Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sun Includes Microsoft-Like Automatic Updates Clause

Posted by timothy on from the wool-over-your-own-eyes dept.

Neill_Smith writes "Following on from Microsoft forcing automatic updates on their users if they want to stay secure, Sun seems to be trying to be trying something similar. They have given themselves permission to 'automatically download, install, and execute applets, applications, software extensions, and updated versions' in the license agreement (hit download) for the JDK on linux (and possibly other platforms)."

18 of 51 comments (clear)

  1. Duplicity by medeii · · Score: 3, Insightful

    ... so, why isn't this on the front page with the latest Microsoft gaffe? Yeah, so what, mod me down.

    --
    got standards? --- http://www.w3.org/
    1. Re:Duplicity by bmetzler · · Score: 2
      ... so, why isn't this on the front page with the latest Microsoft gaffe?

      Because Sun isn't doing this to prevent you from listening to the music that you purchased.

      -Brent
    2. Re:Duplicity by JamesOfTheDesert · · Score: 2

      Because Sun isn't doing this to prevent you from listening to the music that you purchased.

      If you've purchased the music, then you own the MS DRM-free original media. What's to stop you from listening?

      --

      Java is the blue pill
      Choose the red pill
    3. Re:Duplicity by JamesOfTheDesert · · Score: 2

      Well sun isn't dictating nearly as much of the computer industry as Microsoft is.

      True, but if Java(tm) ever become popular, we may have to keep an eye on Sun, since they own and control it.

      --

      Java is the blue pill
      Choose the red pill
  2. I like automatic updates by bmetzler · · Score: 2
    I wish Debian would automatically update also. Apt-get dist-upgrade is simply too much work.

    Anyways, I think it leaves too much to fate to have to watch every vendor for security problems. Why, Once you've checked Microsoft, Sun, RedHat, and many others daily, you've burned up a lot of time. It's so much better that applications can keep themselves up to date.

    I'm all for Sun doing this. Java has a security model, so you don't have to worry about Sun doing funky stuff to your box. Unlike Microsft, who I wouldn't let touch my box. They have so many problems with security that they'd probably ruin my box. Or at least re-allow Viruses to destroy it.

    -Brent
    1. Re:I like automatic updates by bmetzler · · Score: 3, Insightful
      so you could opt out of it.

      How about just not using software that you don't want to? Isn't that good enough? People feel like they deserve everything their way. Well, it's not true. If you don't like it, then don't use it.

      -Brent
    2. Re:I like automatic updates by zangdesign · · Score: 4, Insightful

      you don't have to worry about Sun doing funky stuff to your box.

      I was under the understanding that the best defense is to assume that the other guy is ALWAYS out to get you. This, like many other things, is something that should be left to the user to decide, not forced upon them by fiat. You can't have it both ways.

      Besides, the agreement explicitly gives Sun the right to affect your machine without prior notification. That, in and of itself, is alarming, regardless of the end result. There is no way of knowing whether or not Sun includes malware in the download since you are not allowed to examine it first.

      --
      To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
    3. Re:I like automatic updates by bmetzler · · Score: 4, Informative
      I was under the understanding that the best defense is to assume that the other guy is ALWAYS out to get you. This, like many other things, is something that should be left to the user to decide, not forced upon them by fiat. You can't have it both ways.

      I was under the understanding that the best defense was that if you don't trust someone, don't have anything to do with them. In other words, don't use Java if you can't trust Sun. I'm trying to make a point that people think they seem to deserve anything and everything and that they deserve it their way. Well, I'm sorry, that doesn't happen. Sun isn't forcing anything on you. If you don't like it, you don't use it. I don't like Microsoft's EULA, so I don't use it. I don't cry that Microsoft is forcing me to use their software.

      Besides, the agreement explicitly gives Sun the right to affect your machine without prior notification. That, in and of itself, is alarming, regardless of the end result. There is no way of knowing whether or not Sun includes malware in the download since you are not allowed to examine it first.

      No, as others pointed out, this agreement seems to have to do with Java Web Start. And if you understand how JWS works, it syncs against a central download server so that it always runs the latest codebase. It doesn't bother to tell you that there's a new jEdit out, it just assumes that you want to run the latest version, so it downloads it. The only thing you notice is a little longer start time.

      -Brent
  3. More from the EULA by raxhonp · · Score: 5, Informative

    It's applicable for all platform, not only Linux, and for both the JRE and the JDK. This point is also very interesting:

    6. Notice of Automatic Downloads. You acknowledge that, by your use of the Software and/or by requesting services that require use of the Software, the Software may automatically download, install, and execute software applications from sources other than Sun ("Other Software"). Sun makes no representations of a relationship of any kind to licensors of Other Software. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE OTHER SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

  4. Is this a JNLP and applet thing? by melquiades · · Score: 4, Informative
    Note that Java Web Start downloads JNLPs, and appletviewer download applets, both of which are third-party code that executes on your machine. Clause 6, at least, seems simply to be a CYA applying to these:
    6. Notice of Automatic Downloads. You acknowledge that, by your use of the Software and/or by requesting services that require use of the Software, the Software may automatically download, install, and execute software applications from sources other than Sun ("Other Software"). Sun makes no representations of a relationship of any kind to licensors of Other Software. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE OTHER SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    In other words, "The JVM can download and execute Java code off the net. Just because our JVM downloaded it doesn't mean we endorse it."

    Clause 5 seems a bit more troublesome. But they're not trying to pull any wool over anybody's eyes:
    If additional terms and conditions are not presented on installation, the Software Updates will be considered part of the Software and subject to the terms and conditions of the Agreement.
    In other words, "If you run an installer and it doesn't present new conditions, the old ones still apply." That at least seems pretty reasonable.

    If anything is troublesome, it's the implication that they think they can download stuff to your machine without your permission.
    1. Re:Is this a JNLP and applet thing? by Hard_Code · · Score: 2

      Yeah, I'd guess this has something to do with Webstart, which they started to bundle (but don't automatically install IIRC) with JDK 1.4. Webstart allows Java applications to be downloaded on-demand, with versioning, binary diffs, etc.

      --

      It's 10 PM. Do you know if you're un-American?
  5. Oh, what a fun day on Slashot! by dnight · · Score: 3, Insightful

    First, I get to deal with HIPAA requirements in Windows platforms, now my Oracle/Sun platforms might be at risk.

    I'll tell you this: the first time Sun manages to auto-install *anything* on any of my enterprise servers without my blessing, Sun will be explaining it to both our General Counsel and law enforcement. I don't believe an EULA will protect you from criminal prosecution.

  6. well by Apreche · · Score: 3, Interesting

    I've got service pack 3 and yeah, the EULA says stuff about automatic updates. But you know what. There's a handy dandy automatic update tool in the control panel now. I have it set to "never automatically update". I'm so sure that they are going to try to force software upon me. And at worst, if they do, I remove it. In the worst situation I can re-install windows.
    Sun is doing the same thing, I guess its because they want to have an automatic update tool too. Good, its a nice feature for lazy people or people who aren't geeky enough to update their own software.
    The way it looks to me is these automatic update clauses are just protections put in by lawyers so there's no way we can sue the companies after using their auto-update tools. It's for their protection in case they automatically update everyone with a virus or buggy program. I highly doubt they are trying to force things on us. Anyone who says otherwise is too paranoid and too fanatical. Just give it up already.

    --
    The GeekNights podcast is going strong. Listen!
  7. This isn't good by Sandman1971 · · Score: 4, Insightful

    Automatic updates are not good in a live server environment. Many shops run software that are only certified for certain versions. Automatically updating any part of the OS or underlying packages like JDK could break the software. Doesn't sound like alot of thought was put into this.

    --
    It's better to burn out than to fade away
  8. Why Not Ask Them? by Steve+Cox · · Score: 3, Insightful

    For those that are particularly worried about the new clauses in the license, why not simply ask Sun (politely) about them rather than letting the paranoia build up with every reply posted here?

    You could contact your Sun rep, or use the contact method listed in the the legal and licensing FAQ, or even through the Sun JAVA Forums.

    Better to ask first, rather than to jump to incorrect assumptions.

    Steve.

  9. Is it just poorly worded? by bluestar · · Score: 2

    Ok, so they're saying "The Software" (the JVM) can download and execute software from Sun or anyone else and execute it.

    This has been a standard feature of Java since Day One. An application or applet can load classes from a network as easily as from a file and then execute the class.

    Maybe Sun didn't intend to imply automatic updates are part of the new scheme, but it can sure be interpreted that way.

    --
    "The cost of freedom is eternal vigilance." -Thomas Jefferson
  10. Huh? by rakslice · · Score: 2

    >>I wish Debian would automatically update also. Apt-get dist-upgrade is simply too much work.

    What, you mean it takes too much of your time? Couldn't you just have cron run it with some kind of hands-off all-defaults detail level?

  11. WebStart? by BlackStar · · Score: 2
    Just my thought, but I read it as the WebStart feature of auto-downloading and/or updating JRE/JDK versions to run various WebStart/JNLP enabled apps.

    I don't think it's nearly as over-arching as MSFT's terms, and I expect if Sun was either more explicit or not in a country of lawsuits they would be able to make the disclaimer a bit less broad.

    Heck. So could Microsoft if they didn't need to worry about getting sued over everything and anything.