Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat
- Thread starter MacRumors
- Start date
- Sort by reaction score
Slow, buggy, insecure, poor UI frameworks.
Other than it's cross platform capability, tell us why it's good.
I wouldn't hold my breath. This vulnerability is due to an incomplete patch of a old, existing vulnerability.
Basically, oracle slapped a piece of duct tape on a broken radiator and said "all fixed."
This is a very confusing and incomplete report. Can we get some information about how we determine if we might be affected? What, if anything, we need to do about it?
Apple versions were always worse and left holes open a lot longer. Normally MONTHS after Oracle patch them.
I am not talking about the latest and greatest. In terms of security Apple version lag way behind. If you want security and good security Apple is not your best choice.
Thanks for the reply.
I write Java on a daily basis, I wanted to know from you why you thought 'Java Sucks'... or if you were just on some bandwagon. Some reasons why Java sucks are now invalid and have been for a long time - such as 'Java is Slow'... which is a gross generalization.
Some of those points or valid in the link, others are just his opinion, others may disagree or agree.
Java can be a good choice on the server side, on the GUI side, not so much. Saying that, writing webapps with Java is not a great experience - there are better choices - YMMV.
Last edited:
My fear with the Apple solution while it is a good emergency fix is Apple will take to long to remove that emergency solution. Emergency solution are just ones to buy time but not a real fix. Oracle patch it and after the patch Apple needs to its patch removed with in 24 hours as well.
It still works for me
For whatever reason, I am still able to use the Java plugin (which is good because one of my main work tools is, unfortunately, a Java plugin). I'm definitely connected to the internet, so I'm not sure why I'm not blocked.
If I do get blocked, does anyone know a workaround to reenable the plugin. I really do need it for work.
For whatever reason, I am still able to use the Java plugin (which is good because one of my main work tools is, unfortunately, a Java plugin). I'm definitely connected to the internet, so I'm not sure why I'm not blocked.
If I do get blocked, does anyone know a workaround to reenable the plugin. I really do need it for work.
That's "XProtect.meta.plist"
Ok, let's be more clear and more correct here. The actual information presented in the article is really in the file "XProtect.meta.plist", located in "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources".
(There is no "Xprotect.plist". There is a "XProtect.plist", but that's not even the file whose contents is being presented.)
Ok, let's be more clear and more correct here. The actual information presented in the article is really in the file "XProtect.meta.plist", located in "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources".
(There is no "Xprotect.plist". There is a "XProtect.plist", but that's not even the file whose contents is being presented.)
Ok that's it. I'm going completely plug-in free on my browsers. Flash gone. Java gone. Chrome with it's built in Flash virus? Gone.
As a web developer, I've always hated the idea of requiring users to download plugins to view stuff on the web. They all suffer from one or more issues... Instability, insecure, buggy, slow, resource intensive, and controlled by a singled company. So for the past 5 years, we only do stuff in native web technologies HTML, CSS, and Javascript.
If you can't bother to do what's right for the web community/consumers, I'm just not going to be using your stuff or visiting your site anymore.
----------
Agreed. Cross platform compatibility is almost always a sure sign there is something much better available.
As a web developer, I've always hated the idea of requiring users to download plugins to view stuff on the web. They all suffer from one or more issues... Instability, insecure, buggy, slow, resource intensive, and controlled by a singled company. So for the past 5 years, we only do stuff in native web technologies HTML, CSS, and Javascript.
If you can't bother to do what's right for the web community/consumers, I'm just not going to be using your stuff or visiting your site anymore.
----------
Agreed. Cross platform compatibility is almost always a sure sign there is something much better available.
Which widgets are you talking about ? AWT ? Swing ? The Cocoa Java Bridge bindings ? GTK+/QT bindings on Windows or Linux ?
As for slow response time, this has been a non-issue since Java 1.3 and the introduction of the HotSpot JVM as default.
How is that easier than using QT or GTK+ toolkits and other Linux native APIs/languages ? Heck, why not go for TCL/TK or simple Perl TK ?
The reason they chose Java is because as a language, Java was probably the best fit for the job they wanted to accomplish. There are plenty of features in both J2SE and J2EE which are very well implemented, robust and mature. Things you want for software that will be executing where no man can reach in case it fails.
Android is based on Davlik over a Linux kernel. Which part do you think makes it "glitchy" and "jerky" ?
Actually, no. Researching this issue myself, I found these instructions for determining when my Plugin Black List was last updated:
http://osxdaily.com/2011/06/02/check-mac-malware-definition-list-update/
Following these instructions, I came up with 12 Dec 2012. Following the instructions to force updating, it now results in 10 Jan 2013. I presume I will need to repeat this method of all of my Macs, since very clearly automatic is not the answer, at least not for everybody. Also left out generally from this discussion is that the automatic security is not present in Pre-Lion systems if all of the security updates have not been installed.
Java as a language I like. Java as a tool to make customer facing software I hate. Java also has a few horrible server side implementations like Oracle Weblogic.
Java isn't all bad, but the parts that are bad are bad enough for everyone to know about.
Java for most server side development is actually fantastic, but can be hampered by poor vendor choices.
I've heard that Ruby on Rails is the most awesomest thing ever. I tried to install the Rails runtime and serve it through Apache. Wow was that ever a PITA and it never quite worked.
Tomcat/JBoss/WebSphere/Glassfish are models of stability and ease of use compared to the much vaunted Rails. I think people are just lazy, J2EE/JSPs/EJBs aren't so bad, they're just complex because they enable complex applications to be built.
I can understand the animosity against Java. I havent programmed in Java really (Though I do know some programming, but java was never my bag). From a consumer standpoint Ive never been a big fan. I hate websites that use java and Im not a big fan of the programs that are made in Java. They do have cross-platform compatibility which is cool, but performance has always been clunky. The whole java experience has always been clunky for me. Especially on Windows. Things are actually a bit improved on Mac, but Im still not a huge fan.
Java feels like a great idea that never quite made it to that point.
Ahh, opinion though. You know how that goes. Im not sure what other peoples experiences are with Java, but this has been mine over the years. Theres been two main programs Ive used that are based on Java. One of them is a bloated pile of crap, no fault to Java(I dont use that program anymore, Ive since found a replacement that is native to windows and is much better designed/programmed). The other is wonderfully written, but seems to perform noticeably worse on Windows than Mac. Not sure what is up with that.
Over the years though, Ive come to wish I didnt have to use Java at all.
Java is slow. Case in point? Eclipse IDE. They run better now as most people have at least dual core processors. Compare that with XCode or Visual Studio or Borland.
BTW the whole object oriented web application framework was started by Apple called "WebObjects" (based on JAVA)before .NET or others came along. And its still used by Apple to run their websites,online stores and iTunes. But Apple was smart enough to never write iTunes or any front end application in Java. Apple used to release that SDK like XCode for a while and have now stopped it. Wonder why.... But there is a open source community that still supports it.
This fix sets the minimum version to 1.7.10.19. Any release after the current 1.7.10.18 will work, regardless of a fix for this issue (although if Oracle releases a b19 that does't fix this, Apple can easily re-issue this block).