Kevin Korngut introduces Adobe AIR, a cross-platform runtime environment for desktop and mobile applications. By Kevin Korngut

Believe it or not? The cloud kills the traditional RDBMS, drives new thinking in IT, and ultimately brings two core IT teams closer. Read an industry veteran and IT executive's viewpoint.

This morning, Oracle released updates to JDK 6 and 7. For more information on these releases see: Security Alert for CVE-2012-4681 Released Release notes Oracle recommends that users apply these updates as soon as possible. Users of Oracle JRE 6 and 7 for Windows (32-bit) and the recently released JRE 7 for Mac OSX (64-bit) will be updated automatically. For more information see, this blog entry.

Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers. These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547. These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software. Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible. Developers should download the latest release at http://www.oracle.com/technetwork/java/javase/downloads/index.html Java users should download the latest release of JRE at http://java.com Windows users can take advantage of the Java Automatic Update to get the latest release JUG leader John Yeary tweeted "I want to take a moment to THANK #Oracle for doing the right thing. Too often people don't say thanks enough when they get it right." Thanks for your thanks. For More Information Oracle Security Alert for CVE-2012-4681 Change to Java SE 7 and Java SE 6 Update Release Numbers

Oracle today issued an emergency update to patch the critical vulnerabilities hackers have been using in increasing numbers to hijack Windows PCs.

Stuart Sierra discusses using a data-oriented programming approach in order to create programs that are easier to write and test. The session is accompanied with Clojure code samples. By Stuart Sierra

My last blog introduced Spring 3.1's profiles and explained both the business case for using them and demonstrated their use with Spring XML configuration files. It seems, however, that a good number of developers prefer using Spring's Java based application configuration, so Spring have designed a way of using profiles with their existing @Configuration annotation. Preview...

As their second big middleware purchase of 2012, Red Hat have snapped up the business-management platform from Barcelona-based firm Polymita, suggesting their next move lies in sprucing up jBPM. Red Hat disclosed reasons for the purchase of Polymita technology, revealing that it would allow them to “bring complementary BPM capabilities that are designed to improve the productivity of business users,” and more importantly the union would position them as a “leading vendor” in the BPM marketplace. Although a specified product roadmap featuring Polymita solutions isn’t available, Red Hat did make it clear that their goal is to make the core open source - in keeping with their general strategy. The benefits of doing this are obvious: they want to pique the interest of their vast community, especially project leads. By presenting the technology as something that could aid everyone, and not just JBoss Enterprise BRMS and jBPM, they could be onto a winner. Red Hat have long let the community know their intentions when it comes to middleware. Mark Little, who leads the technical direction, has spoke in the past of how they see it driving innovation in the future. They recognise the importance of having flexible middleware options, as it often spreads into the entire enterprise portfolio. They also realise how the term is changing to accommodate for mobile and cloud architectural changes. It provides the glue that you can’t do without as a developer. Whether it’s the enterprise service bus, enterprise application integration or something message oriented, middleware should never be forgotten about. Over recent months, we’ve seen Red Hat go on an assault to acquire as many middleware specialists as they can to firm up their enterprise options - namely the jewel in the crown, JBoss EAP. June’s purchase of FuseSource, the hugely successful providers of ActiveMQ and Apache Camel enterprise-tailored solutions, gave us a sign of things to come. Led by Groovy creator James Strachan, FuseSource made their name by being one of the most active contributors to Apache Software Foundation projects, becoming well respected in open source circles. Something which clearly entices the $1bn revenue generating Red Hat. For the time being at least, Polymita customers will continue to receive support from Polymita themselves, with Red Hat to take control and supply a converged roadmap in due course. Whilst this acquisition isn’t necessarily a surprising one given Big Red’s previous allure to tried and tested middleware specialists, we’re intrigued to see who is next in their hiring line.

Kohsuke Kawaguchi, creator of Jenkins and architect at CloudBees, discusses how to use Jenkins to efficiently shift more workload from your laptops and computers to servers. By using "pre-tested commits" you can make changes safely so that your changes don't block others, run tests asynchronously, and avoid compounding errors intrinsic to large projects with numerous developers contributing to the repository. Advances in distributed version control systems (such as Git) made it possible to test every commit separately before it hits the team's main branch. This helps you keep the main branch more stable, and lets you get more values out of the CI server. In this session, Kohsuke look at the details of this technique, and how to make it work with your projects. It covers both Git and Subversion. Filming Courtesy of Marakana Tech TV

“Disable Java NOW,” screamed a headline on UK tech publication The Register. “Please, for the love of your computer disable Java on your browser,” a security expert was quoted saying on Ars Technica. We can imagine better publicity for the platform. When Java is being described as less secure than Flash or Acrobat, you’ve got a serious image problem brewing. Tuesday’s zero-day exploit only affects SE users running 1.7, and - at least for now - only on Windows, but it’s far from the first time Java has been in the news for security holes. Among them is Flashback, the worst piece of malware ever seen on OS X, used an exploit in Java that had failed to be patched in the Mac version. Zero-day exploits will always be found in any platform or system, no matter how ‘secure’ it is. The trick is to react as quickly - or faster than - anyone with nasty intentions. Unfortunately, with Java’s four-month security patch release schedule, this zero-day exploit won’t be patched for another two months. If that wasn’t bad enough, Java SE has yet to get silent updates, as initially popularised by Chrome and since adopted by Firefox and even Flash Player. On Windows, Java still requires the user to respond to an annoying pop-up alert and then bother to go through a whole install wizard each time. We haven’t seen any adoption stats, but we doubt the majority of users are running the latest, most secure versions. Silent updates may be somewhat divisive, but perhaps they’re necessary when it comes to security issues like this. And, after all, power users and developers aware of the differences between versions can choose to manually update instead. Of course, that seems like a moot point in the context of accusations that Oracle have known about these vulnerabilities for months. The press went from bad to worse today, as the same security firm claimed that they had reported 29 different security flaws since April - but only three of these were fixed by the June patch. "Although we stay in touch with Oracle and the communication process has been quite flawless so far, we don't know why Oracle left so many serious bugs for the Oct. CPU," a member of the firm told CIO. Oracle declined to provide a comment to JAXenter on any of the accusations. The importance of Java in the browser may be diminishing rapidly, but it’s still part of the brand. If end users feel they can’t place their trust in Java, how long until this uncertainty spreads to the enterprise world? If Java truly is “one platform”, that platform needs to be equally secure everywhere. Photo by m thierry.

Suppose that group of developers work in parallel on parts of big project - some developers are working on service implementation, while others are working on code using this service. Both groups agreed on service API, and started working separately, having in mind the API assumptions... Do you think this story will have happy end? Well, ... - maybe :) - there are tools which can help...

JAXBElement is a JAXB (JSR-222) mechanism that stores name and namespace information in situations where this can not be determined from the value or mapping. For example in the class below the elements billing-address and shipping-address both correspond to the Address class. In order to be able to round trip the data we need to keep track of which element we unmarshalled. Preview...