Javapocalypse soon! Oracle warns devs to bin plugins, fast Oracle's warned developers who still expect browsers to run code developed for Java plugins to get busy finding an alternative. The developers behind all major browsers have decided the NPAPI framework invented last millennium by Netscape has had its day, because there are now better ways to do multimedia and other fun stuff …
Enterprise? What enterprise?
I tested 3 video cameras last month looking for something which I can hook up to my existing motion based rig without it reporting all of my family's whereabouts to "burglary selection as a service" in China.
Every single one of them needed a plugin. 2 wanted to use flash, one tried to install quicktime which someone has pulled out of an archaeological dig. Out of 3 only 1 agreed to work and set-up correctly for non-plugin/non-web-browser use.
This post has been deleted by its author
.NOT!
Java is much easier to install, reinstall, and develop with, is proper multi-platform (unlike .Net), and is the standard for a lot of stuff, including finance, so tough, and Java 9 will make .Net look even more lame and bloated.
I really hate .Net because it is massively bloated (with many GB's junk in Windows directories and loads of junk in the registry), was an absolute pig to reinstall if a runtime version got corrupted, and its browser plugin (I forget the name :-P) sucked; so I try to avoid software needing it on Windows, and shun anything using the 2nd-class port for Linux.
Anyhow, _all_ binary plugins, especially Flash, and poorly secured new web APIs, should be banned on desktop/laptop browsers for security reasons and because they are often unusable on mobile devices e.g. Flash has been banned for a while on Android.
Well, that's quite an outdated view you got.
I worked for many years with Java, and now for some years with .NET and I have to say they are very similar, actually .NET having the lead in some areas.
Java has the benefit of existing for a longer time and having a huge ecosystem around it of commercial and especially open-source libraries and solutions.
And it indeed was the preferred language for quite some banking solutions and even most NASA software, mainly because of its open-source and academic nature.
Java under Sun was more active, more adventurous and innovative. Java under Oracle is outdated, a money-machine for Oracle and losing ground.
Some of the main original creators of Java have left Oracle the last 2 years. And Oracle is trying to beat some money out of large companies using some of the tools in the 'freely distributed' Java SDK + runtime.
Java's slogan is 'write once, run everywhere', referring to its multi-platform nature, but in reality that only goes for like 70% of your code for most applications. A lot of the time you need to write quite some platform-specific code, or know those platforms well to handle certain situations. Also performance-wise Java is not faster than .NET code, I actually dare to say that it is slower in most scenario's, and especially some of the provided functionalities like XML readers, web connections,... tend to be (a lot) slower than the .NET counterparts.
.NET in the browser was called Silverlight, and also support for that technology is abandoned by MS. Today there are virtually no reasons why you shouldn't use html5 for most scenario's, or native apps for mobile devices.
The new JDK 9, which you claim will make .NET look lame and bloated, but actually, .NET is far more lightweight than Java, and 80% of the features they've implemented in JDK 9 is 'stolen' from .NET, as they are available there already for many years.
Especially when you look at the newer .NET Core technology, which actually is 100% multi-platform, with the option of building native, which means without the need for a .NET runtime framework on the machine, and with incredible startup, runtime and web speeds.
And then you have the superior GUI-designer experience in .NET.
Really, I'm sorry to destroy your world but the time that Java was the superior environment/language is already years in the past...
"Java is much easier to install, reinstall, and develop with"
You have obviously never encountered a broken Java install - wont remove, won't reinstall, just dies! And lots of apps require a specific Java version - so you end up with many versions installed!
.Net is preferable to develop with because you have a choice of languages within a single advanced IDE. Not to mention being in general way faster and far more secure...
99% of companies have Windows on the desktop and Windows in the datacentre so the Windows platform emphasis simply doesn't matter - for any other clients you can use a web front end....
"Watchguard firewalls used to require Flash for their web interface"
IIRC, WG v11.0 to 11.8 (about 3 years ago) used to require flash. Which obviously was a PITA.
I manage a few dozen WG firewalls and never actually use the WebUI since it's so much easier and faster to do everything with Policy Manager (or Management Server) in offline.
I don't know if they still do, but Watchguard firewalls used to require Flash for their web interface.
and until VMWare get their thumbs out and shoot (multiple times, to be sure) the moron in their company who decided that building an application using Flash was in any way a good idea, we're stuck with requiring the bloody thing just to use VCenter... OK, there's a barely functional and half baked "web" version in alpha, but the Flash monstrosity should never have been built.
IE has *never* supported NPAPI. IE supports its own plugin architecture instead (ActiveX plugins), and will continue doing that forever for compatibility with enterprise stuff. Presumably Java in IE will continue to work.
Edge has never supported NPAPI. However, AFAIK Edge has never supported ActiveX plugins either - that's one of the differences between IE and Edge.
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
"Can't be done... perhaps it is time for the C-level to cinch up the belt and invest in the infrastructure."
"Software and hardware out there using this plugin could be patched by the manufacturers to use the modern prefered webstart method or simply take the browser out of the mix and create your own network socket and do what you want."
Manufacturers don't have the motivation to do so. They already have the money and have their own investors to please (who would probably prefer they jump country than answer to regulations), the costs are sunk in the enterprise and won't come back, and replacing it means explaining to the investors who expect a return.
So what if if BOTH the developer AND the board say NO (which is extremely likely)?
If both say no?
Only choices really are to sandbox an older web browser/OS, lock it down to only communicate with said legacy kit/site, and add multi layer security over the top.
OR:
Take a chance with a known, insecure plugin/application vs. the LAN/WAN, and hope you get away with it.
To be blunt, the enterprise has to take responsibility for critical maintenance or face the consequences, and the consequences, including panic upgrades, will be a lot more expensive than planned downtime/upgrades before an exploit happens, and any owners/investors really won't like that!
If a manufacturer can't or won't provide a firmware/software upgrade (possibly due to inherent limitations), so allow vulnerabilities to accumulate, and/or the management is so negligent as to retain increasingly insecure hardware/software after warnings, then use a VM hosted OS, preferably Linux, with rollback to a clean image/snapshot after each use, and ensure that you have left that role before you get the flack for avoidable exploits!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
