Monthly Archives: January 2013

Java & Security

I use Java for creating software; however, it has been in the news lately because of potential security risks. So what does this really mean?

Well, first of all Java is very widely used – it has been around for a long time and it is cross platform, so it will work on virtually any device; it will even work in a washing machine or other appliance. However, because it is so widely used there are lots of people who want to find ways to use it to steal information from your computer. Java can also be used to write applications that run in your web browser, or applets,  which means that visiting a website where there is an applet could put you at risk.

On the other hand, there aren’t really any realistic alternatives to Java. The fact that it is cross platform and widely used are essential features. One reason I have decided not to start making  mobile apps is because of the need to develop different versions for each different operating system; it’s simply too time consuming.  Being able to write a program that will run on any computer that has the JVM (Java Virtual Machine) installed is a massive plus.

As Java has been around for a long time, it also means that there are a huge number of libraries which means that it is possible to import code to carry out specific tasks. Other languages simply don’t have the same amount of resources. Again, this is a huge advantage for Java.

These two factors mean that Java won’t be going away any time soon, no matter what security experts might advise. If I can use another programming language, like Python or Ruby to do what I want, then I’ll use it; otherwise the approach I am adopting is to do my best to make my use of Java as safe as possible.

So, what to do? First of all, make sure that you have the latest version of Java – 7 update 11. Older versions of any software are always a potential security risk.

Applets really don’t serve a useful purpose, in my view – the kind of things that they are used for can be done much more effectively in other ways. I would definitely recommend disabling Java in your browser. There are instructions for how to do this here.

With Java disabled in your browser, it should mean that the only Java files that you run are those that you have downloaded. Again, as always, be careful when downloading a file that you trust the source of the file. If there is anything that arouses your suspicions, don’t download it. It’s better to be safe than sorry. Of course you should also have anti-virus and anti-malware scanners that are kept updated.


jsParagrapher Beta

I have finally finished tidying up the jsParagrapher, and it is now in Beta. I hope to iron out any remaining bugs and release a stable version by the end of the month.

The jsParagrapher is a simple authoring tool for making exercises to practice organizing a text into paragraphs. Rather than trying to explain what it does, the easiest thing to do is visit to see it in action. Yes, it produces exercises and might be considered a bit web 1.0, but it does something I need.  🙂

The authoring tool is written in Java and requires Java 7 to be installed. Because of the recent security issues with Java, I recommend that you ensure that your version is up to date (Java 7 Update 13) and that you disable Java in the web browser. I have written more about this in the post below.

I am looking for Beta testers to help me find any remaining bugs or issues – I have tested it extensively on Windows and Linux, and hopefully there will not be too many problems. The software can be downloaded from the site – I am using a simple form that asks for a name an e-mail so that I can keep track of things and let people know when I have a final release.

Many thanks for your help.