Java SE7 U75 bundled in SysAid RDS?

 
Author
Message
SysAider
22
 
I just couldn't believe my eyes today when I realized that Java was bundled with the SysAid RDS.

And not only that, but a version from 2015-01-20!!!

If you guys have a look at https://en.wikipedia.org/wiki/Java_version_history#Java_7_updates there are LOADS of security updates fixed in future versions, the latest being U101!!!

Why isn't there a prompt notifying the user that the SysAid RDS installs Java as well?

I've been a SysAid admin at work since 1 May 2014 and I only realized now that it relies on Java!


Not to mention even using Java, no one in their right mind (server admins that is) uses it on a server, just like Flash, they're both so ripe with security vulnerabilities!


Why hasn't this been patched in the latest version of the SysAid RDS so as to not include a version of Java that is about a year and a half old???

It goes without saying I'll remove the SysAid RDS from the server it was running on until this issue is sorted.
SysAid VP Product
1166
 
First let me state that we at SysAid treat Security issues as high priority. We have a well established process to identify, classify perform both impact and risk analysis ,and schedule security fixes on an ongoing base. We also notify our customers in cases where security vulnerabilities may affect them (based on the above assessment) You can see this post as an example.

SysAid RDS is indeed built on Java in order to carry out the wide range of functions it is designed to take care of.
Our upcoming release (End of May towards June) does include an automatic update to Java 8 on the RDS. In the vast majority of use cases, the RDS is installed inside a customer’s LAN behind a firewall, thus reducing to minimum the risk of exposure to any known vulnerabilities and the priority of this task has been treated as so. As the Java is a core component of SysAid RDS it required extensive testing and is now ready to go live.
SysAider
22
 
Hi there.

While I understand all that you are saying, it is still a high security risk that you are exposing users to as only God in Heaven knows how many exploits there are in Java as every day there are newer vulnerabilities being discovered and they way that they are being exploited in the wild is simply mind-boggling.

I didn't even think to suggest SE8 because I know how much work it is to upgrade to a newer version of a coding language, but still, you should at least be keeping users up-to-date in terms of Java SE7.

Also, what is the policy going forward past the next version that you are referring to, will you be keeping SE8 updated every time there is a newer version or will it be a long period of time before the next update as well?

I would need to know for sure that you guys will be keeping things up to date before I would be able to go forward with suggesting this to other centres of ours as so far things haven't been that impressive to be honest, especially with regards to the user interface that now completely lacks the functionality to right-click and open things in new tabs and as such I need to always start a new tab and browse to our SysAid home page yet again, starting all over from scratch browsing wise which severely impedes efficiency.

Last year I used to be able to at least right-click and open something in a new tab such as Software Products even though it wouldn't open up properly and it would be missing the top strip of links. Now, even that is gone, leading to a highly monolithic UI experience where you only have one tab to work in, when in fact, it would be so much more helpful if we could just right-click and open things in new tabs as we go along, as we are all trying to multi-task all the time.

And there are other issues as well, such as RC being pretty much abandoned as far as I have been familiar with the product, and Projects not even having a one-click export to PDF last I had access to the module, how will anyone purchase more of these two product add-ons if they are so limited in functionality?

One can't even copy paste via RC, not to mention switching to black and white from colour, having a full-screen option that automatically resizes the other screens resolution, and so on.

SysAid is great, and it does so many things, but it seems to be developing more bells and whistles at the expense of some really important fundamental functions such as working with multiple tabs. That is such an industry standard with pretty much everything else in terms of web design, so, I've been surprised that I've had to make such a case out of it over the years in terms of the importance of being able to be productive when using SysAid.


Thanks.
SysAid VP Product
1166
 
To sum up the Java point - when critical vulnerabilities with a high impact are discovered we analyze then and when needed issue urgent fixes and also notify customers - like we did in the past.
The other option is to manually patch the Java in cases where you don't want to / can't wait for a SysAid patch. in those cases you of course should check with us that SysAid indeed supports this patch and as always it is recommended to test the patch first on a test machine.

Regarding the other issues you raised regarding the UI - we are putting a lot of resources into this, and our roadmap includes more. We recently release the new UI for the reporting which offered not only a better UI - but a better experience, with the option to create new reports without coding etc...
We are in the process of planning an upgraded experience of the main ticket screen taking into mind the pain points you mentioned like opening tickets in new tabs and more.

If you like what we did with our new reporting - you'll love what we are planning for the rest of SysAid.
SysAider
22
 
Hi there.

Being able to patch Java by one's self is great, why hasn't anyone said anything about that yet? That would obviously help us admins stay on top of Java updates as even minor releases of it contain critical security fixes nowadays, and I for one really can't sit around and wait for a new release of the RDS. But if I can patch Java for myself, then that solves the issue.

As for the rest of the issues I have written about, I'm happy that you guys are considering them and that they are on your roadmap, I just wonder why this was more towards the back of the queue since it is such a forefront issue.

The main UI issue would be the fact that multi-tasking is very limited at the moment, and it's considerably worse when compared to what we had in the past.

I was talking to Danny T, your community manager over PM about the fact that last year I could at least right-click and open things in a new window even though that didn't also give me the top black SysAid strip of links and it was more or less a dead end as if I wanted to open something else from that newly opened tab, I couldn't really, I was just stuck with the tab that I had opened, such, the Software Products tab for example, from which I had no way of browsing any further.

At present, due to some unknown reason, not even that works anymore, any right-click+open in a new tab lands a user back to the home page.

I am yet to see your guy's work on BI reporting, as I haven't had time to look at it yet, but I'm happy that you guys have acknowledged the fact that the UI isn't as useful as it could be and that you guys are working on it.

Is the RC part of SysAid being given any attention, or is that going nowhere at the moment? It's such a shame that it doesn't have a few more features, such as automatic resolution resizing, clipboard pasting integration, black and white colour scheme and such, these are all very basic features for all remote desktop sharing software. No one expects you to implement a file transfer feature straight off the bat, but the basics are usually expected by default.

The one thing that always made me and other IT staff at previous jobs think that it's broken was the fact that one has to click and hold for a few seconds in order to be able to drag an item along, such as a file or folder, which is completely counter-intuitive as people in general expect any remote desktop sharing feature to work naturally, just as if they'd be sitting in front of the computer that they're controlling.

Perhaps the lack of this and the resolution resizing feature have driven users away from the module and/or caused them to not pursue investing in it. I remember a user on the forum saying that their company had given up on the module a long time ago and that he's amazed that I'm even bothering to file a feature request for it.

I hope providing the above will help SysAid advance.


Thanks.