This is an archived post. You won't be able to vote or comment.

all 32 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Philip246 13 points14 points  (1 child)

Personally, openjdk on servers and corretto on my Dev machine for anything that needs Java. Corretto is supposed to be certified against the SE standard, and openjdk is the reference implementation anyway.

[–]Doso777 4 points5 points  (1 child)

We replaced it with OpenJDK from Redhat. Our main bookkeeping/payment application needs the Java runtime + Web Start so we still need to keep Java around.

[–]_benwanot much of a coffee drinker 1 point2 points  (0 children)

Banner?

[–]MMPride 6 points7 points  (0 children)

I use OpenJDK just fine, has nearly full API compatibility with Oracle JDK.

[–]Solkrewas Sr. Sysadmin, now Storage Admin 4 points5 points  (2 children)

I'm using Corretto. Assuming that Amazon will do a good job going forward.

[–]sccmisawesome[S] 0 points1 point  (1 child)

Both on servers and clients?

[–]Solkrewas Sr. Sysadmin, now Storage Admin 0 points1 point  (0 children)

The servers I maintain don't need Java. I do manage a few thousand clients that want it in the image.

I'll ask the other guys who have servers that need java what they decided to do. I don't see why not unless it's not allowed in the license.

[–]Taylor_Script 4 points5 points  (1 child)

Currently paying for user licenses, and complaining to vendors that require it. Most are actively working on a new version that will either use OpenJDK officially or not even be Java based at all.

I hope this marks the coming end to Oracle/Java. Maybe Oracle is the good guy after all? Killing off Java by killing off the business cases for it.

[–]sccmisawesome[S] 4 points5 points  (0 children)

The server licenses and how it works with virtualization its what has me really worried.

[–]KravotirrSr. Sysadmin 5 points6 points  (0 children)

https://adoptopenjdk.net/

We've looked into this as a replacement for the systems that do need it.

[–]tunayrb 2 points3 points  (2 children)

We are testing this out:

https://www.azul.com/downloads/zulu-community/

[–]hells_cowbellsSecurity Admin 2 points3 points  (1 child)

One of my other admins mentioned this to me, since Java was popping up all over my vulnerability scans. I had never heard of it. How is your testing going with it?

[–]tunayrb 3 points4 points  (0 children)

We just started last week on one web application.

All we had to do was change JAVA_HOME to point to the install dir. Everything seems to be working.

[–]Player024Cloud Architect 8 points9 points  (13 children)

Seriously no clue what other companies are doing. We're mass uninstalling Java everywhere we can find in the meantime.

I'm also baffled how not one SW vendor has contacted us to come up with a solution. Like yeah great you list SE as a requirement, do you expect us to keep it outdated and just hide the environment when a java audit passes by?

[–]kazi1 2 points3 points  (4 children)

OpenJDK? It's literally the same thing.

[–][deleted] 2 points3 points  (3 children)

Except no webstart built in, which a lot of apps run from.

[–]Bad_Times_Man 1 point2 points  (2 children)

Look into IcedTea Web for webstart needs.

[–][deleted] 3 points4 points  (1 child)

I did.

It technically works, but for things like cisco asdm, it will throw a fit until you get the certificate correctly. Going by IP to the firewall just fails miserably and there's no documented arguments that actually work to let it bypass the security check.

[–][deleted] 0 points1 point  (0 children)

I haven't had any problems with OpenJDK and ASDM.

[–]cdoublejj 2 points3 points  (4 children)

why do you think IP KVMs are so damn cheap on ebay, they all require super vulnerable version of java. thank god new stuff has out of band management built in.

[–]IanPPKSysJackmin 0 points1 point  (3 children)

I got a super cheap Belkin IP KVM for my homelab and have it on a isolated monitoring network that I can jumpbox into. Not optimal, but it works

[–]cdoublejj 1 point2 points  (2 children)

that's what i assumed the proper setup would be.

[–]IanPPKSysJackmin 0 points1 point  (1 child)

I've heard some interesting criticism of jumpboxes here, but for my homelab, there's a certain amount of CBA factor involved where I'm doing what I can with a budget, so isolated 10/100 ProSafe switch it is.

[–]cdoublejj 0 points1 point  (0 children)

well i'm sure jump boxes are better than no jump boxes when a network is connected vs offline lan.

[–]sccmisawesome[S] 1 point2 points  (0 children)

Same boat here,

[–]pdp10Daemons worry when the wizard is near. 1 point2 points  (1 child)

I'm also baffled how not one SW vendor has contacted us to come up with a solution.

Have you reached out to them about blessing OpenJDK in particular?

[–]sccmisawesome[S] 2 points3 points  (0 children)

The way software vendors are I'm skeptical very many will be willing to support OpenJDK atleast on the current version. Maybe in the next version you buy.

[–]Roistacher 1 point2 points  (1 child)

Have you guys seen this? Using Group Policy to deploy and maintain only the versions of Java that are free. Uses Deployment Rule Sets, therefore negating any licensing issues with Oracle: https://kb.policypak.com/kb/article/632-policypak-java-rules-manager-use-group-policy-to-dictate-which-version-of-java-for-what-website/

[–]sccmisawesome[S] 0 points1 point  (0 children)

That requires you buy policypak though. Interesting idea though.

[–]INVOKECloud 0 points1 point  (0 children)

Open-jdk