ZDNet article about online security advises users to uninstall Java
Carl Jokl
miss it once it is gone. For a lot of people sadly it might be true
and maybe those who play Minecraft won't be reading an article like
this anyway.
Link: http://www.zdnet.com/blog/security/ten-little-things-to-secure-your-online-presence/9901?tag=nl.e539
Fabrizio Giudici
He's not the first and won't be the last. As it's not the first silly
thing published by zdnet and won't be the last. The author proves also a
substantial incompetence and ignorance of the real world, as if he's
really concerned about Java security holes, he should explicitly warn
people about not installing and using applications that embed a Java
runtime. BTW, to me it's clear that the trend will be to have Java-based
desktop applications to embed a Java runtime, given that Java probably
won't be pre-installed any longer on Mac OS X (and it has been not
pre-installed on Windows for years). For instance, the very popular
Cyberduck application (do'h, a popular application made with Java!) has
recently started shipping with an embedded runtime:
http://groups.google.com/group/cyberduck/browse_thread/thread/455979b080390980
Apple itself is working on an official feature for OpenJDK 7 which is a
pre-cooked JRE bundle to be embedded in apps.
The fun thing is that in this way, unless the application developer cares
by himself for upgrades, the JREs won't be automatically updated for the
latest fixes. As it often happens, people believe to act smarter and ends
up dumber.
--
Fabrizio Giudici - Java Architect, Project Manager
Tidalwave s.a.s. - "We make Java work. Everywhere."
fabrizio...@tidalwave.it
http://tidalwave.it - http://fabriziogiudici.it
Ricky Clarkson
You received this message because you are subscribed to the Google Groups "The Java Posse" group.
To post to this group, send email to java...@googlegroups.com.
To unsubscribe from this group, send email to javaposse+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
Fabrizio Giudici
<ricky.c...@gmail.com> wrote:
> Actually on new PCs from the likes of Currys in the UK and Best Buy in
> the US I've not seen a Java-less Windows installation for at least 5
> years.
Are you saying that there was a customized installation of Windows? Cool.
And why the hell they were wasting time in putting Java given that it's a
big desktop failure? :-)
Ryan Schipper
<Fabrizio...@tidalwave.it> wrote:
> Apple itself is working on an official feature for OpenJDK 7 which is a
> pre-cooked JRE bundle to be embedded in apps.
>
Those interested can already build a JRE bundle as part of the OSX
Java 1.7 build from Oracle. Or, download one built by others:
http://code.google.com/p/openjdk-osx-build/
You can get more information about the status of the Mac OS X Java 1.7
port here:
http://java.net/jira/browse/MACOSX_PORT
https://wikis.oracle.com/display/OpenJDK/Mac+OS+X+Port+Project+Status
Or join the mailing list (which will also keep you aware of upcoming bug fixes):
http://mail.openjdk.java.net/mailman/listinfo/macosx-port-dev
>
> The fun thing is that in this way, unless the application developer cares by
> himself for upgrades, the JREs won't be automatically updated for the latest
> fixes. As it often happens, people believe to act smarter and ends up
> dumber.
>
The existence of a system JRE never negated the need for secure
development practices.
In some respects it made patch management easier (one place to
update), but it adds complexities when the JRE introduces bugs in one
application but not another (or worse, fixes bugs in one application
and introduces them in another).
Meanwhile, the trend in commercial application development is to have
an application-specific automatic update feature.
I'd argue that, assuming responsive development processes, the
combination of an embedded JRE and an application-specific automatic
update feature could result in more secure client systems.
Fabrizio Giudici
http://java.net/jira/browse/MACOSX_PORT-105
Might be worth while voting for it.
Carl Jokl
exactly efficient that every Java app has to bundle its own Java with
it. I mean it has been typical for Windows games for example to have
the required version of DirectX bundled with it but this was an
installer so in theory it was installed so every app could use (albeit
it still meant each one has ended up bundling its own copy of it. Not
ideal but I suppose it works.
I suppose if I was a political spin doctor I could argue that there
would be no point asking people to remove Java if so many people
didn't have it installed already. The whole bundling other apps and
having the option checked by default is certainly a genuine pain. I
think the bad feeling generated by this is not worth the revenue
generated. It is not as if Java was the only installer that did this,
Flash was a big culprit too. Every time something tries to bundle
something else with the option checked by default it annoys me.
On Jan 12, 11:11 pm, "Fabrizio Giudici"
> Just adding that the embeddable JRE is described by this issue:
>
> http://java.net/jira/browse/MACOSX_PORT-105
>
> Might be worth while voting for it.
>
> --
> Fabrizio Giudici - Java Architect, Project Manager
> Tidalwave s.a.s. - "We make Java work. Everywhere."
Fabrizio Giudici
> I guess that the bundling allows things to keep working but it is not
> exactly efficient that every Java app has to bundle its own Java with
> it. I mean it has been typical for Windows games for example to have
> the required version of DirectX bundled with it but this was an
> installer so in theory it was installed so every app could use (albeit
> it still meant each one has ended up bundling its own copy of it. Not
> ideal but I suppose it works.
>
> I suppose if I was a political spin doctor I could argue that there
> would be no point asking people to remove Java if so many people
> didn't have it installed already. The whole bundling other apps and
> having the option checked by default is certainly a genuine pain. I
> think the bad feeling generated by this is not worth the revenue
> generated. It is not as if Java was the only installer that did this,
> Flash was a big culprit too. Every time something tries to bundle
> something else with the option checked by default it annoys me.
You're right, but unfortunately for the future we're not going to have
options. In Mac OS X bundling will be the only way to be sure, unless you
want to manually ask the user to pre-install Java (which also means to
make your application installer more complex).
--
Fabrizio Giudici - Java Architect, Project Manager
Tidalwave s.a.s. - "We make Java work. Everywhere."
Simon Ochsenreither
clay
free): it's a graphics heavy game written in Java (and uses JOGL I
believe for OpenGL functionality) and it bundles its own JRE. That's a
much better distribution practice than trying to convince the world
that everyone should maintain a Java runtime on every computer. The
plan that Java was going to be ubiquitous on every client computer is
long gone. Consumers generally don't care and shouldn't care about the
programming infrastructure used to create their applications.
Fabrizio Giudici
I'm just going to notify that there's a thread in progress at
"java...@lists.apple.com" about the argument of bundled JREs, etc.