tmmorris

Java has been hacked and respected security firm Sophos are advising to disable it until the exploit has been patched:

Unpatched Java exploit spreads like wildfire | Naked Security

How are we going to (free) file flightplans now? Or must we all run the risk of being hacked?

Another reason why Afpex is a creaky complex solution to a simple problem...

Tim

Genghis the Engineer

I dislike AFPEX a lot, but confess it has been my selected tool.

You can file through Skydemon I believe? Mind you, is that Java based as well? I suspect that it is.

G

Jan Olieslagers

For as little as I know on the subject - though some expect some authority from me, how horrible the idea! - this seems to confirm two opinions I have held for a long time:
-) Java and the kind of glittery web pages it allows are to be avoided where possible - and that includes the Java embedded in appservers like tom cat , web logic, and what not. Unfortunately, this kind of rubbish is hyper-attractive to the hyper-assertive marketeers that somehow seem to have gained (or been given?) control of today's world.
-) never be too hasty in upgrading one's PC - staying with 1.5 or 1.6 will run most applications, and keeps one on the safe side.

1800ed

I've used Rocket Route in the past, it's meant to be particularly useful for filing IFR flight plans. I'm not sure I'd pay to file the one or two VFR flight plans I do a year though.

jollyrog

I'm flying to Guernsey tomorrow.

I've strapped an old fashioned form to a carrier pigeon and sent him South.

peterh337

It's a risk only if you visit a website which is infected with the exploit, and none of the major ones, run by competent admins, should be.

Pilot forum BBS software has a history of getting infected, but p r o o n seems to have been ok for quite a while. Both Flyer and PPL/IR have been infected fairly recently. The other (minor) forums I don't know about.

Or perhaps you can catch it via M$ Outl$$k? But then only if you open an infected email, which should be unlikely in the first place.

Kids' computers catch everything because they click on every link instantly. I have seen many that were trashed totally within weeks.

DeltaV

Unless you have need of an application that requires Java it's probably not that big a deal for most folk. Just make sure that in whatever browser you use you have disabled or disallowed Java. Java and Javascript are not the same thing. Much of the web uses javascript but if you're leary about Javascript try disabling that too and see if it affects your web experience more than you can tolerate.

SkyDemon Light doesn't use Java but does use Javascript. Google Chrome's developer tools shows that.

tmmorris

Skydemon does indeed file flightplans, but not free (now the Olympics are over).

Tim

Gertrude the Wombat

Many Java applications work best, or even at all, with one particular version of Java. It's hardly rare to have to have several versions on your machine at once, each one tied to a different application. Letting it upgrade itself automatically, thus rendering one (chosen at random) of your business critical applications useless is utterly mad.

I can't however be too rude about Java, just in case the people who pay me to write the stuff are reading this.

Gertrude the Wombat

Mine haven't picked up any infections for years, becauseI trained them not to.

Sensible Flyer

SkyDemon uses Silverlight, not Java. JavaScript is not Java.

Deeday

How ironical that Oracle was urging users to upgrade to Java 7 because of known vulnerabilities with version 6, and now this new threat affects only version 7.

Java 6 is still supported, albeit not for much longer, as far as I know. I still have it installed and AFPEX runs fine. I wouldn't worry too much.

peterh337

Java is crap.

It drags out all the incompetent stupid and lazy computer programmers.

Every new version breaks some apps. I have just found that Mobile Atlas Creator no longer works, with the latest version, but luckily I can downgrade to the version which was needed to make Afpex work and which I had saved

Gertrude the Wombat

You can write crap in any language that I've ever seen, and I've seen many dozens. (Google "you can write FORTRAN in any language" for example.)

(Except, just possibly, Algol68. The language definition and compiler are so strict that if you manage, at long last, to get your code to actually compile, then the chances are that it does something useful.)

Jan Olieslagers

Yes, but a decent programming language does not INVITE or ENCOURAGE poor coding. As a Unix sysadmin, if people come complaining about memory shortages, I know for 90% it is due to poor Java code. The hard thing is to convince the programmer that the problem is at her/his side, not at the server's.

I agree it is very well possible to write good code in Java - but very few people seem to do so.

1800ed

Problem
In
Chair
Not
In
Computer

(As pilot's love their acronyms)

peterh337

Of course (I've been a hardware/software developer since c. 1976) but Java apps seem to have a terrible dependence on the Java runtime version. It could be sloppy programming or it could be bugs in the runtime which programmers have "empirically" worked their way around and then get caught when the bug is fixed.

The "internet" has generated a huge number of programmers who have no experience of building robust apps. It's very easy to knock up apps for that type of environment where you have a very visual user interface which immediately shows what is going on, and especially with the various tools one can generate code at a rapid rate. The fact that on the www no two things ever look the same and this is seemingly accepted by the public (no browser out there can actually properly print the displayed page for every type of website structure, for example) merely facilitates sloppy programming. Whereas embedded systems programmers have to be a whole lot more careful; a (e.g.) temperature controller which has bugs that affect its operation is completely useless, and they are hard to find nowadays whereas web developers are two a penny.

24Carrot

Most of my code is in C/C++, and I will only confess to a half-written android app in Java, but Java looks to me exactly like C++ with automatic memory management.

I think the problem is not in the language itself but the bloated interface to the "runs on anything" virtual machine. I'm not surprised that breaks a lot.

I would also guess that the advantage of Java to afpex is precisely that the code runs on your hardware, whatever it might be, so you pay the processing costs and suffer the security risks, not them.

peterh337

Afpex bought the whole lot from a German company called Compsoft, so they got what was on offer...

C++ is also a great way to write crap software, because of the extra abstraction. Firms that develop embedded systems using C++ have lots of fun with it. Once you don't have a GUI you can't put up an "insufficient memory" error and give up

C+asm is the way to go but then producing decent code takes 10x longer

24Carrot

I basically agree re C++, especially C++ GUI programming, in fact my "C/C++" is pretty much C compiled with a C++ compiler

C code may seem to take 10x longer to write, but if your goal is something that works, the development may still end up 10x faster...

Anyhow, software is one of the few areas where a good performer can be literally 100x more productive than a bad one, so IMHO the language is seldom the issue