They did - anything Java 7 or greater. Doing a better job at timely releases than Apple ever did manage.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Releases New Java 6 Updates with Security Enhancements
- Thread starter MacRumors
- Start date
- Sort by reaction score
They did - anything Java 7 or greater. Doing a better job at timely releases than Apple ever did manage.
Personally - at work I have 1000+ servers all of which include out-of-band management cards. These are essentially a very small stand-alone computer embedded into a PCIE card in the server with a separate network connection and a web GUI. The remote console feature of these (from at least Dell, IBM or HP) rely on Active X or Java. Sure, I can just disable Webstart and download and run the jnlp manually from command line, but its a pain.
Your vendors could trivially package those management programs and distribute them as apps. This Oracle page says how to package your Java apps and distribute them through the MAS. No jnlp. No command line. No pain.
If you guys don't have Java (and Flash) enabled in your browser, you have immediately removed the major security threat on your Mac computers. Insisting that your vendors package their Java code as a signed app sounds like a no-brainer to me.
Are we missing something?
Last edited:
My 2006 Air is running Lion. It's extremely sluggish and I frequently check my bank accounts to see if I can scrap enough together to replace it, but alas, it looks like I won't have enough disposable cash to buy a replacement until September. At least I just gave my 2007 iMac a memory upgrade so it can keep going for another year or two.
(I guess this is what a Recession is? Or is this just called being a broke college student who has to pay all their own bills?)
Your vendors could trivially package those management programs and distribute them as apps.
There are a number of problems with this:
1. A lot of these cards are in servers which are 3-5+ years old and major changes like this are very unlikely - security patches to the card firmware is about the best we could expect.
2. The jlnp seems to be generated on the fly as they are machine specific and include some sort of one-time authentication mechanism (using certificates/keys I think).
They all use some sort of modified Java VNC (but which can still get video output when the server is turned off or in pre-OS boot stages). If they could support vanilla VNC clients this would remove the need for Java completely.
Due to the security issues i've taken to using a Windows VM to isolate anything flash or Java related, but it's not an elegant solution.
Last edited:
Yes, both versions coexist and certain GUI apps will only use version 6. (Command line tools automatically use 7, though.)
So install the update.
Yeah like their going to rewrite the whole game. Plus, it's kinda nice that updates comes for PC and Mac at the same time.
Why are you characterizing a change in packaging of the software as a "major change"?
Did you look at the Oracle page showing how to do this?Again, I'm confused. As I noted earlier, generating an app means that you are not using jnlp.
This is good news. It's a superb idea even if you're only running Java and Flash that has been packaged as apps.
Here's the $64K question: does your shop have a policy to only allow Flash and Java to be runnable under those protected VMs? Do you prevent your operators from installing Flash/Java plugins on the top-level OS on those machines?
There's a system security check, and a bit that does launches/kickstarts another Java application. So I actually need both in browser Java, and Java Applications to work. I'm not sure there is anything preventing the vendor from doing things differently but this is what our company has, it works,and it's what I'm paid to use. I'm glad to see Apple still supporting Java. If I want to connect with a windows machine then I can connect using a proprietary application, as our company standard is Windows. I prefer to connect with my Mac or Linux machines so Java is apart of that solution. I realize there is a disdain for Java, and I do have my share of frustrations, but not all of us have the luxury of switching technologies at the drop of a hat so we use what works and what is offered. If you don't like it then fine, don't use it. But for many of us, Java does the job well enough.
autrefois
macrumors 65816
If you guys don't have Java (and Flash) enabled in your browser, you have immediately removed the major security threat on your Mac computers. Insisting that your vendors package their Java code as a signed app sounds like a no-brainer to me.
You are missing that millions of people in a wide variety of fields (including mine, education) use Java on a daily basis — in many cases, others have made the decision about which product to use and we have little or no say in it sometimes. Last year, I woke up one day and suddenly could not use a tool that I use every day because Java was out of date and Apple had disabled it, and no working version was available at the time. At least it hasn't happened recently AFAIK that a non-blocked version isn't even available yet (which was the case initially), but throughout the semester a number of students had problems because their Java was out of date. I've heard similar anecdotes elsewhere and a number of people were rightly up in arms about it at MacRumors as well. Just because you don't think Java is needed doesn't mean that there aren't other people who have to use it and have little control over the situation.
Bingo. Lots of people (heck, I would even go out on a limb and say billions of people) can't afford to buy a new computer every few years. It doesn't help that Apple has made it nearly impossible to upgrade its machines because of its obsession with shrinking everything (even the iMac and Mac Pro, non-portable devices). It's very hard if not impossible to upgrade most of Apple's current line-up. You either have to buy a completely new machine or just wait things out.
Given that Apple just dropped the pricing of Macbook Air, I wonder if they realize that with the state of the global economy, they need to lower prices or their sales will drop. Even with the "reverse halo effect" of people buying Macs because of their love for iDevices, some people and institutions can't afford the latest and greatest Macs (I initially said "hardware", but whether Apple uses the latest and greatest hardware as compared to others is a discussion for another thread...).
EDIT: I do applaud Apple btw for making iOS 7 compatible with iPhone 4, we'll see how feature-crippled it is (due to actual or artificial constraints) but I think this is a step in the right direction.
Your vendors could trivially package those management programs and distribute them as apps. This Oracle page says how to package your Java apps and distribute them through the MAS. No jnlp. No command line. No pain.
If you guys don't have Java (and Flash) enabled in your browser, you have immediately removed the major security threat on your Mac computers. Insisting that your vendors package their Java code as a signed app sounds like a no-brainer to me.
At least you seem to be missing a lot.
If you don't grasp the premise of webstart deployment strategy and implementation details, please refrain from commenting. And please keep MAS out of it as it has zero relevance to this discussion.
They already re-wrote it for XBOX 360. If they do it right, it should be easy to distribute Mac and Windows versions at the same time like how AssaultCube does it.
----------
Except Java 7 doesn't work for Snow Leopard or below even though it works with Windows XP.
The millions of people who use it every day and the Java developers like myself who make a living with it. The world doesn't revolve around you. Just because you don't use it doesn't mean no one else does.
Let's summarize:
Your vendor is complacent. They fail to provide signed Java apps -- even though it's very straightforward to package, sign, and deliver their apps this way.
Your company is complacent. They fail to recognize the vectors for computer viruses they leave open because of the artificial requirement for running Java (and, for other complacent companies, Flash) in the browser.
You are complacent. You allow these gaping security holes to exist -- holes that could have massive costs to your company.
This is not the first time we've had a massive complacency towards infection. Have you ever heard of this book and movie?
Running Java and Flash in the browser is not part of the solution. It is a huge chunk of the problem. Remove these 2 plugins from computers and major vectors for infections on Macs disappear instantly.
Incorrect. You have stepped over a crucial distinction -- you're arguing against a straw man.
I have no disdain for Java/Flash per se. You are welcome to run signed Java standalone apps and signed Flash standalone apps. You're welcome to run Java or Flash apps on any computing platform you wish: servers, desktops, laptops, tablets, smart phones, and other portable devices. The problem happens when Java and Flash are run on any of those platforms in the browser.
In short, you are apathetic about the risk and a clear and effective way to address it. Your above "disdain for Java" conjecture reveals you didn't even understand the nature of the problem and its solution.
Java-in-the-browser just the job well enough -- for the hackers and spear-phishers.
What will it take to break through this attitude of complacency?
Why do you think you have little say?
What happened when you asked the vendors of that software to package their Java code as an app rather than run it in the browser?
This distinction between Java-in-the-browser and signed standalone Java apps was clearly made in the discussion. The issue is not with Java, it's with running Java in the browser. Did you read the discussion up to this point? Do you now understand the distinction?
If you wish to avoid such problems in the future, an obvious solution is to convince the providers of those programs to package them as apps. Does that make sense to you?
Some teacher/administrator who championed providers to package their code as signed apps would be a hero.
If you're saying there's an attitude of complacency in multiple uses of Java/Flash in the browser, you'll get no disagreement from me.
Stop. Being. Complacent.
You have misconstrued the problem. And you have underestimated your power to influence the providers of your Java apps with a simple suggestion to ensure their availability.
Indirectly, by lowering/eliminating the need for Java/Flash in the browser, you will have helped make everybody's computer safer from infection.
Welcome to MacRumors, vanjabucic.
Why exactly do you think that we should live with the risks of running Java and Flash in the browser? Why do you think that distributing code via signed apps is the way to go? Claiming that we're missing something without explaining why is a FAIL.
Last edited:
Yes. But how does that change the fact that oracle are fulfilling their promise. Oracle never promised to support Java 1.6 or older on the Mac.
In any case Java 1.6 is EOL.
Then they didn't promise enough. It says on their site: "From laptops to datacenters, game consoles to scientific supercomputers, cell phones to the Internet, Java is everywhere!" and "Java is the foundation for virtually every type of networked application and is the global standard for developing and delivering mobile applications, games, Web-based content, and enterprise software." But the so-called standard has terrible support for Macs that aren't new.
I'm also still stuck with Java 1.5 on my 2006 MacBook unless I upgrade it to Snow Leopard, which I'm afraid to do.
Hmm true, but the xbox version is different in many ways. It gets updated by a whole different team then the main version. A rewrite would take a long time, and the game is working great as it is.
Oracle OSX implementation of Java 1.7 is based upon Apple's 1.6 JVM. It is probably difficult for Oracle to get 1.7 working for older OSX's - and probably little point either - no enough user base.
Just be glad Oracle is supporting Java on OSX to begin with after Apple gave it up ( like a lot of other of its software ).
It would take a lot of time, but no, the game is not working well right now. It hogs RAM and CPU and has random crashing problems.
The statement was a gross overreach. Java was never a global standard for mobile apps (whatever that is supposed to mean). Android is not a standard port of the Java API. Since Oracle's lawsuit was a failure, they get no value from Google's use of the language/API.
Most of the problems Steve Jobs discussed in the "Thoughts on Flash" memo (April, 2010) are equally applicable to Java. Native code for the particular platform will consistently perform better, and accessibility will consistently perform poorly. I recommend reading that memo to see the particulars.
No matter what Steve wrote or what I think, I fully support anyone who wishes to develop and distribute their code as Java apps (or Flash apps). OTOH, the distribution of Java/Flash code to run in web browsers is dangerous; both Oracle and Adobe have had countless exploits of their runtime environments. IMHO, nobody should be running Java/Flash in the browser.
Oracle and Adobe are trying to hype Java/Flash. They over-emphasize their value and fail to note the clear and present danger of these environments. Looking to an Oracle's webpage for an objective evaluation of Java would be foolish.