Slashdot Mirror
Sun Slips Firefox Extension Into Java Update
pcardno writes "It seems it's not just Microsoft that have spotted a good opportunity to distribute their software through Firefox Addons. On installing the latest annoying, sysbar bubble based Java update, my Firefox informed me that I had a wonderful new Java addon automatically. Here's the addon screenshot. Yes, I could opt out of it, but why are Sun installing Addons to my Firefox without me making specific choices in the application itself? To be clear — I have never chosen to install this Addon, yet it has been installed without my permission with the latest Java Update."
You get what you pay for... and then some.
Most of the stuff on
Yes, now you have Java working in Firefox. Turn it off if you don't like it. Simple.
I mentioned this during the discussion about the Microsoft add-on three weeks ago. How is this news now?
Man, Windows GUI really looks like ass.
Or is that a screenshot from 1990?
Or so says Sun. That being said... I cannot think of one thing I might need a Java tool bar for. Honestly, I have not read the article yet and am sitting here trying to think of one useful thing such a tool might do for me. Anyone?
Could Firefox add some sort of public/private key extensions signing so I can sign extensions I want to use? Then unsigned extensions wouldn't be loaded and this sort of thing could be stopped ( by the technical minded anyway ).
The disappearing pencil trick. Let me show you it.
Watch out! It seems that some other malicious updaters installed IEtab and a twitter addon in your firefox, too!
Microsft spel chekar vor sail, worgs grate !!!
which no one reads
It looks like your desktop color depth comes from an 8-bit Nintendo pallet :(
What is a "sysbar bubble based Java update?"
The whole thing seems like a total yawner to me. When I install a package on my ubuntu box, it will typically have side-effects. It may have to install other software that it depends on, and possibly make changes to my system's configuration (e.g., the default if you install apache or ssl is to activate the relevant service). I may or may not agree with Canonical and Debian's choices. If I disagree with them, I can either override them, or choose a different distro that I think does a better job in this area.
He seems to be having an experience on Windows where he's unhappy with the side-effect decisions Sun has made. Although it's on Windows, it seems to be basically the same as the type of issue you can get with a Linux distro, or with any other OS. One possible difference is that packaging of FOSS on non-free OSes generally sucks to high heaven compared to Linux -- and you generally have far fewer choices, and there's nobody looking out for your interests as a user. Well, you make your decision to use Windows and that means you've made your decision to use a system where FOSS packaging sucks.
Find free books.
All this plugin does is speed up loading of Java applets. Its benign, and Sun provides instructions on how to turn it off: http://www.java.com/en/download/help/quickstarter.xml .
Applets, you have heard of them?
When you install / upgrade Java, you get support for the latest Java runtime in your browser to run those applets. It has been thus since the olden times (the mid-nineties when Java was launched).
From the description, this is just a performance optimization so the runtime is loaded and you don't get a delay when there is an applet in the page.
Whether I am right about what the plugin does or not, installing / upgrading the Java Runtime Edition has always affected your browser.
${YEAR+1} is going to be the year of Linux on the desktop!
And of course, if you were a dumbass who didn't understand what extensions were, you might say No out of fear, and then later decide you don't like java. And then later decide buying an iPHone isn't that bad, because it doesn't support java, but java never works anyway.
At some point, you have to let the machine work for you. Remember all the people who complained about windows asking your permission before doing anything possibly harmful? Seems like whether you ask people or not, someone is going to whine on either side of the fence.
In a world of whiners, I'd rather have Javascript work on their browsers.
There's enough problems with things BROKEN because people DON'T do automatic updates. Then when updates to happen automatically, people STILL whine.
Can't win.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
It helps preload the JVM so that any Java applets load faster.
It's not some evil conspiracy.
You told it to update your computer. It didn't tell you exactly what it was doing. Does Microsoft Update tell you everything it's going to touch?
If you don't like it, run Linux, install SELinux and block everything by default.
Not trying to sound like a dick, but this really is a non-issue.
Just FYI: the RFE to remove those addons was marked WONTFIX by mozilla, because "they should be removed by the Installer that put the files there".
IMO it has to be possible to remove them from the Add-On manager.
click dis-the fuck-able
Simple solution: read the EULAs in full. And when you don't like them (e.g. Google Earth EULA which gives them root access to your PC) then don't install.
And anyone whose product or business depends on you having Java installled... well this is a good discussion to point them to when you call their support line saying "it just doesn't work"
Yeah, what a complete waste of a story. It is installed with java which preloads core java so that when your browser runs applets, they start faster... Damn those frigging bastards at sun for making my life easier!
Bye!
What does the MS one do that's not benign?
So if someone breaks into your house and cleans your kitchen, you'd think that's okay too?
If you did: "sysbar bubble based Java update" ... I assume you updated Java. In that caser it is completely correct that you get the relevant plug ins for every browser on your system installad as well. That is what Java always did so far on any system I had (Windows, Linux, Mac). ... sorry, sounds pathetic to me.
If you did a Firefox update then it is not Suns fault, but the fault of the guys who bundled the update that you where not asked beforehand.
I think the attitude towards Software Providers may it be MS or Sun, or any other, should be a bit more neutral. You have 2 completely "free as no fee" software packages (Java and Firefox) on your system, and you bitch about getting a few megabytes more than planned (which likely had downloaded later anyway manually!!)
angel'o'sphere
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Yeah maybe, but Sun wants JavaFX (which is based on Java) to be a Flash killer, and for that I'm guessing it needs to load a lot faster than the typical Java applet used to...
I would bet it also makes loading Firefox take longer and uses up RAM even when not using Java.
Neither is benign. When you tamper with a customer's third party software, you 1. Ask them first, and 2. Let them back out easily. Microsoft and Sun did neither of these. Not only are they spitting on good software standards, they're spitting on their users by doing this.
I suppose you're wonderin' how this happened:
Sun executives were sitting around one day at a 3-hour lunch getting drunk and making rude remarks to the waitress. One of them said, "How can we sink the company?" After considerable deliberation, one of them had an idea. "I know, we'll get ourselves on Slashdot for doing something dastardly." Another executive said, "Brilliant! No reputable programmer will ever take a job at Sun again."
Then they had to think of something sufficiently sneaky. That's difficult for a drunk person, especially a drunk person that makes millions of dollars a year. That kind of money decreases initiative. Then one said, "We'll just imitate Microsoft! Almost everything they do is sneaky or mean."
And that's what they did.
Warning: Some of this may be fiction. Or, it may be true.
It preloads all the bloatness of Java, every single time, even if you installed it just for a single page you visited half a year ago.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Yeah, what a complete waste of a story. It is installed with java which preloads core java so that when your browser runs applets, they start faster...
They start faster because every time you open a browser window, the "Java quick start" has to take time to load, even if it was already loaded. If you don't believe me, try timing it.
Also, you now have memory used by a program "just in case you might want to use it someday". And, it's possible to configure the Java runtime to not be available as a browser add-on, but still allow you to run Java apps on your computer. Any bets on whether this extension will load regardless of your browser settings for Java?
Actually that'd be fine with me... my kitchen is a mess.
You install the Java plugin, you expect it to modify your browser.
Still, I would like Firefox to provide better controls of how plugins CAN and CAN'T be installed.
In particular, I would like the browser to ask for approval during startup before a newly installed plugin can be loaded, for the first time.
The approval process should be done in a way that a plugin can't easily fake approval, and if I reject it (I.E. Use of a settings file that only FF can update), the plugin stays disabled.
Its not surprising java installs itself to firefox, java started as a language to run applets in the browser and still needs to be there.
This is about the 10th post that just doesn't understand the issue.
Running of Java applets within Firefox is controlled by a plugin. What is being installed by Java is an additional addon that is in the "extension" category, and is not required for running Java applets.
All this new extension does is preload Java when you start your browser, so that Java applets will appear to start faster. They won't really start any faster, since the pre-loaded code can be swapped out just like any other code. Likewise, if you have enough RAM, after the first Java applet runs, the Java runtime would be cached and future applets will start more quickly.
Even if applets do start faster, you are just changing when the time is taken (at browser load or at applet load).
So, you install some software which automatically installs a Firefox addon. Then the next time Firefox runs the addon is automatically enabled? I know that's how plugins are installed. It would be nice if third-parties just didn't do this, but it seems like a change in Firefox must be made to prevent this.
Secure systems must include measures to prevent tampering. Installing code that automatically executes is most certainly tampering, and if my estimate of how this works is correct, I'd call this a Firefox security bug.
It may not be worth it, or even possible with current hardware, to prevent all software from installing addons "under the radar." Still, I'd bet that Firefox could incorporate a more secure way of keeping tabs on enabled addons.
With the Firefox plugin feature, Firefox could keep a list of installed plugins, their md5sums and their filenames. It could then hash this list and store the result somewhere. This would make it easy to detect changes to the installed plugins and prevent programs from simply changing the list of installed plugins. Malware could simply change the list then rewrite the hash, but I'm not sure you could ever get around security through obscurity (in this case) with a normal Linux install and consumer hardware. When different software is run as the same user and without any kind of sandboxing, this is what you get.
Maybe Linux distros need to make a change to enable more sandbox-type security. As Linux's popularity increases, I'll bet we see more of this behavior, just as we see so frequently in Windows. All the software already exists to implement this fairly well, and it's not like disk space is an issue anymore.
Microsoft should be making this change in Windows if building a more secure system is one of their goals.
Hell if they will do the bathrooms too I'd pay them.
I updated to Firefox 3.0.6 and it installed a Yahoo tool bar and menu without me asking!
So, they get the majority of the users out there with working Java in their web browser, which they would expect if they have Java installed, and in the process they piss off a few geeks who can't see beyond their own little basement walls.
Pardon me if I find this whole thing a little amusing. If you want Firefox to take over the world it has to be user friendly. As any Vista user will tell you, prompting you to do every little thing is fucking annoying, so they've taken a more traditional approach and just make Firefox aware of it out of the box.
So while there may be a great uproar on slashdot today, no one really cares or some actually appreciate the feature.
Why don't you bitch about Chrome automatically working with Flash or Java on your system out of the box?
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
It seems Java modifies all browsers without you asking to allow them to run applets. That's not what I installed Java for!
There's lots of software that installs browser addons automatically, without even asking you. That's been normal and expected behavior for a decade, it's long since past time to raise Caine over this one.
I think Sun should be accoladed for giving you the option to opt out.
Ever try to install Acrobat without getting the browser plugin? You have to rummage around in the Acrobat directory and remove the plugin component or else EVERY TIME you run Acrobat the plugin will be reinstalled.
Because you could opt-out of it.
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
Is there a name for software that installs on the sly, or in an "automatic" way that is unexpected? I don't mean to say virus or trojan, but something that could more properly be associated with something that's not publicly accepted as "malware".
SlyWare? SneakWare?
I think the part of these I despise the most are the ones that keep trying to sneak in, that you can't tick a "don't EVER try to pull that again". Like when IE has a checkbox for "always make sure IE is your browser", instead of the "never ask me again" in FF etc. They're taking advantage of the system and hoping you screw up just once like a pushy salesman trying to get in the door.
I work for the Department of Redundancy Department.
You install the Java plugin, you expect it to modify your browser.
only he didn't install the plugin, he updated the JRE.
I use Opera.
"When you see a unixer brainwashed beyond saving, kick him out of the door." - Xah Lee
Simply only allow them to be installed through Firefox. If one of these crapware installers wants to ad one, make it open Firefox with the xpi installer.
And make it default to cancel.
and in similar news, Sony installed a 'helpful system driver' that made your music playing and purchasing life easier too, helping to protect you from pirate music.
The point is simply that it gets installed on the sly, if its so helpful, they should make it opt-in and surely everyone will accept the install.
so I don't think your judgement about what add-ons are appropriate should be considered.
22:33 UTC - Flamed on Slashdot for having TwitterBar. Why does kno1 nderstnd me?
[% slash_sig_val.text %]
Next thing you know they'll be adding crap to HKLM/Software/Windows/CurrentVersion/Run without asking ?
Oh wait ...
Mongrel News all the news that fits and froths
How many IE installs have you seen with a dozen ugly search bar below the title bar? It seems like every app installs one, if you are lucky they hide a little checkbox and disclaimer in the installer to avoid it. it's one of peoples big annoyances with IE, even if at it's core it's not IE's fault. I installed Foxit Reader on my laptop the other day, and did not read all the options. To my surprise I had some ridiculous Ask.com toolbar in my firefox install.
Currently if you try to install an extension, Firefox pops a warning up. It needs to do the same if another app installs one. All extensions need to be uninstallable, they need to remove all options otherwise. Ideally, it would be able to verify the integrity of all browser files from a secure source and delete anything that did not follow the "rules" (I.e. can be uninstalled at any time).
All extensions not installed by direct user action (ie going to the firefox addons menu and choosing to install it) should start disabled and have to be manually enabled before they can work.
Firefox is gaining ground in the browser wars, and that means it is going to be targeted. Already malicious sites that attempt to exploit flaws in Firefox exist and are growing in number. I expect it's just a matter of time before spyware extensions start showing up, claiming to do something useful while reporting your browsing habits.
Mozilla foundation needs to keep in mind it is YOUR computer, and YOUR browser, and it should only do the things you want it to, regardless of what other companies want.
Ive been using Firefox since it was called Firebird, and despite the many improvements, it will be a victim of it's own success if it is not careful.
"It seems it's not just Microsoft that have spotted a good opportunity to distribute their software ..."
I clicked on the link http://slashdot.org/article.pl?sid=09&tid=95, indicated above with bold italic, and got the text Nothing for you to see here. Please move along.
What's happening here???
For the paranoid...
http://java.sun.com/developer/technicalArticles/javase/java6u10/
Performance:
* Sun's JRE has been steadily getting faster over the years, and 6u10 is no exception. Key performance improvements are the introduction of Java Quick Starter, which will substantially improve Java cold start time on most systems, and a new graphics pipeline on Windows.
That's the most idiotic article i've seen in ages.
You've installed a JAVA VIRTUAL MACHINE, which includes BROWSER APPLET SUPPORT.
So yes, it will off course install something on the browser to make it work... which is a plugin (as it's always done in the past, and pretty much what you'd expect), and now they've just added an addon to pre-load the VM to make things faster (and put it as an addon rather than a plugin so that you can disable it more easily).
What's wrong with that ? By installing it, you asked for JAVA SUPPORT on your OS and your WEB BROWSER.
That's what the addon is.
What next, let's complain that adobe secretely install a plugin on your browser without asking when you install flash ??
...and JRE finally, finally showed some kind of Desktop user touch by preloading frequently used classes (or their metadata, more like prebinding/prefetch) to memory in ages of 64bit running laptops with 4+ GB memory.
If I was still on windows and also using applets a lot, I would thank Sun via feedback especially if I had portable with traditionally fragmented NTFS disk.
They were doing harm to users and even Firefox by not implementing that long overdue optimisation which means browser was essentially freezing or choking when most basic java applet hits it.
They unimaginably trust to Apple for Java updates but if they manage to run it as normal (non admin) user, it would be a nice touch for Linux JRE.
Sun had no history of conspiring other peoples browsers, trying to kill them via bundling a browser and name it Internet, trying to force users of alternative browsers to use IE by rejecting to code NS Plugin for Windows Update etc.
It is karma. Sun has karma to waste a bit while other is below GNAA in regards of bundling extras.
Do you feel sorry about Real Networks getting flamed whatever they do including going completely open source? I do but... Their karma. Got it?
3rd party program have installed plugins/extensions for ever...! This reminds me of a story by Asimov in which a man discovers he has something called a "skeleton" inside him. He is worried, because this thing is obviously against him. He consults a weird doctor to get this skeleton removed from him... So shut up, you, hypochrondriac computer users!
You can't really compare uTorrent to Vuze, Vuze is much more powerful.
Mod me down, my New Earth Global Warmingist friends!
My bank stupidly chose to implement a Java-based login system (which again is run by a major security company here), and it takes 20-40 seconds most of the time from I enter the login page until the password & code box appears. The rest of the time it fails due to timeouts.
If this Sun plugin preloads so I don't have to wait, it's great. It's welcome on my system. I have the RAM so I can take the miniscule hit (no laptop or desktop computer with less than 4GB RAM is allowed in my house :).
It comes as part of the Java plugin. You want the plugin, obviously, and you probably want it to operate smoothly. No reason to complain.
This answer I can see. Either both are evil, or both are helpful. In fact, I'd say suns is worse because it preloads things into memory without asking you. All that the MS one does is change your user agent string to reflect that you have dotnet 3.5 installed. This then lets servers send down clickonce apps, as they won't do it (by default) if it doesn't think you can run it.
In the time it took you to write this article and submit it to Slashdot, you could've uninstalled the extension a dozen times.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
Er jqs on my machine is using 1,388k. Yeah huge bloat there.
Try disabling jusched.exe and see how long it takes to reappear.
I prefer to run outdated programs to having things silently loading and running in the background.
There're enough things just with Windows running.
vi? Who's that?
As a rule, for ever Linux based desktop that I've run (work, home, over 15 years.. maybe 50 unique installs/upgrades that lasted), the most most consistently flaky glue has been Java working in any browser.
Historically, I stumble across, and need, Java applets pretty infrequently. As a result, nearly 100% of the time I do stumble across, and want to run, a Java applet, it involves somewhere between 5 and 30 minutes of fucking around to make it work. Netscape, Mozilla, now Firefox automatic plugin find/install has worked exactly 0 times for a JVM. And, except for the last year or so, it was always a regular fight at java.sun.com to figure out exactly WTF I needed. I consider myself an educated person, but my paths usually led me to download a 200MB blob that included a IDE, but not a plugin for my always up to date browser. And does installing the JRE actually install the pulgin, when I do manage to get the right thing? No. Creating symlinks is apparently beyond Suns ability. Or maybe its a Java security thing; its quite willing to take up 2GB of memory, but creating a symlink is a violation of security. Fuckers.
In the last 18 months, I spent 9 of them as a Java developer, on a team of 13. I've yet to hear an adequate explanation as to what the difference between JSE, JEE, Java FX, J2ME, JDK, in less then 500 words. Sure, I know it now. Well, maybe not. WTF is JavaFX, and why, just now, when I click on "download JEE", it asks me to download "Glassfish"? THAT ISN'T WHAT I FUCKING ASKED FOR.
It amazes me that people are willing to put up with this shit at all. For a language that isn't even that good.
Anyway. If Sun has finally managed to ship something that actually manages to install a plugin without me digging around on the command line, I'm amazed. That it installs an extension as well is a small price to play.
How about if FF just tracks the extensions you've toggled and pressed the OKAY button for and simply offers to allow you to enable or to delete those extensions that helpfully get installed for you.
Frankly, I'd consider this a bug in FF behavior as much as anything and while wouldn't fault Mozilla developers for it I would love to see it quickly and efficiently addressed. Which to my mind is still what sets apart great open source projects from most of their closed/proprietary family.
Quack, quack.
Don't install java. On anything. Ever. Every time I've installed java in the past, I've been instantly and immediately reprimanded by poor performance, extra processes, random slow downs, and other general crap.
I won't install java.
I won't install apps that require java.
People keep telling me "It's gotten better!" and some such nonsense, but so? It sucked so bad in the past, I'll give it another shot in say, five years, when it's been completely open sourced and fixed. I only use FOSS because it's good, not because I'm a zealot. :) Java is not good, no matter it's current state of source code availability or not.
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
Neither is benign. When you tamper with a customer's third party software, you 1. Ask them first, and 2. Let them back out easily. Microsoft and Sun did neither of these.
I wouldn't be so sure. When you install the JRE, you get to choose whether it should integrate with MSIE and/or Mozilla browsers. I can't say that I've tried, but I'd guess that if you choose for it not to, then it doesn't install any plugins. If, on the other hand, you choose for it to integrate with the browser (which is, reasonably enough, the default), then it does so.
I really don't see the big deal here. When you install the JRE, you would normally expect it to install a browser plugin, so that applets are displayed, and that's what it does.
Mind you, this differs from Microsoft's plugin, which arrived unannounced through Windows Update.
That's not a simple solution. It's faster and easier to laboriously go through directories, removing addins, fixing problems that might result... much easier to do that than to read in full every EULA you are presented with.
wagon...
It's voltsSHAAGGEN... fukengruven, ass in "Fahrvergnuegen"...
OTOH, it could be like opting in for anal sex in the back of a clunky car and complaining about bad tailpipe emissions...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
ded "off-topic"... I've been experiencing that off and on over the past year... Be gentle.... LOL
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
This 'tampering' is done by design. The way it works is an intentional feature of FireFox designed to allow for JUST this sort of thing.
They did ask you, and you said 'yes, please automatically keep me up to date'.
And now you're bitching that they did what you said to do.
They only people spitting are those of you too stupid to realize that the 'problem' here was that you told it to go ahead and make changes to your system whenever it ones.
If this bothers you, you're an idiot for allowing something to change your system at its discretion. Don't use automatic updates, nothing happens.
So you bitch because its doing what you told it to?
That sir, is the most intelligent thing I've heard. Really.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
You only noticed the firefox addon !
Ha Ha. They also sneaked a service in there. Check out your control panel services thing. There's a new service "Java Quick Start".
1995 called, they want their retarded IE jokes back.
Also, extensions can very easily be installed without your permission. It can be done via several methods to allow network admins to push extensions to all clients. All it takes is adding the extension somewhere on the file system and setting a registry key to point to it so Firefox picks it up on the next start.
Of course, if you spent less time acting like a retarded high school dork and actually learning about what you are talking about, you might know this.
As much as I hate windows, I'd take the classic Windows theme over anything Gnome has ever had to offer.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Just for reference, Chrome has the exact same feature already. Why do you think your little flash and pdf files work perfectly out of the box?
As for this being the begining of the end, I suppose tomorrow you'll tell us 2009 is the year of the linux desktop and the year that the internet runs out of bandwidth or diskspace or something else utterly retarded.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
This whole posting is dumb but...
I really fail to see how anyone with 'TwitterBar' extension installed can bitch about the Java quickstart extension.
I guess if I would have looked at the screenshot sooner I would have realized the guy is just a douche bag and skipped this one :/
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
A better analogy would be you pay somebody to come in and clean your kitchen, and find out they've left you a new phone that speed-dials out to re-hire them. You invited them in for a task and they left something behind unrelated to the task but to their benefit while they were there.
It's not entirely clear to me from the summary when the poster could "opt out of it." If it was during the standard "accept license/click okay/blah blah blah" procedure the analogy gets even stupider. If he just means he can uninstall it later I guess it'll do.
On a mostly unrelated point, why the bloody hell is a link to an old /. article, some fairly worthless bitching and a screenshot of soembody's Firefox add-on list considered front page news? Is it to cut down on the "RTFA" replies by not actually having an article? If so, kudos on streamlining our reading processes for us--but I think we all know the editors aren't that clever.
The install of Java already includes a java browser plugin, they are only extending it's functionality with a firefox addon rather than doing something completely new and unexpected.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
That's not a simple solution. It's faster and easier to laboriously go through directories, removing addins, fixing problems that might result... much easier to do that than to read in full every EULA you are presented with.
Agreed, it's not practical to read every EULA if you use non-free software (although it's very easy if you use mostly GPL/BSD, or if you install from debian repositories where the licenses have already been checked for you)
However, even a quick scan of an EULA will tell you a lot.
For example, if it has an extra section tacked-on the end describing some 3rd-party license (e.g. iTunes EULA has this) then you know it's bundling some hidden extra software.
Similarly, blank-check licenses tend to stand-out -- if there's a section like "we will publish new copies of this license and you hereby agree to the new version" then run far far away. (in the physical world, banks tend to use this type of clause a lot)
Automated software updates tend to be described in their own section, so a quick scan of the EULA tells you whether to expect programs running constantly in the background (e.g. Google software)
You can also look for text which gives the vendor root-access to your computer (or to your company network, or to your buildings via audits), typically described in its own section. I haven't seen many of those recently though; having not installed much "enterprisey" software.
If you want to practice by reading an EULA which is pure evil and contains every malicious trick in the book, go and have a read of paypal.
EULAs can be quite insightful into the vendor's history and desires. Like the free downloads whose licenses still mention that you can't install *both* the 3.5" disks and the 5.25" disks to different computers. Or the software that prevents you benchmarking it (databases). You may not use the Solitaire game to control a nuclear power station. You may not export WinAmp to syria. Your database app is known to the state of california to contain chemicals that will cause infertility.
Don't install java. On anything. Ever.
Wouldn't that restrict which mobile phone models you can buy? A lot of phones come with a MIDlet player based on the Java Micro Edition runtime environment.
...and JRE finally, finally showed some kind of Desktop user touch by preloading frequently used classes (or their metadata, more like prebinding/prefetch) to memory in ages of 64bit running laptops with 4+ GB memory.
lucky for you. Most people don't have laptops with 4Gb+ of RAM. Sun still loads up the prefetch, so even if you just want to browse a static html site, you have to wait for a ton of unnecessary Java classes to be loaded. That you'll never use.
Its one of those optimisations that suit just you, and inconvenience hundreds, but you think its ok because it suits you. The recommended option in these situations is for you to install the pre-loaded addin separately.
I know there's a lot of preloading going on nowadays, has been for some time - every OEM ends up with a Java preloader, Adobe startsmart, Mozilla did it a while back IIRC, even Microsoft. Strangely we end up with systems that take ages to boot and everyone (rightly) complains.
The problem really is that these systems require such a large infrastructure that they're becoming unwieldy in practice. It might be fine for a developer to have a million pre-built classes in his language, but when they all have to be loaded up for his apps to work you begin to see why users are demanding smaller, faster, leaner systems. The ease for the developer inconveniences millions of his users. Its time that was reversed.
It is not installed from the web, it's installed from outside the Firefox process by the Java updater if I understand correctly. There is no way FF can prevent it from installing, since it's not doing the installing itself.
Dumb ass. You gave them permission when you ran their installation .exe on your system. Don't run it if you don't want them to do shit.
Too many vendors are dealing with their bloated program load times by trying to make their program permanently resident in memory. Microsoft started this with IE, and it's now in Firefox, Microsoft Word, Adobe's PDF viewer, OpenOffice, and now Java. You can lose most of your RAM to bloatware that way. If you let all that stuff install, performance is worse than with none of it. Instead of loading delays, you now get paging delays and boot delays.
We need more restrictive installers. Installers for "applications" shouldn't be allowed to install a service. Windows installers for applications should be restricted to writing into "Program Files/appname" and registry keys in "HKEY_LOCAL_MACHINE/appname".
All this plugin does is speed up loading of Java applets.
Other people have complained that it slows down starting up Firefox. That is a common issue with "quick starters" they can easily slow down other things, especially when what they might "speed up" is only used very infrequently.
I don't have a registry to worry about, nor do I run any third party updaters.
There is a security issue, but it's with an OS that relies on third party installers that are allowed to scribble over each other.
I guess I'm a more inventive complainer than you are.
The day not long ago where I installed the USB protocol analyzer and it blue-screened my workstation every half hour all day, Firefox was adding another 2m to every round trip starting plug-ins that I wouldn't gain any advantage from until after another half-dozen blue screens.
When one application pauses to load a major plug-in, I have eight other desktops one keystroke away where I can continue to accomplish useful work. When Windows is so bogged down coming up from a cold-start that I can't the program menu to pop up, I'm pretty much dead in the water.
What I would really like is a global setting "how much does instant gratification rule your life?" Hint: I won't be picking "make it smooth". I'm no fan of gratification that arrives unannounced and doesn't sport an off switch.
Applets are dead. No one uses Java from the browser.
Java applets are certainly not popular in recent years, although I wouldn't say dead, and recent improvements (from JDK 6u10+ to JavaFX) stand reasonable chance to resurrect applets (only time will tell). But this whole debate doesn't matter, because if you never visit any page that needs the JRE, you can just not install the JRE - simple, isn't it? And if you ever hit a single site that's interesting to you and uses a Java applet for some useful purpose, then they ain't dead.
You're wrong, because I did only install the JDK and that's what dumped the useless extension into Firefox.
The JDK installer has a option to not install the "public JRE" (public = integrated to Windows / browsers), just turn that off. It's recommended for server boxes where you don't want unnecessary browser plugins of any kind (I won't install even the Acrobat Reader in a server that's exposed to the internet). The installed JDK will still have an embedded jre directory with everything you need to run server-side and even standard client apps like Java IDEs, etc.
Shoving it in your face counts as demanding to me. You mean that it doesn't require registration. Which is true, but it asks.
Well, many installed software does that - pushing the user to the vendor's page. Even the browser itself does it... including addons; every week Firefox tells me that there's a new version of FlashGot or some other addon, and after I say Yes to download, update and restart, Firefox opens a new tab pushing me to the updated addon's page. Perhaps you think that opening a simple Release Notes page is okay, but opening a Registration page is not. That would be BS for me.
Every. Single. Freaking. Update. (We're up to what, 12 on the latest version?)
The true number is MUCH smaller. First, Sun moved from 6u7 to 6u10 (skipping versions 8/9) because 6u10 was a major feature update. Second, not all such versions are pushed through the auto-update channel; I don't know exactly what is Sun's criteria but it seems that only one out of each two or three minor versions are pushed. So, the net number of JRE updates that Sun forces through users with the auto-updater active is pretty small, perhaps 2-3 per year.
[P.S. I'm the poster of the msg you replied to; just for the record as I never post as AC except by accident.]
Right on. I am permanently on the hunt to delete those quick-starters. Some of those programs I only use once a month and yet they waste my precious boot time.
I am so fed up of it and one more reason why I use Mac at home nowadays.
Martin
BTW: did you know that on OS X applications are installed and de-installed by drag and drop. So simple, so elegant - in fact so simple and elegant that Microsoft displays are warning when you drag and drop an applications icon into the trash can. On OS X there is no warning - dragging and dropping the application into the trash can will de-install ;-) .
Isn't this basically the way it was previously?
In the past, when you installed Java, it came with a plugin that was available for IE and Netscape...is that any different except now it gives you some notification of its installation?
I suppose if you don't have Java installed then yes this is new, but if you plan to visit a Java enabled site, then you would have the chance to install it then also (just like if you were trying to install the Flash plugin). With the new plugin it only installs the needed items (with the remainder of the JRE installing in the background).
Eric B
ebresie@gmail.com