Oracle's website, social media to wear sandwich board of shame over Java SE insecurity The US Federal Trade Commission (FTC) has signed off a settlement with Oracle over its handling of Java SE updates. The regulator said all four commissioners voted to approve the deal, which requires Oracle to alert everyone visiting its website and social media profiles to the fact that it left old and vulnerable editions of …
Besides a worthless BHO, I understand the major problem with Java is that there is a lot of legacy trash that requires an older, unsupported JVM. This trash is often an unsupported legacy applications. Being fair to Leisure Suit Larry and his minions this is not a unique problem to Java. So blithely removing the older JVM may actually break the code. And the real problem is the unwillingness of companies to either ditch the trash for something or get the updated version neither is Leisure Suit Larry's fault.
Just stop using Java on the desktop.
I have no issues with Java as a language or its use in "some" embedded systems or even providing the runtime for a server based application but I have no appetite to have it installed on my desktop. I got fed up with the constant need for updates each fixing dozens of security vulnerabilities and having to select not to have some extra crap being installed each time so I uninstalled it.
Your mileage may vary but I hardly notice it being gone. I get the odd rare web site where a video doesn't run and when that happens it occurs to me that I din't actually care about seeing the video: certainly not enough to reinstall Java.
Exactly. A "page" (or "document") should be quite static and don't run any kind of code. An application is a different thing. The whole problem with the "web" was turning "pages" into "applications" without understanding truly what it meant. And a "browser" which is also a kind of application environment is another issue. Time to separate the two kind of "web" formats, and the tools used to access them. An ugly mess of "documents" which are also "applications" is just dangerous. I thought the mess Office macros are could have taught something, but no, the web replicated exactly that mess.
Exactly. A "page" (or "document") should be quite static and don't run any kind of code. An application is a different thing. The whole problem with the "web" was turning "pages" into "applications" without understanding truly what it meant.
Yep, so you're in favour of the bad old days when a dedicated version of an application had to be written for each supported platform.
One for Windows pre-8. One for Windows 8+. One for MacOS X. One for iOS. One for Android. One for Ubuntu Linux. One for Fedora Linux. One for FreeBSD…
Even for things like email. Probably one of the early really hugely successful non-trivial web applications was a funny one called HoTMaiL. Remember them? I do.
Prior to them coming along, email access meant setting up an email client on the computer you were using. Yes, a dedicated email client is a good way to access your email, and has many advantages, security being but one. However, this isn't always an option, and these days, the web email clients are almost as good, better in some cases, than the native ones.
One bonus being it mostly doesn't care what your host platform is.
Now, we could strip the browser back to just processing HTML itself, with no client-side code handling and do everything back at the server, then provide some mechanism for the simple browser to start up a more capable client, hand over the session and let the more capable client take it from there. (Geez, that sounds like Java Web Start.)
However, the question has to be asked as to whether this protects the user any more than the present situation, and whether writing it in some other language, say, C# or VBScript would make it any more secure.
I'm not convinced yet that it would.
Not so "Unbreakable" now are you Oracle?
And, just coz: http://ded.ninja/dear_oracle/dear_oracle02.jpg
I think java is going to need more than just "a little push" to be gone.
It's everywhere these days, in your DVD/BluRay player, in your effing "smart" TV, and in a bunch of PC applications that continue to be used today.
Until the infatuation with java stops in the offices of consumer industry, we will lug that millstone around with naught to do but complain.
"... requires Oracle to alert everyone visiting its website and social media profiles to the fact that it left old and vulnerable editions of Java SE on computers – leaving people at the mercy of hackers when they thought they were patched up."
Instead expect hamwashed corporateese starting with 'At Oracle we care about your security ....'
I had to update a workstation, and Java popped up saying please update me too! I updated it, and when it finished a window popped up asking if I wanted to remove the old and potentially "dangerous" versions that were still installed.
Never thought anything like that was possible!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
