Slashdot Mirror
Sun Slips Firefox Extension Into Java Update
pcardno writes "It seems it's not just Microsoft that have spotted a good opportunity to distribute their software through Firefox Addons. On installing the latest annoying, sysbar bubble based Java update, my Firefox informed me that I had a wonderful new Java addon automatically. Here's the addon screenshot. Yes, I could opt out of it, but why are Sun installing Addons to my Firefox without me making specific choices in the application itself? To be clear — I have never chosen to install this Addon, yet it has been installed without my permission with the latest Java Update."
You get what you pay for... and then some.
Most of the stuff on
Yes, now you have Java working in Firefox. Turn it off if you don't like it. Simple.
I mentioned this during the discussion about the Microsoft add-on three weeks ago. How is this news now?
Man, Windows GUI really looks like ass.
Or is that a screenshot from 1990?
Or so says Sun. That being said... I cannot think of one thing I might need a Java tool bar for. Honestly, I have not read the article yet and am sitting here trying to think of one useful thing such a tool might do for me. Anyone?
Dude, you installed the java taskbar updater and you're worried that it installed a little Firefox plugin? That thing is pointless as far as I'm concerned, but one of it's "features" is keeping the JRE in your browser up to date. That's what it does. That it adds on a plugin at the same time is trivial because updating the JRE is a much much bigger deal: Java ain't afraid to break shit with it's JRE updates.
If you don't want it pestering you and downloading tiny incremental JRE updates every week or so, don't fricking install it! It's purely optional. Everything works just as well if you don't have it installed, and it's really better to control your java lib upgrades. It's not quite as bad as letting glibc automatically update every time there is a new version, but it's up there.
Could Firefox add some sort of public/private key extensions signing so I can sign extensions I want to use? Then unsigned extensions wouldn't be loaded and this sort of thing could be stopped ( by the technical minded anyway ).
The disappearing pencil trick. Let me show you it.
Watch out! It seems that some other malicious updaters installed IEtab and a twitter addon in your firefox, too!
Microsft spel chekar vor sail, worgs grate !!!
which no one reads
click dis-the fuck-able
"First you bitch about the baby, then you bitch 'cause we're not married!"
Maybe the add-on is required by F'fox in order to enable new shizzy feature xyz - get over it.
If you really want something to bitch over, think about all the stuf that you NEVER know that comes deep within the package...
It looks like your desktop color depth comes from an 8-bit Nintendo pallet :(
What is a "sysbar bubble based Java update?"
The whole thing seems like a total yawner to me. When I install a package on my ubuntu box, it will typically have side-effects. It may have to install other software that it depends on, and possibly make changes to my system's configuration (e.g., the default if you install apache or ssl is to activate the relevant service). I may or may not agree with Canonical and Debian's choices. If I disagree with them, I can either override them, or choose a different distro that I think does a better job in this area.
He seems to be having an experience on Windows where he's unhappy with the side-effect decisions Sun has made. Although it's on Windows, it seems to be basically the same as the type of issue you can get with a Linux distro, or with any other OS. One possible difference is that packaging of FOSS on non-free OSes generally sucks to high heaven compared to Linux -- and you generally have far fewer choices, and there's nobody looking out for your interests as a user. Well, you make your decision to use Windows and that means you've made your decision to use a system where FOSS packaging sucks.
Find free books.
All this plugin does is speed up loading of Java applets. Its benign, and Sun provides instructions on how to turn it off: http://www.java.com/en/download/help/quickstarter.xml .
Applets, you have heard of them?
When you install / upgrade Java, you get support for the latest Java runtime in your browser to run those applets. It has been thus since the olden times (the mid-nineties when Java was launched).
From the description, this is just a performance optimization so the runtime is loaded and you don't get a delay when there is an applet in the page.
Whether I am right about what the plugin does or not, installing / upgrading the Java Runtime Edition has always affected your browser.
${YEAR+1} is going to be the year of Linux on the desktop!
And of course, if you were a dumbass who didn't understand what extensions were, you might say No out of fear, and then later decide you don't like java. And then later decide buying an iPHone isn't that bad, because it doesn't support java, but java never works anyway.
At some point, you have to let the machine work for you. Remember all the people who complained about windows asking your permission before doing anything possibly harmful? Seems like whether you ask people or not, someone is going to whine on either side of the fence.
In a world of whiners, I'd rather have Javascript work on their browsers.
There's enough problems with things BROKEN because people DON'T do automatic updates. Then when updates to happen automatically, people STILL whine.
Can't win.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
It helps preload the JVM so that any Java applets load faster.
It's not some evil conspiracy.
You told it to update your computer. It didn't tell you exactly what it was doing. Does Microsoft Update tell you everything it's going to touch?
If you don't like it, run Linux, install SELinux and block everything by default.
Not trying to sound like a dick, but this really is a non-issue.
Just FYI: the RFE to remove those addons was marked WONTFIX by mozilla, because "they should be removed by the Installer that put the files there".
IMO it has to be possible to remove them from the Add-On manager.
Yeah, what a complete waste of a story. It is installed with java which preloads core java so that when your browser runs applets, they start faster... Damn those frigging bastards at sun for making my life easier!
Bye!
I recently installed AVG Internet Security Suite on Windows, and noticed that it decided to install anti-malware software in Firefox.
I'm of two minds about this: on the one hand, I'm glad they're supporting Firefox, but on the other hand, I don't remember agreeing to add this extension to Firefox. It's ugly, takes up too much space, and has prominent buttons that I don't care about, and aren't easily disabled.
I would have been much happier if I'd been given the choice to install it or not; I would have. But if I'd known it would uglify Firefox, I would have made more of a point of getting a product that didn't.
What does the MS one do that's not benign?
Its not surprising java installs itself to firefox, java started as a language to run applets in the browser and still needs to be there. These days its nearly all cross-scripting prone javascript widgets instead of applets. I can program either, but frankly i'd rather have robust standardised java to program in, then different DOM from every browser javascript. Can someone get bring the applet back, maybe java-fx (actually the library with it, not the new scripting language, will help.
So, in other words, it does the exact same thing the .NET Firefox extension does, except unlike .NET, it does it for things that no one still uses.
Java applets are dead. I can't remember the last time I ran into one.
I don't need Sun bloating up Firefox to make something that NO ONE USES run slightly faster.
So if someone breaks into your house and cleans your kitchen, you'd think that's okay too?
If you did: "sysbar bubble based Java update" ... I assume you updated Java. In that caser it is completely correct that you get the relevant plug ins for every browser on your system installad as well. That is what Java always did so far on any system I had (Windows, Linux, Mac). ... sorry, sounds pathetic to me.
If you did a Firefox update then it is not Suns fault, but the fault of the guys who bundled the update that you where not asked beforehand.
I think the attitude towards Software Providers may it be MS or Sun, or any other, should be a bit more neutral. You have 2 completely "free as no fee" software packages (Java and Firefox) on your system, and you bitch about getting a few megabytes more than planned (which likely had downloaded later anyway manually!!)
angel'o'sphere
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Yeah maybe, but Sun wants JavaFX (which is based on Java) to be a Flash killer, and for that I'm guessing it needs to load a lot faster than the typical Java applet used to...
I would bet it also makes loading Firefox take longer and uses up RAM even when not using Java.
Neither is benign. When you tamper with a customer's third party software, you 1. Ask them first, and 2. Let them back out easily. Microsoft and Sun did neither of these. Not only are they spitting on good software standards, they're spitting on their users by doing this.
I suppose you're wonderin' how this happened:
Sun executives were sitting around one day at a 3-hour lunch getting drunk and making rude remarks to the waitress. One of them said, "How can we sink the company?" After considerable deliberation, one of them had an idea. "I know, we'll get ourselves on Slashdot for doing something dastardly." Another executive said, "Brilliant! No reputable programmer will ever take a job at Sun again."
Then they had to think of something sufficiently sneaky. That's difficult for a drunk person, especially a drunk person that makes millions of dollars a year. That kind of money decreases initiative. Then one said, "We'll just imitate Microsoft! Almost everything they do is sneaky or mean."
And that's what they did.
Warning: Some of this may be fiction. Or, it may be true.
It preloads all the bloatness of Java, every single time, even if you installed it just for a single page you visited half a year ago.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Yeah, what a complete waste of a story. It is installed with java which preloads core java so that when your browser runs applets, they start faster...
They start faster because every time you open a browser window, the "Java quick start" has to take time to load, even if it was already loaded. If you don't believe me, try timing it.
Also, you now have memory used by a program "just in case you might want to use it someday". And, it's possible to configure the Java runtime to not be available as a browser add-on, but still allow you to run Java apps on your computer. Any bets on whether this extension will load regardless of your browser settings for Java?
Actually that'd be fine with me... my kitchen is a mess.
You install the Java plugin, you expect it to modify your browser.
Still, I would like Firefox to provide better controls of how plugins CAN and CAN'T be installed.
In particular, I would like the browser to ask for approval during startup before a newly installed plugin can be loaded, for the first time.
The approval process should be done in a way that a plugin can't easily fake approval, and if I reject it (I.E. Use of a settings file that only FF can update), the plugin stays disabled.
You don't own or are allowed to control the PC.
Just shut up and smile, we know best for you. "Where do you want us to take you today? Never mind we will take you where we want to go."
---- Booth was a patriot ----
So, you install some software which automatically installs a Firefox addon. Then the next time Firefox runs the addon is automatically enabled? I know that's how plugins are installed. It would be nice if third-parties just didn't do this, but it seems like a change in Firefox must be made to prevent this.
Secure systems must include measures to prevent tampering. Installing code that automatically executes is most certainly tampering, and if my estimate of how this works is correct, I'd call this a Firefox security bug.
It may not be worth it, or even possible with current hardware, to prevent all software from installing addons "under the radar." Still, I'd bet that Firefox could incorporate a more secure way of keeping tabs on enabled addons.
With the Firefox plugin feature, Firefox could keep a list of installed plugins, their md5sums and their filenames. It could then hash this list and store the result somewhere. This would make it easy to detect changes to the installed plugins and prevent programs from simply changing the list of installed plugins. Malware could simply change the list then rewrite the hash, but I'm not sure you could ever get around security through obscurity (in this case) with a normal Linux install and consumer hardware. When different software is run as the same user and without any kind of sandboxing, this is what you get.
Maybe Linux distros need to make a change to enable more sandbox-type security. As Linux's popularity increases, I'll bet we see more of this behavior, just as we see so frequently in Windows. All the software already exists to implement this fairly well, and it's not like disk space is an issue anymore.
Microsoft should be making this change in Windows if building a more secure system is one of their goals.
Hell if they will do the bathrooms too I'd pay them.
Why can't Java be fast to begin with?
Pre-loading doesn't make it fast, it only makes it seem fast.
I updated to Firefox 3.0.6 and it installed a Yahoo tool bar and menu without me asking!
So, they get the majority of the users out there with working Java in their web browser, which they would expect if they have Java installed, and in the process they piss off a few geeks who can't see beyond their own little basement walls.
Pardon me if I find this whole thing a little amusing. If you want Firefox to take over the world it has to be user friendly. As any Vista user will tell you, prompting you to do every little thing is fucking annoying, so they've taken a more traditional approach and just make Firefox aware of it out of the box.
So while there may be a great uproar on slashdot today, no one really cares or some actually appreciate the feature.
Why don't you bitch about Chrome automatically working with Flash or Java on your system out of the box?
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
It seems Java modifies all browsers without you asking to allow them to run applets. That's not what I installed Java for!
There's lots of software that installs browser addons automatically, without even asking you. That's been normal and expected behavior for a decade, it's long since past time to raise Caine over this one.
I think Sun should be accoladed for giving you the option to opt out.
Ever try to install Acrobat without getting the browser plugin? You have to rummage around in the Acrobat directory and remove the plugin component or else EVERY TIME you run Acrobat the plugin will be reinstalled.
INDIGNATION!
Dude, looking at your screenshot, I have to wonder, what window manager are you using? I've never seen it before. That's definitely not GNOME. Oh wait, you're running Windows?!? Go back to Internet Exploder! Extensions never get installed there without your permission!
So, anyone can install an add-on on your Firefox without your concent, and even then, it will run without your prior authorization...
ok, in my way of sseing things maybe firefox ain't that secure...
Because you could opt-out of it.
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
Is there a name for software that installs on the sly, or in an "automatic" way that is unexpected? I don't mean to say virus or trojan, but something that could more properly be associated with something that's not publicly accepted as "malware".
SlyWare? SneakWare?
I think the part of these I despise the most are the ones that keep trying to sneak in, that you can't tick a "don't EVER try to pull that again". Like when IE has a checkbox for "always make sure IE is your browser", instead of the "never ask me again" in FF etc. They're taking advantage of the system and hoping you screw up just once like a pushy salesman trying to get in the door.
I work for the Department of Redundancy Department.
You install the Java plugin, you expect it to modify your browser.
only he didn't install the plugin, he updated the JRE.
I use Opera.
"When you see a unixer brainwashed beyond saving, kick him out of the door." - Xah Lee
Simply only allow them to be installed through Firefox. If one of these crapware installers wants to ad one, make it open Firefox with the xpi installer.
And make it default to cancel.
and in similar news, Sony installed a 'helpful system driver' that made your music playing and purchasing life easier too, helping to protect you from pirate music.
The point is simply that it gets installed on the sly, if its so helpful, they should make it opt-in and surely everyone will accept the install.
so I don't think your judgement about what add-ons are appropriate should be considered.
22:33 UTC - Flamed on Slashdot for having TwitterBar. Why does kno1 nderstnd me?
[% slash_sig_val.text %]
The person that submitted this story is a dumbass - that's all there really is to it.
Next thing you know they'll be adding crap to HKLM/Software/Windows/CurrentVersion/Run without asking ?
Oh wait ...
Mongrel News all the news that fits and froths
How many IE installs have you seen with a dozen ugly search bar below the title bar? It seems like every app installs one, if you are lucky they hide a little checkbox and disclaimer in the installer to avoid it. it's one of peoples big annoyances with IE, even if at it's core it's not IE's fault. I installed Foxit Reader on my laptop the other day, and did not read all the options. To my surprise I had some ridiculous Ask.com toolbar in my firefox install.
Currently if you try to install an extension, Firefox pops a warning up. It needs to do the same if another app installs one. All extensions need to be uninstallable, they need to remove all options otherwise. Ideally, it would be able to verify the integrity of all browser files from a secure source and delete anything that did not follow the "rules" (I.e. can be uninstalled at any time).
All extensions not installed by direct user action (ie going to the firefox addons menu and choosing to install it) should start disabled and have to be manually enabled before they can work.
Firefox is gaining ground in the browser wars, and that means it is going to be targeted. Already malicious sites that attempt to exploit flaws in Firefox exist and are growing in number. I expect it's just a matter of time before spyware extensions start showing up, claiming to do something useful while reporting your browsing habits.
Mozilla foundation needs to keep in mind it is YOUR computer, and YOUR browser, and it should only do the things you want it to, regardless of what other companies want.
Ive been using Firefox since it was called Firebird, and despite the many improvements, it will be a victim of it's own success if it is not careful.
"It seems it's not just Microsoft that have spotted a good opportunity to distribute their software ..."
I clicked on the link http://slashdot.org/article.pl?sid=09&tid=95, indicated above with bold italic, and got the text Nothing for you to see here. Please move along.
What's happening here???
More and more companies will begin piling on crapware to firefox. Eventually people will get tired of it and move to Google Chrome. Which by that time will have solved this problem in there own extension api.
For the paranoid...
http://java.sun.com/developer/technicalArticles/javase/java6u10/
Performance:
* Sun's JRE has been steadily getting faster over the years, and 6u10 is no exception. Key performance improvements are the introduction of Java Quick Starter, which will substantially improve Java cold start time on most systems, and a new graphics pipeline on Windows.
Ah, yes. Another case of, rather than writing your code effficiently, you set it up to load automatically whenever the user starts Windows/I.E./Firefox so it's already there when needed. Sometimes known as The Lazy Way Out.
That's the most idiotic article i've seen in ages.
You've installed a JAVA VIRTUAL MACHINE, which includes BROWSER APPLET SUPPORT.
So yes, it will off course install something on the browser to make it work... which is a plugin (as it's always done in the past, and pretty much what you'd expect), and now they've just added an addon to pre-load the VM to make things faster (and put it as an addon rather than a plugin so that you can disable it more easily).
What's wrong with that ? By installing it, you asked for JAVA SUPPORT on your OS and your WEB BROWSER.
That's what the addon is.
What next, let's complain that adobe secretely install a plugin on your browser without asking when you install flash ??
...and JRE finally, finally showed some kind of Desktop user touch by preloading frequently used classes (or their metadata, more like prebinding/prefetch) to memory in ages of 64bit running laptops with 4+ GB memory.
If I was still on windows and also using applets a lot, I would thank Sun via feedback especially if I had portable with traditionally fragmented NTFS disk.
They were doing harm to users and even Firefox by not implementing that long overdue optimisation which means browser was essentially freezing or choking when most basic java applet hits it.
They unimaginably trust to Apple for Java updates but if they manage to run it as normal (non admin) user, it would be a nice touch for Linux JRE.
Sun had no history of conspiring other peoples browsers, trying to kill them via bundling a browser and name it Internet, trying to force users of alternative browsers to use IE by rejecting to code NS Plugin for Windows Update etc.
It is karma. Sun has karma to waste a bit while other is below GNAA in regards of bundling extras.
Do you feel sorry about Real Networks getting flamed whatever they do including going completely open source? I do but... Their karma. Got it?
3rd party program have installed plugins/extensions for ever...! This reminds me of a story by Asimov in which a man discovers he has something called a "skeleton" inside him. He is worried, because this thing is obviously against him. He consults a weird doctor to get this skeleton removed from him... So shut up, you, hypochrondriac computer users!
You can't really compare uTorrent to Vuze, Vuze is much more powerful.
Mod me down, my New Earth Global Warmingist friends!
This is the United States, not Britain, so please make sure your subjects and verbs agree.
singular subject - singular verb
plural subject - plural verb
Like this:
"why IS Sun installing"
"not just Microsoft that HAS spotted"
My bank stupidly chose to implement a Java-based login system (which again is run by a major security company here), and it takes 20-40 seconds most of the time from I enter the login page until the password & code box appears. The rest of the time it fails due to timeouts.
If this Sun plugin preloads so I don't have to wait, it's great. It's welcome on my system. I have the RAM so I can take the miniscule hit (no laptop or desktop computer with less than 4GB RAM is allowed in my house :).
It comes as part of the Java plugin. You want the plugin, obviously, and you probably want it to operate smoothly. No reason to complain.
This answer I can see. Either both are evil, or both are helpful. In fact, I'd say suns is worse because it preloads things into memory without asking you. All that the MS one does is change your user agent string to reflect that you have dotnet 3.5 installed. This then lets servers send down clickonce apps, as they won't do it (by default) if it doesn't think you can run it.
In the time it took you to write this article and submit it to Slashdot, you could've uninstalled the extension a dozen times.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
Er jqs on my machine is using 1,388k. Yeah huge bloat there.
Not to mention that this update breaks a lot of things on FF on my Vista machine.
We work with a big ad provider and they require an applet to be included. Now for every page load where it executes I get a pause followed by a Java dialog stating "this requires a previous version of Java which might not be as secure, do you want to continue? Y/N".
Of course, clicking no means the dialog re-appears instantly and your FF won't respond to anything else (apart from a kill process command)...
Try disabling jusched.exe and see how long it takes to reappear.
I prefer to run outdated programs to having things silently loading and running in the background.
There're enough things just with Windows running.
vi? Who's that?
As a rule, for ever Linux based desktop that I've run (work, home, over 15 years.. maybe 50 unique installs/upgrades that lasted), the most most consistently flaky glue has been Java working in any browser.
Historically, I stumble across, and need, Java applets pretty infrequently. As a result, nearly 100% of the time I do stumble across, and want to run, a Java applet, it involves somewhere between 5 and 30 minutes of fucking around to make it work. Netscape, Mozilla, now Firefox automatic plugin find/install has worked exactly 0 times for a JVM. And, except for the last year or so, it was always a regular fight at java.sun.com to figure out exactly WTF I needed. I consider myself an educated person, but my paths usually led me to download a 200MB blob that included a IDE, but not a plugin for my always up to date browser. And does installing the JRE actually install the pulgin, when I do manage to get the right thing? No. Creating symlinks is apparently beyond Suns ability. Or maybe its a Java security thing; its quite willing to take up 2GB of memory, but creating a symlink is a violation of security. Fuckers.
In the last 18 months, I spent 9 of them as a Java developer, on a team of 13. I've yet to hear an adequate explanation as to what the difference between JSE, JEE, Java FX, J2ME, JDK, in less then 500 words. Sure, I know it now. Well, maybe not. WTF is JavaFX, and why, just now, when I click on "download JEE", it asks me to download "Glassfish"? THAT ISN'T WHAT I FUCKING ASKED FOR.
It amazes me that people are willing to put up with this shit at all. For a language that isn't even that good.
Anyway. If Sun has finally managed to ship something that actually manages to install a plugin without me digging around on the command line, I'm amazed. That it installs an extension as well is a small price to play.
And in fact, when you're not online, all we do is talk about that.
How about if FF just tracks the extensions you've toggled and pressed the OKAY button for and simply offers to allow you to enable or to delete those extensions that helpfully get installed for you.
Frankly, I'd consider this a bug in FF behavior as much as anything and while wouldn't fault Mozilla developers for it I would love to see it quickly and efficiently addressed. Which to my mind is still what sets apart great open source projects from most of their closed/proprietary family.
Quack, quack.
Don't install java. On anything. Ever. Every time I've installed java in the past, I've been instantly and immediately reprimanded by poor performance, extra processes, random slow downs, and other general crap.
I won't install java.
I won't install apps that require java.
People keep telling me "It's gotten better!" and some such nonsense, but so? It sucked so bad in the past, I'll give it another shot in say, five years, when it's been completely open sourced and fixed. I only use FOSS because it's good, not because I'm a zealot. :) Java is not good, no matter it's current state of source code availability or not.
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
The heroes here are the mozilla developers for understanding that this type of thing can/will happen, and providing a mechanism to let the user know what is happening to their system...
Neither is benign. When you tamper with a customer's third party software, you 1. Ask them first, and 2. Let them back out easily. Microsoft and Sun did neither of these.
I wouldn't be so sure. When you install the JRE, you get to choose whether it should integrate with MSIE and/or Mozilla browsers. I can't say that I've tried, but I'd guess that if you choose for it not to, then it doesn't install any plugins. If, on the other hand, you choose for it to integrate with the browser (which is, reasonably enough, the default), then it does so.
I really don't see the big deal here. When you install the JRE, you would normally expect it to install a browser plugin, so that applets are displayed, and that's what it does.
Mind you, this differs from Microsoft's plugin, which arrived unannounced through Windows Update.
Not only does it install this browser plugin, but after running this installer, it appears almost the entire JRE has been changed -- with no opt-out checkbox in sight!
my point exactly. i just cant think why java apps have to be so damn bloated. i mean if you can write cpp code for utorrent in 250kb, you need 10mb of java code for vuze?
Wealth is the gift that keeps on giving.
wagon...
It's voltsSHAAGGEN... fukengruven, ass in "Fahrvergnuegen"...
OTOH, it could be like opting in for anal sex in the back of a clunky car and complaining about bad tailpipe emissions...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
ded "off-topic"... I've been experiencing that off and on over the past year... Be gentle.... LOL
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
This 'tampering' is done by design. The way it works is an intentional feature of FireFox designed to allow for JUST this sort of thing.
They did ask you, and you said 'yes, please automatically keep me up to date'.
And now you're bitching that they did what you said to do.
They only people spitting are those of you too stupid to realize that the 'problem' here was that you told it to go ahead and make changes to your system whenever it ones.
If this bothers you, you're an idiot for allowing something to change your system at its discretion. Don't use automatic updates, nothing happens.
So you bitch because its doing what you told it to?
That sir, is the most intelligent thing I've heard. Really.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
You only noticed the firefox addon !
Ha Ha. They also sneaked a service in there. Check out your control panel services thing. There's a new service "Java Quick Start".
This whole posting is dumb but...
I really fail to see how anyone with 'TwitterBar' extension installed can bitch about the Java quickstart extension.
I guess if I would have looked at the screenshot sooner I would have realized the guy is just a douche bag and skipped this one :/
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
A better analogy would be you pay somebody to come in and clean your kitchen, and find out they've left you a new phone that speed-dials out to re-hire them. You invited them in for a task and they left something behind unrelated to the task but to their benefit while they were there.
It's not entirely clear to me from the summary when the poster could "opt out of it." If it was during the standard "accept license/click okay/blah blah blah" procedure the analogy gets even stupider. If he just means he can uninstall it later I guess it'll do.
On a mostly unrelated point, why the bloody hell is a link to an old /. article, some fairly worthless bitching and a screenshot of soembody's Firefox add-on list considered front page news? Is it to cut down on the "RTFA" replies by not actually having an article? If so, kudos on streamlining our reading processes for us--but I think we all know the editors aren't that clever.
The install of Java already includes a java browser plugin, they are only extending it's functionality with a firefox addon rather than doing something completely new and unexpected.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I've been using Firefox for as long as I can remember because of great add-ons and a polite setup that allowed me to choose what gets installed on my computer. However, somewhere in the past week, the latest updated version overrode my choice to start up my browser with a blank screen and changed this to a google default startup screen. What's worse, the button that used to allow me to choose to start up with a blank page got blown away-- the interface looks the same, but the buttons have been changed.
Yes, I know that one can put in "about:blank" as the startup page and fix this, but I bet most folks don't know this off the cuff. And yes, I did notice the new place where they placed (buried?) the option to start up with a blank page.
Can someone tell me a sound reason for introducing a change that effectively walls off a user-chosen option like this? Because all I see is sketchy corporate "shepherding". This wouldn't have surprise me coming from Microsoft, but from Mozilla?!
According to your screen shot you are running a Windows OS. By now you should be used to software making choices for you.
If you don't like it switch to an OS that puts you in control. But mind you, you actually have to think about what you're doing.
The Java quick starter plugin is a good thing. Finally Java is doing the same trick as Flash in your browser: start up in the background along with your browser, so when you see a Java applet on a webpage it doesn't take 5 to 20 seconds to show up. They should have done this 10 years ago. If you don't like Java, maybe you shouldn't be installing Java? :)
There was always the Firefox plugin that Java installed (without asking you! Oh noes!)
Now they have added an addon to enhance the Java experience (yes, it's a buzzword, but that's what it's about here) and you cry!
The addon probably doesn't do a whole lot different from the plugin. Both is code that runs inside your browser.
Don't install java. On anything. Ever.
Wouldn't that restrict which mobile phone models you can buy? A lot of phones come with a MIDlet player based on the Java Micro Edition runtime environment.
...and JRE finally, finally showed some kind of Desktop user touch by preloading frequently used classes (or their metadata, more like prebinding/prefetch) to memory in ages of 64bit running laptops with 4+ GB memory.
lucky for you. Most people don't have laptops with 4Gb+ of RAM. Sun still loads up the prefetch, so even if you just want to browse a static html site, you have to wait for a ton of unnecessary Java classes to be loaded. That you'll never use.
Its one of those optimisations that suit just you, and inconvenience hundreds, but you think its ok because it suits you. The recommended option in these situations is for you to install the pre-loaded addin separately.
I know there's a lot of preloading going on nowadays, has been for some time - every OEM ends up with a Java preloader, Adobe startsmart, Mozilla did it a while back IIRC, even Microsoft. Strangely we end up with systems that take ages to boot and everyone (rightly) complains.
The problem really is that these systems require such a large infrastructure that they're becoming unwieldy in practice. It might be fine for a developer to have a million pre-built classes in his language, but when they all have to be loaded up for his apps to work you begin to see why users are demanding smaller, faster, leaner systems. The ease for the developer inconveniences millions of his users. Its time that was reversed.
For those who like the new addition from Sun, leave the new service running. For the rest, disable it, too.
It is not installed from the web, it's installed from outside the Firefox process by the Java updater if I understand correctly. There is no way FF can prevent it from installing, since it's not doing the installing itself.
Dumb ass. You gave them permission when you ran their installation .exe on your system. Don't run it if you don't want them to do shit.
Too many vendors are dealing with their bloated program load times by trying to make their program permanently resident in memory. Microsoft started this with IE, and it's now in Firefox, Microsoft Word, Adobe's PDF viewer, OpenOffice, and now Java. You can lose most of your RAM to bloatware that way. If you let all that stuff install, performance is worse than with none of it. Instead of loading delays, you now get paging delays and boot delays.
We need more restrictive installers. Installers for "applications" shouldn't be allowed to install a service. Windows installers for applications should be restricted to writing into "Program Files/appname" and registry keys in "HKEY_LOCAL_MACHINE/appname".
All this plugin does is speed up loading of Java applets.
Other people have complained that it slows down starting up Firefox. That is a common issue with "quick starters" they can easily slow down other things, especially when what they might "speed up" is only used very infrequently.
What if that tick box isn't there? How do you shut off the quickstarter? I just recently uninstalled Java because java quick starter would not let the computer go into standby mode in XP.
1) The JQS is not "unneeded" because it significantly improves the user experience (perceived startup perfomance) for Java apps. This matter a lot to users and also to Java developers.
2) It doesn't "waste memory", it's a pretty smart quickstarter. It just hints the VMM to load a few of the JRE files - not everything, only some ~10Mb that are critical for its cold-start - in the filesystem cache. This space can be returned if Windows is tight on memory, and there are other tricks like the fact that the JQS goes quiescent if you start Windows on a laptop battery, just so avoid triggering HD activity that would burn a few seconds worth of battery.
3) It doesn't make Firefox "take longer to start", because it does everything it does in background. (You should surely know that one, but then, you were trolling.)
4) Java doesn't have a "massive number of security holes". Quite the opposite, Java's security track record is stellar compared to virtually any other platform (both commercial and FOSS ones). And not all JRE updates are security updates.
5) J2EE has nothing to do with the JRE plugin for browsers, just for the record. People who only need server-side Java will usually install only the JDK, which includes its own JRE without any browser integration, plus some J2EE container.
6) The installer doesn't "demand" registration; yeah it loads a registration site on your browser but you can just close that.
In addition, the JRE deployment technology (post-6u10) is pretty smart and unobtrusive in many aspects. For example, the auto-updater will only download files when your internet connection is detected to be idle, and these downloads are typically small because it fetches small patch files instead of full JRE installers.
Having said all that, I still complain to myself that each update activates stuff that I have to disable, because they are of no use for me - but that's because I am a power-user and a Java developer, so I have a powerful machine that doesn't benefit from the JQS (plus I'm a tidy-freak and a control-freak: after login my Windows session has ZERO preloaded programs, useful or not - I start even IM clients manually when/if I need); and I don't need the auto-updater because I manually update everything all the time, before Sun/Microsoft/Adobe/etc pushes new stuff through their auto-update channels. But I'm not the typical end-user for whom the JRE installation and deployment story was optimized for. Sun could certainly improve the JRE installer with a few options like "Want JQS or not?", but each extra checkbox in the installer would double the number of people bitching that installing Java is a complex and scary procedure compared to the zero-neurons-required, fully-transparent setup of Flash or some other competitor.
I don't have a registry to worry about, nor do I run any third party updaters.
There is a security issue, but it's with an OS that relies on third party installers that are allowed to scribble over each other.
I guess I'm a more inventive complainer than you are.
The day not long ago where I installed the USB protocol analyzer and it blue-screened my workstation every half hour all day, Firefox was adding another 2m to every round trip starting plug-ins that I wouldn't gain any advantage from until after another half-dozen blue screens.
When one application pauses to load a major plug-in, I have eight other desktops one keystroke away where I can continue to accomplish useful work. When Windows is so bogged down coming up from a cold-start that I can't the program menu to pop up, I'm pretty much dead in the water.
What I would really like is a global setting "how much does instant gratification rule your life?" Hint: I won't be picking "make it smooth". I'm no fan of gratification that arrives unannounced and doesn't sport an off switch.
1) The JQS is not "unneeded" because it significantly improves the user experience (perceived startup perfomance) for Java apps. This matter a lot to users and also to Java developers.
Which is great, if anyone still used applets.
Applets are dead. No one uses Java from the browser. It's 100% useless. Everything applets used to be used for has been replaced with AJAX. Applets are obsolete.
Everything else you wrote about how it does waste memory and doesn't slow Firefox (which is demonstrably false, by the way) is irrelevant: because no one uses Java in the browser, any addition is worthless.
5) J2EE has nothing to do with the JRE plugin for browsers, just for the record. People who only need server-side Java will usually install only the JDK, which includes its own JRE without any browser integration, plus some J2EE container.
You're wrong, because I did only install the JDK and that's what dumped the useless extension into Firefox.
6) The installer doesn't "demand" registration; yeah it loads a registration site on your browser but you can just close that.
Shoving it in your face counts as demanding to me. You mean that it doesn't require registration. Which is true, but it asks. Every. Single. Freaking. Update. (We're up to what, 12 on the latest version?)
Applets are dead. No one uses Java from the browser.
Java applets are certainly not popular in recent years, although I wouldn't say dead, and recent improvements (from JDK 6u10+ to JavaFX) stand reasonable chance to resurrect applets (only time will tell). But this whole debate doesn't matter, because if you never visit any page that needs the JRE, you can just not install the JRE - simple, isn't it? And if you ever hit a single site that's interesting to you and uses a Java applet for some useful purpose, then they ain't dead.
You're wrong, because I did only install the JDK and that's what dumped the useless extension into Firefox.
The JDK installer has a option to not install the "public JRE" (public = integrated to Windows / browsers), just turn that off. It's recommended for server boxes where you don't want unnecessary browser plugins of any kind (I won't install even the Acrobat Reader in a server that's exposed to the internet). The installed JDK will still have an embedded jre directory with everything you need to run server-side and even standard client apps like Java IDEs, etc.
Shoving it in your face counts as demanding to me. You mean that it doesn't require registration. Which is true, but it asks.
Well, many installed software does that - pushing the user to the vendor's page. Even the browser itself does it... including addons; every week Firefox tells me that there's a new version of FlashGot or some other addon, and after I say Yes to download, update and restart, Firefox opens a new tab pushing me to the updated addon's page. Perhaps you think that opening a simple Release Notes page is okay, but opening a Registration page is not. That would be BS for me.
Every. Single. Freaking. Update. (We're up to what, 12 on the latest version?)
The true number is MUCH smaller. First, Sun moved from 6u7 to 6u10 (skipping versions 8/9) because 6u10 was a major feature update. Second, not all such versions are pushed through the auto-update channel; I don't know exactly what is Sun's criteria but it seems that only one out of each two or three minor versions are pushed. So, the net number of JRE updates that Sun forces through users with the auto-updater active is pretty small, perhaps 2-3 per year.
[P.S. I'm the poster of the msg you replied to; just for the record as I never post as AC except by accident.]
Aren't applications that interface or alter applications from other vendors without notification or explicit and clear user approval normally called a virus?
Right on. I am permanently on the hunt to delete those quick-starters. Some of those programs I only use once a month and yet they waste my precious boot time.
I am so fed up of it and one more reason why I use Mac at home nowadays.
Martin
BTW: did you know that on OS X applications are installed and de-installed by drag and drop. So simple, so elegant - in fact so simple and elegant that Microsoft displays are warning when you drag and drop an applications icon into the trash can. On OS X there is no warning - dragging and dropping the application into the trash can will de-install ;-) .
Isn't this basically the way it was previously?
In the past, when you installed Java, it came with a plugin that was available for IE and Netscape...is that any different except now it gives you some notification of its installation?
I suppose if you don't have Java installed then yes this is new, but if you plan to visit a Java enabled site, then you would have the chance to install it then also (just like if you were trying to install the Flash plugin). With the new plugin it only installs the needed items (with the remainder of the JRE installing in the background).
Eric B
ebresie@gmail.com