FAQ
I know everyone has had bad experiences w/ Java 1.6.0_18 and was
sticking with JVM releases they trusted, but the set of security patches
that have come out with the _19 release change the situation. There are
enough server-side vulnerabilities there to make upgrading something to
consider if you are working with untrusted data.

Has anyone tried the latest release at scale and got any good/bad
experiences to share?

One interesting feature is it does actually disable Escape Analysis,
which I believe was one of the troublespots. When I start a JVM with the
following options

-XX:+UseCompressedOops
-XX:+DoEscapeAnalysis
-XX:+UseParallelGC
-XX:+AggressiveOpts

On
java version "1.6.0_19"
Java(TM) SE Runtime Environment (build 1.6.0_19-b04)
Java HotSpot(TM) 64-Bit Server VM (build 16.2-b04, mixed mode)

I get told off:

Java HotSpot(TM) 64-Bit Server VM warning: Escape Analysis is disabled
in this release.

Was it Escape Analysis that was hurting people in the _18 version?

-steve

Search Discussions

  • Todd Lipcon at Apr 6, 2010 at 3:45 pm
    I was seeing errors in 18 without escape analysis explicitly enabled. So
    unless it became enabled by default in 18, I don't think that was the issue.

    -Todd
    On Tue, Apr 6, 2010 at 5:48 AM, Steve Loughran wrote:


    I know everyone has had bad experiences w/ Java 1.6.0_18 and was sticking
    with JVM releases they trusted, but the set of security patches that have
    come out with the _19 release change the situation. There are enough
    server-side vulnerabilities there to make upgrading something to consider if
    you are working with untrusted data.

    Has anyone tried the latest release at scale and got any good/bad
    experiences to share?

    One interesting feature is it does actually disable Escape Analysis, which
    I believe was one of the troublespots. When I start a JVM with the following
    options

    -XX:+UseCompressedOops
    -XX:+DoEscapeAnalysis
    -XX:+UseParallelGC
    -XX:+AggressiveOpts

    On
    java version "1.6.0_19"
    Java(TM) SE Runtime Environment (build 1.6.0_19-b04)
    Java HotSpot(TM) 64-Bit Server VM (build 16.2-b04, mixed mode)

    I get told off:

    Java HotSpot(TM) 64-Bit Server VM warning: Escape Analysis is disabled in
    this release.

    Was it Escape Analysis that was hurting people in the _18 version?

    -steve

    --
    Todd Lipcon
    Software Engineer, Cloudera
  • Steve Loughran at Apr 6, 2010 at 4:10 pm

    Todd Lipcon wrote:
    I was seeing errors in 18 without escape analysis explicitly enabled. So
    unless it became enabled by default in 18, I don't think that was the issue.
    That's not good. The security fixes in this JVM do hint it's something
    to deploy sooner rather than later.

    http://isc.sans.org/diary.html?storyid=8572
    http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html

    "Due to the threat posed by a successful attack, Oracle strongly
    recommends that customers apply CPU fixes as soon as possible. This
    Critical Patch Update contains 27 new security fixes across all products."

    There's something involving imageIO, which may imply JPEG or other image
    processing as a vulnerability; the other details are too vague to be
    sure what the implications are.
  • Bill Au at Jul 21, 2010 at 12:58 pm
    Now that jdk 1.6.0_21 is out, has anyone been running it with Hadoop? We
    have also had problem running Hadoop with 1.6.0_18. So what version of
    1.6.0 would people recommend for use with Hadoop?

    Bill
    On Tue, Apr 6, 2010 at 12:09 PM, Steve Loughran wrote:

    Todd Lipcon wrote:
    I was seeing errors in 18 without escape analysis explicitly enabled. So
    unless it became enabled by default in 18, I don't think that was the
    issue.
    That's not good. The security fixes in this JVM do hint it's something to
    deploy sooner rather than later.

    http://isc.sans.org/diary.html?storyid=8572

    http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html

    "Due to the threat posed by a successful attack, Oracle strongly recommends
    that customers apply CPU fixes as soon as possible. This Critical Patch
    Update contains 27 new security fixes across all products."

    There's something involving imageIO, which may imply JPEG or other image
    processing as a vulnerability; the other details are too vague to be sure
    what the implications are.
  • Allen Wittenauer at Jul 21, 2010 at 3:03 pm
    I seem to be ok with the little bit of _20 I've been using.
    On Jul 21, 2010, at 5:58 AM, Bill Au wrote:

    Now that jdk 1.6.0_21 is out, has anyone been running it with Hadoop? We
    have also had problem running Hadoop with 1.6.0_18. So what version of
    1.6.0 would people recommend for use with Hadoop?

    Bill
    On Tue, Apr 6, 2010 at 12:09 PM, Steve Loughran wrote:

    Todd Lipcon wrote:
    I was seeing errors in 18 without escape analysis explicitly enabled. So
    unless it became enabled by default in 18, I don't think that was the
    issue.
    That's not good. The security fixes in this JVM do hint it's something to
    deploy sooner rather than later.

    http://isc.sans.org/diary.html?storyid=8572

    http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html

    "Due to the threat posed by a successful attack, Oracle strongly recommends
    that customers apply CPU fixes as soon as possible. This Critical Patch
    Update contains 27 new security fixes across all products."

    There's something involving imageIO, which may imply JPEG or other image
    processing as a vulnerability; the other details are too vague to be sure
    what the implications are.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcommon-dev @
categorieshadoop
postedApr 6, '10 at 12:49p
activeJul 21, '10 at 3:03p
posts5
users4
websitehadoop.apache.org...
irc#hadoop

People

Translate

site design / logo © 2022 Grokbase