides practical solutions for the protection of desktop applications based on Eclipse RCP, Tomcat Web applications, and plain Java SE applications.
Tags: Java, protection, secure
The recently issued Excelsior JET 7.2 was, in essence, a maintenance release, because the Excelsior Java team is now mostly focused on the development of the 64-bit version of Excelsior JET. Nevertheless we have managed to include one major feature in this release – Startup Accelerator.
Combined with Startup Optimizer available in previous versions of Excelsior JET, it delivers a noticeable improvement in Java applications startup time. We have prepared a short comparative study backing this statement:
Java vs Native vs Optimized Java
The following startup time comparison includes different RSS feed readers: two native Windows applications (FeedDemon and FeedReader) and one implemented in Java (RSSOwl). The latter was run on the standard JRE 1.6.0_20 and then compiled with Excelsior JET 7.2 Professional Edition/profile 1.6.0_20.
These applications were run on a mid-range laptop (dual-core ULV Intel Celeron SU2300, 2GB RAM), and their warm and cold startup times measured as the time to fully display the main window.
As you can see, the RSSOwl application optimized with Excelsior JET starts:
- 2x to 3x faster than on the JRE
- about as fast as the similar native applications
References
Java Startup Time solution page: optimization guidelines, FAQ
Excelsior JET: product info
Tags: Java, performance, startup time
Nicolas Fränkel in his blog recommends using Excelsior JET to protect your demo Web applications.
Tags: Java, protect, protection, webapps
The latest Excelsior JET 7.2 is fully synchronized with Eclipse 3.6 and Helios release train. Now you can protect your RCP applications based on Eclipse 3.6 using standalone JET GUI tools or Excelsior JET plug-in for Eclipse 3.6 IDE.
By the way, you can easily install the plug-in directly from the Eclipse 3.6 IDE using the newly introduced Marketplace Client .
The Eclipse 3.6 Classic IDE compiled with Excelsior JET 7.2 is available for download at the Eclipse RCP solution page.
According to the Support Policy statement, Excelsior JET 6.4 has reached Product End Of Life status. We encourage customers of this version to migrate to more recent versions to receive the support services under valid Support Contracts.
If you need help in migrating to a newer version of Excelsior JET, do not hesitate to contact us.
Imprint on a lamppost, Santa-Clara, CA (March 2010)
What surprised me most in our EclipseCon 2010 experience was the number of booth visitors saying that application startup time is important to them. Fortunately, we have already had the Startup Accelerator in the works, and today it is the main highlight of Excelsior JET 7.2 release. Used together with the previously implemented Startup Optimizer, it can reduce the cold startup time of your Java application up to a factor of 3, aligning it with the native rivals it may have.
We also love to hear from our existing customers, and when we hear, we listen. In our last customer survey, long build times firmly occupied the top spot in the list of annoyances. Our tests show that upgrading to version 7.2 should reduce the build time by at least 30% compared to the previous version. Compilation of large Java applications consisting of tens of thousands of classes can be twice as fast now.
An eagerly awaited usability enhancement, Installation Toolkit tweaks, Java SE 6u20 support, and performance/stability improvements complete the list.
Full list of new features and improvements in Excelsior JET 7.2
Download Excelsior JET 7.2 Evaluation Package
Tags: startup
This case study illustrates how Semantis Information Builders GmbH uses Excelsior JET to prevent reverse analysis of their Eclipse RCP applications incorporating vital Intellectual Property.
Excelsior JET for Eclipse RCP case study
By: Matthias Mecky, Head of Software Development
Semantis Information Builders GmbH
Germany
Due to the very nature of the Java technology, Java based applications and products may be considered as open source software to some degree. The resulting Java bytecode is like an open book for reverse analysis and reverse engineering. Hence, steps have to be taken in order to protect the intellectual property of a software house as well as to protect the businesses of its customers against analysis.
Semantis Information Builders GmbH concentrates heavily on Artificial Intelligence based software products for decision support systems applying a rich set of methods and techniques from Knowledge Processing and Computational Intelligence. Semantis’ Raptor Diagnostic Suite is truly a cutting-edge software product. It deals with intelligent diagnosis, repair and verification of complex engineered systems such as modern vehicles or airplanes etc. by integrating multiple diagnostic inference engines in order to identify and fix the deepest causes of symptoms, failures and malfunctions. Furthermore, it is able to learn automatically from experience.
Typically, this product is designed for usage within big industrial companies as e.g. car manufacturers. The screenshot in the foreground shows a snapshot during a diagnostic session where a modern vehicle is under test. The screenshot in the background shows a portion of the diagnostic authoring environment.
The Raptor Diagnostic Suite is implemented as a set of Eclipse RCP applications taking advantage from many RCP features. Like other technology-driven companies we had to think about how to protect our key knowledge and expertise against reverse engineering in order to stay a step ahead in a very competitive market. Therefore, we searched for a product being capable to convert our products into a non-reengineerable form. We found this product with Excelsior JET.
For test purposes we used the trial version for a first compilation of our product – and it worked immediately. The compiled product comes along with a built-in JVM and JRE. Also embedding frameworks as Spring or Hibernate as well as DLL components from third parties into the product works seamlessly and without problems. Integrated wizards such as JET Control Panel and JetPackII guide the user through the entire build process. Due to many predefined but editable settings of parameters the build process turns out to be rather effective. Moreover, it is possible to create build scripts to automate the build process e.g. for future product releases.
To round out the picture, Excelsior JET offers a series of useful little features as e.g. to create trial versions of a product for a limited period of time. In summary we can state that the Excelsior JET product has exceeded our expectations.
***
More Excelsior JET for Eclipse RCP case studies
According to the Support Policy statement, Excelsior JET 6.0 has reached Product End Of Life status. We encourage customers of this version to migrate to more recent versions to receive the support services under valid Support Contracts.
If you need help in migrating to a newer version of Excelsior JET,
do not hesitate to contact us.
