More accurately, Google's implementation of the Java Security Manager. The JVM running on GAE is modified by Google. This is why there is no Java 8 on GAE and probably never will be. It is a metric ton of work for them to port their changes to each new JVM release.

Managed VM's are the new direction because now you just install the latest Oracle or whatever VM you want. https://cloud.google.com/appengine/docs/managed-vms/

> This is why there is no Java 8 on GAE and probably never will be.

Do you have sources for this? Java 7 on GAE took really long and eventually shipped only shortly before Java 8 was released. From history I would expect the same to the case for Java 8 on GAE. It will take years and ship around the time Java 9 is released. OTOH if Google created a maintenance horror for themselves by patching the fuck out of the JDK and Jetty (I don't think Servlet 3 is ever going to happen) I don't really have many sympathies for them.

No, I'm just reading the writing on the wall. I'm just paying attention to things as I run a business on GAE.

They didn't have such a strong focus on GCE and managed VM's before. It is clear with the release of the public beta of managed VM's, they want people to really test it so they can get it out of beta as quickly as possible. I imagine that most of the team that was allocated to work on GAE is now working on GCE and managed VM's.

I'll be switching to managed vm's at some point in the near future (when I can find some time for it). They are also less expensive, which is nice.

That quote is useful only for helping the obviously guilty avoid punishment.

I specifically thought that might be the case as I was posting, so apologies for the useless comment. I should have listened to my conscious on that one.

That being said though, allow me to take the opportunity to express the utter disdain and contempt I have for the reference of Hanlon's razor. First off, any rule that uses the word "never" is already probably going to be wrong most of the time. Secondly, there are innumerable instances where stupidity would work in place of malice despite the fact that it was actually malice. I see it used almost exclusively by apologetics of some sort or another. It's a useless straw man of a logical fallacy not conducive to intellectual debate.

It's official, Hanlons razor should be put into retirement and not used by anyone with a respect for logic and rationality.

I agree. It's a fun quote and has humor value, but it's the exact wrong stance to take when thinking about security.

Stupidity is one of the most commonly used disguises for malice.