back to article Redmond stall means IE Java axe won't swing till September

Microsoft has handed sysadmins a reprieve by delaying the blockage of vulnerable old versions of Java in its flagship Internet Explorer web browser until September. The postponement was made on the back of complaints to Redmond, which only provided a guide to managing the issue on Tuesday. "Based on customer feedback, we have …

  1. Anonymous Coward
    Mushroom

    Dear Microsoft / Oracle

    Can you please sort out the utter cluster fuck that is Java / IE11 / Win8 please.

    I should NOT have to run java applets with escalated admin privileges.

    Thank you.

    1. Anonymous Coward
      Anonymous Coward

      Re: Dear Microsoft / Oracle

      "I should NOT have to run java applets with escalated admin privileges."

      No you shouldn't - port everything to .Net and forever say good bye to dozens of security flaws every update. And gain a performance increase and better UIs.

      Or do you really want the code that's responsibile for over 90% of malware exploits (Java) having more access to your system than it already does?

      1. The BigYin

        Re: Dear Microsoft / Oracle

        "No you shouldn't - port everything to .Net and forever say good bye to dozens of security flaws every update. And gain a performance increase and better UIs."

        So you're saying "Ram portability up yer arse, go Windows only and say hello to a whole slew of NEW security flaws every update."

      2. Anonymous Coward
        Big Brother

        Re: Dear Microsoft / Oracle

        AC: "No you shouldn't - port everything to .Net and forever say good bye to dozens of security flaws every update"

        I thought MS was/has moved from .NET to C++, HTML5 and JavaScript ref, mainly because the managed platform never delivered?

        AC: "Or do you really want the code that's responsibile for over 90% of malware exploits (Java)"

        Well, if MS had actually worked with SUN to produces a truely cross-platform, sandboxed and secure product, instead of forking off their own Windows only version, they wouldn't be in the current mess.

    2. Anonymous Coward
      Anonymous Coward

      Re: Dear Microsoft / Oracle

      The problem isn't necessarily MS and/or Oracle although ultimately they do own the problem. In my own case, I know exactly who to blame but can't do a damned thing about it because I don't have the authority. Somewhere in another building are a bunch of stick up their arse programmers who won't adopt correct processes for their web based software. They insist on detecting an EXACT version of Java for their product. Not, Java must be at least, the EXACT version. Even though Java has be rewritten so you no longer NEED an EXACT version. We have found that if you run the latest version of Java and adjust the security settings to medium instead of high their software runs just fine on Windows 7 sp1 in IE 10 with compatibility views enabled. But if you have a problem and you call them about it, gawd help you if you can't uninstall java and downgrade to their EXACT version.

      Yeah, we'd all like to uninstall it. Except it is a key part of this government agency's accounting system.

  2. Anonymous Coward
    Anonymous Coward

    And in a few years, Microsoft research will have come up with the ultimate solution:

    "Behold - IE14 is the most secure version, as we've disabled (yes, disabled!) ActiveX completely (well, almost)."

    1. dogged

      Are you familiar with an ActiveX control called XmlHttpRequest?

      It was based on an interface called IXMLHTTPRequest that shipped in the MSXML library with IE5. Because it permitted the creation of dynamic calls to the server via Javascript (using what we now think of as the XHR API) it became extremely popular and the Gecko team created nsIXMLHttpRequest using the same API because of its utility. I believe it went live in 2000 in Mozilla.

      By 2004, even Safari supported it. Why?

      Because without it, there is no AJAX. All web pages are essentially static.

      A lot of ActiveX components were a horrible mistake, granted. People make mistakes, companies make mistakes. As bad as Java applets? Yeah, probably. Not as bad as Active Desktop but definitely up there with applets. But it's important to remember that we got benefits from it too.

      Unless you want to go back to to cgi-bin and Geocities pages.

      1. Pascal Monett Silver badge

        Re: "go back to to cgi-bin and Geocities pages"

        Now there's an idea. Have web pages that are once again using text to pass information on, instead of a bad 8 minute video on a subject that could be described in two or three paragraphs - if one could be arsed to actually write. Much easier to flip on the microphone and mumble, ummm and ahh for six minutes until speaking the one or two sentences that are actually useful.

        Go back to the days when company web sites were not a mess of Flash pages unaccessible via URL, when restaurant menus were not a flippin' 10MB PDF file containing 2KB of text and a truckload of uncompressed photos.

        Actually, I think I would like to go back to that time.

        The way things are going now, in a decade or two all company websites will just be an interactive HD video. To check a product listing, you'll have to download a gigabyte of corporate presentation nonsense and wait ten minutes to get to the part where you can see what the company sells.

        God I hope I'll be retired by then.

        1. dogged

          Re: "go back to to cgi-bin and Geocities pages"

          Video (and even Flash) are still "static pages". They load, you watch, there is no interaction. That's not what I was talking about at all.

          It's so hard to explain things to first-line support staff...

        2. Anonymous Coward
          Anonymous Coward

          Re: "go back to to cgi-bin and Geocities pages"

          The way things are going now, in a decade or two all company websites will just be an interactive HD video. To check a product listing, you'll have to download a gigabyte of corporate presentation nonsense and wait ten minutes to get to the part where you can see what the company sells.

          Most car company websites are already there. It's actually less hassle to drive to a dealer and pick up a printed brochure than to get the info online.

      2. Anonymous Coward
        Anonymous Coward

        Because without it, there is no AJAX. All web pages are essentially static.

        Wow, this forum is lagging.. I think that post was made over 10 years ago.

  3. LucreLout Silver badge

    Java is a buggy, flakey, out dated piece of crap. It just is.

  4. Anonymous Coward
    Big Brother

    Vulnerabilities in old versions of Java?

    "Microsoft has handed sysadmins a reprieve by delaying the blockage of vulnerable old versions of Java in its flagship Internet Explorer web browser .. we have decided to wait thirty days before blocking any out-of-date ActiveX controls"

    It's priceless, the way they segway vulnerabilities in ActiveX into vulnerabilities in old versions of Java.

    "Screw Sun, cross-platform will never work. Lets move on and steal the Java language" Sep 1997

    "MS is asking the courts to grant Microsoft the right to terminate Sun’s licenses to Microsoft Java technology" Oct 1997

    1. dogged

      Re: Vulnerabilities in old versions of Java?

      Are you suggesting that there are not, in fact, vulnerabilities in old versions of Java?

      And would you like to buy this bridge?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019