Firefox's Blocked-By-Default Java Isn't Going Down Well 362
JG0LD writes "The Firefox web browser will, henceforth, require users to manually activate Java objects on sites that they visit, Mozilla has confirmed. This even affects up-to-date versions of Java, which you can see on the block list. The change is aimed at improving security and moving away from a dependence on proprietary plug-ins, but critics say it will cause untold headaches for developers, admins and less-technical end-users. "
Doesn't affect me in the slightest. (Score:0, Interesting)
If you're one of the select few that still uses applications coded in that piece of trash, well, complain to your vendor or find a new piece of software. I haven't used a java application in years. Like 10 years.
Re:Headaches for developers? (Score:2, Interesting)
Javascript not having USB access sounds like a good thing to me.....
I'm actually surprised you can do that with Java.
Actually a good work around would be to expose your USB token as a image device.
Use HTML5 (or god forbid Flash) to extract the encoded data from the image presented.
Little bit clunky but it would work everywhere without any setup.
Re:Like? (Score:2, Interesting)
No, that's exactly his point. There's isn't a standardized way of doing things cross-platform. Before there were companies pushing their own products and providing run-times so assuming you installed their blob you'll get the desired behavior. It worked, but you need to install the blob. You normally had to do something undocumented or very odd to lose cross-platform support.
Now you have Google/Apple/Microsoft/Mozilla phones. Each does things their own way and they have no interest in cross-platform development. They all want things tied down to their phones only so they get market share and a cut from app stores. We're worse off, and the people who can't afford data plans even more so.
Flash seemed like the 'best' cross-platform blob, Java was (and still is) the most powerful, and JavaScript is still busy reinventing all the libraries and tool-kits that previously existed. I've written Java applets and JavaScript apps. Java is still more cross-platform (less platform specific code or bugs to deal with) than JavaScript and HTML5.
Re:Headaches for developers? (Score:5, Interesting)
Because Java allows native access to USB hardware.
Maybe that's a darn good reason for requiring people to authorize Java applets manually!
What need? (Score:3, Interesting)
I use firefox and haven't encountered a singled issue with java not working... that is because I can't even remember the last time I saw a site with an applet.
Really this is a non-issue that will go the same way as active-x support. Only people in Korea will care.
If you are still developing/depending on applets, 1995 called they want their stupid ideas back. What next, your mail link is an animated gif?
My Mother (75) got it. So why not other user ? (Score:2, Interesting)
Re:Didn't they learn from Microsoft? (Score:4, Interesting)
Yes, while I tend to agree with that notion, I also have to remind that this is web Java applets we're talking about. Who does that any more? There are four places where I see that:
1. Business/Office web based apps (Documentum in my case) 2. Cisco "web interfaces" 3. An older HP print server "web interface." 4. Webmin (optional) controls for telnet/ssh and file management.
In each of those cases, I am very comfortable making those explicit exceptions. There may be more. Not wanting to speak for the whole world, but at this point, I can't imagine this being a huge problem. So anyone, please correct me if I'm wrong by providing other examples.
Most online banking systems in Scandinavia use Java applet. Same Java-based id/login system can be used for many public services and for web shop payments. They are working on moving away from it, but for now being able to do online banking is a pretty key requirement for most users. I have Chrome set up with my bank as only trusted site where the Java applet is activated, for all other sites it is deactivated. As long as my bank is not compromised and serving malware through Java vulns that should be ok.
As for Flash, many people seem to think that HTML5 video support can replace Flash, but then you are not aware of the huge amount of popular Flash games out there. As a tower defense game addict Flash is just a necessity for a long while still.
Re:Didn't they learn from Microsoft? (Score:5, Interesting)
As I run adblock and noscript, I'm already extremely comfortable with the white-list approach to securing browsers... so grains of salt in all of that -- users are not usually accustomed to the concept. I hadn't considered it when I first posted at 3-something AM this morning in my sleep. That said, it's useful to know that there are indeed still public/internet facing sites out there using Java. Shame on them.