Slashdot Mirror
Apple Angers Mac Users With Silent Shutdown of Java 7
An anonymous reader writes in with news of the continuing saga of Java patches and exploits. "If you're a Mac user who suddenly can't access websites or run applications that rely on Java, you're not alone. For the second time in a month, Apple has silently blocked the latest version of Java 7 from running on OS X 10.6 Snow Leopard or higher via its XProtect anti-malware tool. Apple hasn't issued any official statements advising users of the change or its reasons, but it's a safe bet that the company has deemed Oracle's most recent update to Java insecure. That's why the company stealthily disabled Java on Macs back on Jan. 10, the same day a Java vulnerability was being exploited in the wild."
If you ran Linux you wouldn't have to worry about software not being able to run.
Update 13 is already out, and *not* blocked by Apple. All that's blocked are the old, insecure (well, more insecure) versions.
Ask me how the Heisenberg Principle may or may not have saved my life.
Oracle is probably the greediest company on the planet.
Without Java applets, my plan to time travel back to 1997 and surf the web is completely ruined!
There's no -1 for "I don't get it."
But How is it ok for apple to disable software on MY computer, without my permission? I never told apple I wanted XX blocked, so apple should not know I have XX running to begin with. IF apple is blocking XX from my computer, without my permission, then is apple breaking any laws? unauthorized access to a PC for example? As My sig says, im sure its hidden in the EULA somewhere that apple can do this but to me, it is apple breaking into MY PC, and disabling software. That just makes me wonder what else apple has access to???
have you seen my sig? there are many others like it but none that are the same
This is why I run GNU Hurd, the only truly free operating system, on my Lemote Yeeloong. My freedom is incredible. I can run ls and cat and EVERYTHING. I look forward to support for manpages in 2017.
If you write Java, to hell with you. Worst language on the planet.
Alright this may be a dumb question but does this have any effect on compiling with the most recent version of java in osx? I generally use boot camp for Windows when I do android development, but if I do make something on the osx side I don't want to run into any problems :p
You do realise you can disable this right?
https://discussions.apple.com/thread/4762386?start=0&tstart=0
Quite amazing what a google search for 'disable XProtect' turns up..
All your bytes are belong to Apple.
If you don't like it, run OpenBSD, FreeBSD, Linux, Hurd or some other not-corporately-pwned OS.
It would have been really irresponsible for them to allow it to be used given what we know about the threat.
How dare updates alter behavior! It's your fault for clicking update. Where is the outrage over Windows update changing behavior? Where is the outrage when sudo apt-get update alters the OS? OMG! OMG! OMG!
LOL @ Apple breaking into your computer! Did they hack your password?
No? Oh wait their security app did what security apps do.... Hmmm... Guess you should take the advice above and run GNU Hurd on your Geentoo Leemvox so you can have total freedom.
Ehm, doesn't Firefox also block vulnerable versions of Java? I guess maybe they are fascist as well.
Those people which rely heavily on using java applets(*) .. and well that must be .. malware devellopers and physicists that actually try to teach physicists in an understandable way.
And I only sympathise with the physicists!
(*)(there indeed are some java applicatIONS that are very good, Jdownloader, JBidwatcher2, for example, and well eclipse)
Mozilla did the same thing with blocking Java on Firefox on January 10th.
Java 7 Update 13 is out already and works on Macs again anyway.
Scorta futuere amo!
Java never really did seem to be high on Apple's list of priorities. Apple is where you get Java for OSX from, not Oracle, and the couple of times I actually wanted to do something with Java on an Apple system (For Minecraft) the system really put up a fight before running it. I'd given up on trying to do any sort of Java development on it a couple years earlier, but I wasn't really trying that hard to get it to work that time.I suppose it'd kind of suck if you have a corporate OSX deployment and need to serve java applets up with it or something, but that idea is almost as implausible as needing java for any web page at this point.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
What browser do you run on OpenBSD, FreeBSD, Linux, or Hurd? If you said Firefox (the usual default browser in most distros)... guess what? Mozilla blocked Java too!
Scorta futuere amo!
But at least you didn't let the fact that you don't know shit about shit stop you from talking!
It's monitoring in the same sense that antivirus software is monitoring.
SJWs are the new boogeyman. -Me
If you're taking Java7 out because it has an exploit, then FUCKING SAY YOU'RE DOING IT!
Then people will know what the hell is going on and can ignore the update request and revisit when there's a patch.
But no, your users are far too fucking STUPID, right?
After all, you're marketers, not coders and all marketers *know* that the plebs who buy stuff are nimrods. Look at the adverts they create to suck these users in for proof of how much contempt for the people who buy the stuff is.
You know what's worse?
They're so vastly right, you can't even say they're wrong!
Look at how apple creates rabid fanbase. fucking loonies the lot of 'em. Look at them on here, defending this fucking REALLY STUPID BRAINDEAD idea!
Pushback is so weaksauce they can ignore it and of those complaining, most are so bought into "teh apehl" they'll complain, but won't actually change a damn thing they do.
The only ones as nuts over that as apple fans are the bloody steamers. It's like you're NOT ALLOWED to have any reason to reject steam and if you do YOU'RE WRONG!!!!.
Bunch of mongrel idiots the lot of 'em.
WTF is up with the old news on slashdot? Java 7 Update 13 came out the day after this "block" went into affect. Update 13 is NOT blocked and fixes the relevant vulnerabilities:
http://www.macrumors.com/2013/02/01/oracle-releases-java-7-update-13-to-address-security-issues-reenable-web-plug-in-on-os-x/
Trees grow. Oracle CEO Larry Ellison doesn't like trees obscuring his view and he will attempt to bury you with legal fees if your tree obstructs his precious view: http://thevileplutocrat.com/bile/articles/billionaire-jerk-larry-ellison/
Larry Ellison is a bully with the money to make your life miserable if he doesn't get what he wants.
In a trial set to begin June 6, the billionaire plans to take his downhill neighbors, the Von Bothmers, to state Superior Court in San Francisco over how trees in their yard have obstructed his floor-to-ceiling window views of San Francisco Bay. The court date follows a lawsuit Mr. Ellison filed last June alleging he will suffer "irreparable injury" from lost property value if the court doesn't make the Von Bothmers cut their trees in order to "restore Plaintiff's views and sunlight."
Irreparable injury? He's actually playing the victim card?
Ellison has gone so far overboard with his entitled moaning that he has hired a lawyer who specializes in "tree and neighbor" law to fight his case against the Von Bothmers.
The trees in question are three redwoods and an 80-year old acacia.
According to Mrs. Von Bothmers's deposition, she actually has photos showing workers hired by Ellison strapped in her redwoods with the intent to cut the tree tops off illegally. Of course, Mr. Ellison denies ever having hired anyone nor directed anyone to illegally enter the Von Bothmers's yard and cut anything down. There is apparently a gang of tree top vandals plaguing the wealthiest neighborhoods in San Francisco.
Ellison has made two attempts to purchase the Von Bothmers home simply to cut the trees down, offering up to $15 million (double the home's value). Both offers have been rejected. In fact, Mrs. Bothmer is so resilient that she has petitioned the city of San Francisco to protect her beautiful accacia as a "Landmark Tree".
Meanwhile, Mr. Ellison has been so deranged over his partially blocked view that he decided to purchase the home of late socialite/fashionista/philanthropist Dodie Rosekrans at 2840 Broadway in San Francisco - immediately next door to his - for $40 million.
What is actually the problem here? This is no different from a regular antivirus/antimalware software update. Most users will find it valuable that vulnerable plugins are disabled until the user actively reenables them.
Let's not let the facts get in our way.
Thirty four characters live here.
companies who sell electronic devices must have these types of things opt in rather than opt out
Opt-in security on mass-market devices generally equates to no security. I don't like Apple's walled garden approach, but I think secure-by-default is the right decision.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
a) it's old news ;)
b) both the Java 7 (from Oracle) and Java 6 (from Apple) updates that address this are already out . Is the new motto Recycling obselete news that matters
c) if you want to opt out from Xprotect, how to guides abound
d)it's the Safari plugin only - other browsers are not effected
e) Apple have pulled the trigger on Xprotect maybe 4 times in 3 years, its not like they are shotgunning
The vulnerabilities from Java 7 were hideously large, and Apple probably did the right thing for the 99 percent who don't know any better. Driveby root access isn't all that fun for the target.
The 1 percent who care, can disable Xprotect temporarily if they want to.
For anyone in between, they could always use another browser.
If you are using a Mac , you are not generally the IT equivalent of a Yukon Frontiersman
Wow... Apple can't catch a break... You know damn well people would be bitching if they hadn't done this... Apple Fails To Disable Java 7. Millions of Macs Vulnerable. News at 11.
The real Sig captains the Northwestern. This one captains
Two issues. Firstly Apple didn't just disable web applets. They disabled Java Web Start too, so whole corporations and government departments are suddently shut down. Secondly, they didn't provide any announcement, or a gui tool to re-enable at your own risk. It was just nuke everyone in silence.
Maybe im just so stuck on the privacy issues going on in the industry today that I am lumping in something unrelated. It is possible. I dont like that windows "phones home" (niether does anyone here) so why is this ok to many here based on the thread so far??
have you seen my sig? there are many others like it but none that are the same
Well, when Jobs was alive, that is...
Is worse than Hitler.
The summary is incorrect with saying Apple blocked Java 7 on 10.6. Actually, Snow Leopard can't run the new Java from Oracle, it can only run the Apple version of it which is still the 6 series. With this last round of blocking, Apple also blocked their own version on Snow Leopard and Apple has not yet released an update for it last time I checked. Now, in my opinion, this whole blocking thing without notice was extremely unprofessional and made me disappointed in Apple, and that's coming from a Mac fan. I got hit with it the other day and spent hours trying to figure out why in the world Java wasn't working on my machines. Ended up finding a work around editing a .plist file using a console text editor. Definitely not a solution for anyone not familiar with the command line.
It doesn't phone home in the sense that it sends no information about your computer to Apple. It just downloads the latest list of blacklisted software from Apple, and then *locally* it blocks any of the listed applications/plugins from being loaded/started. As others have said: it is no different from auto-updating anti-virus definitions.
but they make it easy and obvious how to turn it back on. Apple hides everything away.
Just not 12.10.
PS what is it with all you idiots talking about that one? It's been how long since we've all found out the release was a bit shite?
Yet still you come along with a story about how you have just changed over and it got all wrong.
Either
a) old news, you've whined time and time again about it. You've got your fix now shut the fuck up or we'll bring up apple failures from bloody years ago and see how you like it
b) made up, because you know it's both believable (because of the history of 12.10) and never going to be verified
c) redundant, you used to have this problem then either Ubuntu fixed it a couple of weeks later, but you still want mileage out of it, or you moved to some other distro. But still want more mileage out of it.
I'm figuring (b) myself.
No, I actually did this and that is a real story. If i'ts any consolation the upgrade from 11.04 to 12.04 also blew up in my face although not as badly as the upgrade to 12.10. If I was lying I would have posted AC... like you.
Only to idiots, are orders laws.
-- Henning von Tresckow
Depends on how it works, if it sends a list of installed software to Apple to check it's bad, but if it downloads a list of plugin signatures to disable because they're outdated and insecure that's not any worse or different than the antivirus downloading virus signatures. I don't see the privacy implications of that, would you elaborate?
Live today, because you never know what tomorrow brings
again, If i run a 3rd party monitoring system, I allowed them into my system. If this is on by default, then I am not sure I am ok with this.. What if apple decides one day that they dont want YY running on macs anymore (they have remote wiped IOS apps that were not "harmful" in the past) they have that ability. I am sure most mac users dont even know about this. I asked a few of my friends who are die hard mac users in the past hour if they knew about this they had no idea.
have you seen my sig? there are many others like it but none that are the same
hahahaha
It doesn't bother me at all. You know why? Because I don't use Windows. You don't have to use it either. If you choose to do so, well, that's your choice. I have no objection to that, but I do get a little sick of people griping about the consequences of their own actions.
And that includes the "privacy issues".
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Two issues. Firstly Apple didn't just disable web applets. They disabled Java Web Start too, so whole corporations and government departments are suddently shut down.
Please. Name one government department that would be 100% affected by an OSX vuln.
The government has their head shoved so far up Microsoft's ass that they know what Bill had for breakfast.
AS LONG as the information is presented in a way that users know what they are giving up. Meaning a fully secured system is close to useless because the onyl secure system is an unplugged system. We all know this, we are here on /. now having said that. In this day it is only right for these things to be made aware to the user. Instead of silently removing java, How about a popup explaining why it was disabled and options the user has? or a popup explaining that java is vulnerable, do you want to block it or continue to let it run. Silently blocking ANYTHING is wrong. just as silently installing anything is wrong.
have you seen my sig? there are many others like it but none that are the same
Firefox implemented 'click to play' for Java, Silverlight, and Flash. That just means that it only runs them is the user specifically requests it. There's a big difference between blocking outright and suggesting strongly not running it and then letting the user decide.
it is apple breaking into MY PC
so if you have automatic updates on - in any operating system or application - that means your system is getting 'broken into'?
Depends on how it works, if it sends a list of installed software to Apple to check it's bad, but if it downloads a list of plugin signatures to disable because they're outdated and insecure that's not any worse or different than the antivirus downloading virus signatures. I don't see the privacy implications of that, would you elaborate?
Apple has been using a blacklist that is updated daily to stop dangerous software from running. It is mostly used against trojans, but also to block Java running as a Safari plugin, which has some rather serious exploits (basically, an applet can replace the default Java security manager with its own, and from then on anything goes), _and_ it is known that these exploits are actually for sale.
So there are no privacy problems whatsoever, and while blocking Java applets might be annoying, the alternative would be highly dangerous. By the way, Oracle has released a new software version fixing about 50 security problems, which is not blocked.
well, on one hand i think big software companies really need to get their act together (java especially!) and fill in the wholes before releasing. a certain amount of unforseen patching is probably needed, but with something that's not used very often like Java (not used often = once a week or so at work) we run up against the very annoying problem of updating a boatload of things every time you run it.
given the fanatical dependence mac users have on their apple masters, if i were apple i'd want to disable as much third party stuff as possible that stands a chance of making me look bad.
in windows land, every fault is blamed on windows, when most problems are either third party software or third party drivers. with apple it's the same, though they have more (too much?) control over what runs, and so can do something about it.
i'd be on Oracle's case to fix their shit so they don't have to keep releasing patches that appear to be introducing more holes for spamfucks to crawl through.
i love the Hurd logo - representing all 4 of it's users.
You can't handle the truth!
You are welcome on my lawn.
they have remote wiped IOS apps that were not "harmful" in the past
Citation Needed.
I am not aware of Apple ever "remote wiping" any iOS apps, in fact the mechanism to do that has never been proven to exist. Apple has pulled apps from the App Store before, but if you've already downloaded it you get to keep it and use it to your hearts content. Just can't re-download it.
Just another reason why I will never own a Mac.
your spelt "fascists" wrong...
again, If i run a 3rd party monitoring system, I allowed them into my system. If this is on by default, then I am not sure I am ok with this..
It's updating a blacklist because people have auto-update on, nothing more. You are not 'allowing them into your system'.
What if apple decides one day that they dont want YY running on macs anymore
That would obviously be pointless given the only thing going on here is updating a blacklist - which is editable by the user - when automatic update is on. So clearly if they were to do that for some reason then the information would be disseminated pretty damn quickly about the simple fix to avoid it.
You keep changing what you are not ok with every time it turns out what you were complaining about does not happen. First it's Apple "breaking into computers", then it's Apple "monitoring your pc", then it's Mac OS X "phoning home", and now it's that this functionality is enabled by default and that Apple can wrongly put applications in that list.
At least in this last case it's two things that are actually true. I personally think that enabling the functionality by default is the right decision. It would indeed be better if users were informed when additional applications/versions are blocked, but that's a minor issue as far as I'm concerned. How many times have you seen other malware scanners popping up a list of all new malware they are blocking after every single update? The fact that applications could be wrongfully blocked is also true, but again the same goes for any malware scanner (and there have been such problems in the past with regular virus scanners killing Windows startup because they quarantined a system dll).
And the whole thing can be disabled. Not everyone may know how, but how many people buying a Windows machine with a stock virus scanner (or having a virus scanner installed by a relative/friend that knows something about computers) knows that? The idea is that such settings do more good than harm in general, and experience shows that this is in fact the case. As long as you're not chained to Apple's settings, it's fine as I'm concerned (unlike their gradual moving towards requiring every single application to be signed by a developer that paid them for a certificate before it can be launched).
Hey, look on the bright side. At least people don't think you're a putz.
Maybe you don't have the latest MacBook with Mountain Lion. But you also don't wear pleather pants with the butt cut out.
You are welcome on my lawn.
"Apple hasn't issued any official statements advising users of the change or its reasons, but it's a safe bet that the company has deemed Oracle's most recent update to Java insecure"
Does this apply to the OpenJDK Runtime Environment
AccountKiller
No, you are the IT equivalent of the cast of Glee.
You are welcome on my lawn.
Worse: They installed their own code on your computer. At root level, no less. They did so before sending the computer to you. It takes over the complete computer, so I'd say it's clearly a root kit. The name of that root kit is OS X. :-)
The Tao of math: The numbers you can count are not the real numbers.
Ehm, doesn't Firefox also block vulnerable versions of Java? I guess maybe they are fascist as well.
So does Chrome/Chromium, except those (and Firefox) give you an option to "Run this time" if you want to override it. Instead of just removing it entirely and not telling you until you try to run something you were previously JUST able to run.
Apple was not supposed to have any viable attack vectors; that's what made it so superior to Windows - you never had to worry about malware or viruses.
Is it just my observation, or are there way too many stupid people in the world?
I believe you meant to say "you" instead of "your". Also "spelt" isn't even a word. It's "spelled".. the irony of this comment is incredibly hilarious.
Yeah well, as someone tasked with fixing this for a government department, Apple hasn't told me how to do it. Yes, some hackers figured it out. Yes, I can google and get their knowledge. But Apple didn't give me any way to push the fix out. Nor did they give a gui tool so I can email the users with instructions. In short, we're a bit screwed right now. We'll get over it sure, but in the mean time, tons of legal centres are out of action. is this good enough behavior? Surely not! Please don't defend this crap.
The logo looks to me like someone tried, and failed miserably, to map out a token ring network.
If you can't convince them, convict them.
If you ask this then maybe you shouldn't run Apple (or Microsoft for that matter) software.
thegodmovie.com - watch it
"I believe you meant to say "you" instead of "your". Also "spelt" isn't even a word. It's "spelled".. the irony of this comment is incredibly hilarious."
Never mind the comment stands as written ...
Ehm, doesn't Firefox also block vulnerable versions of Java? I guess maybe they are fascist as well.
Yes. FF puts up a nice warning and then lets you click through it if you so desire.
That's fine. No problems. Shutting down Java without any user identifiable explanation is a dick move. Interesting it's just on 10.6. 10.7 seems to trundle along just fine.
Faster! Faster! Faster would be better!
I think the bigger deal is they don't ask before they do it and while its been awhile since i ran vanilla FF I seem to remember it asking about such things before flipping any switches.
But you should already know what you are getting into if you buy Apple and their being the largest corp on the planet obviously means more people are happy about their way of doing things than not, so if that level of top down control makes you happy? Good for you, I sincerely mean that. I'm all for voting with your wallet and Apple is obviously doing what their customers want or their sales figures would be dropping, so good for them.
ACs don't waste your time replying, your posts are never seen by me.
and i love that they killed java and banning flash off the ios was great too! Apple has low tolerance for bullshit.
OS X is SECURE BY DESIGN. It is IMPOSSIBLE for anyone to write a program that give it a virus.
No, you are the IT equivalent of the cast of Glee.
Young, geeky, bullied by retards who hate them for liking something that the retards don't like? ;)
Firefox DOES warn you about vulnerable versions of plugins and suggests disabling as the better option. Here is a list of blocked versions: https://addons.mozilla.org/en-US/firefox/blocked/
You realise that by reenabling it you are exposing your users to zero day exploits don't you ? Your firewall will not protect you.
I dont actually use a mac, for this very reason so no I did not know I could disable it. how many other mac users know they can disable apple watching their PCs without them knowing about it? how many of them even know apple is monitoring their PCs?? I am not a fan of regulation but one where companies who sell electronic devices must have these types of things opt in rather than opt out would be a great first step.
Haha, hilarious!
"I don't use a mac for the reason that I believe it does something that it doesn't actually do".
The summary is flamebait of the highest order. Don't believe everything you read about Apple that is posted on slashdot, especially in the headlines and summaries of posted articles. Usually the truth is somewhat different.
Is to be commended. Unless, of course you are apple.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
It's NOT your computer. You're just renting it from Steve. You could rent one from Bill instead, if you think it'l help any ;)
Its really easy for some nerd to say your a fool for using Java, but when you have a business line application line Sungard Banner (which uses Oracle Forms which is Java based) with 30 years of prior use its not so simple to just move on - yes we may be foolish, but what can one do at this point?
Apple shuts off Java and they essentially killed off our front line application.
Really all this does is make us move more towards Windows and Linux desktops for anyone who has a business need for a computer.
Its old news now, but they disabled Java and only let you run a version that wasn't even out yet.
if you care about what you think people infer from the type of computer you use then you're way too insecure, you need help.
And there I was thinking it was FDDI...
One can just as well say that Oracle did that.
I'm pretty sure Microsoft would at least announce they are disabling Java before actually doing it.
Spelt is a noun. Ask any hippie. /ot
$
No, you are the IT equivalent of the cast of Glee.
You owe me a new keyboard, mate. *And* a cup of tea. I will not charge you for the damage to my nasal mucosa.
Do not mock my vision of impractical footwear
Firstly, I have nothing against Apple. I bought my first Mac, a Mac Plus in 1985 and I've owned one or more ever since. I find the current track that Apple is following to be very disturbing. Apple always used to be about the customer experience but that seems to be dead and gone. Yes, there was/is a security hole in the Java plugin but completely disabling the plugin is NOT a customer friendly solution and is disproportionate to the risk. Despite the vulnerability I have yet to hear of ANYONE who has been the victim on a Mac. Despite this Apple disabled a plugin that is critical to many people ranging from people running games like Runescape to companies who have legacy point of sale and inventory systems that use Java applets to access database backends. What is next? Disable Flash because of "security risks" what about OSX Applications? They are already forcing sandboxing and draconian rules on developers wanting to sell via the App store.
Keep this up and this is one Apple customer who is going to be looking for alternatives, and where there is one there are probably many.
This is not the first time they've done stuff like this.
If you update your JDK using Software Update, it overwrites all previous versions and turns them into symbolic links to the current version. You then receive an unpleasant surprise when software which relies on a particular JDK breaks for no apparent reason.
The problem is not the changes themselves, but just unilaterally making these decisions and then not telling anyone. If I was working in an enterprise environment and this happened, I too would be incandescent with rage.
Plan My Week for iPhone
Spelt has several meanings. The one used here is -
spelt 1 (splt) — vb
a past tense and past participle of spell
but it is also a type of wheat. Therefore your idea of irony would is misplaced. Do not assume that American is the only form of English as that only shows your ignorance.
Steve Jobs took flash out behind the woodshed and flash didn't come back for dinner. I can say without a doubt that flash is dead, yet if I wanted to counter my own statement I could easily pullup a massive pile of stats that would show Flash on a huge percentage of machines and websites but I can see clearly that no even vaguely bleeding edge websites use it. Flash is just not where the cool kids are. HTML5 has almost entirely taken over all the basic requirements of making a dazzling website that dances about on your screen. I also won't argue that feature for feature HTML+Javascript is better. I know my HTML5 will work on the tidalwave of mobile devices and that is enough for most people.
That all said Jobs killed it because Flash bugs were making him look bad. So now we have round 2 and Java is the one on the Apple chopping block. I think we can all agree that Java in the browser is dead and killing Java on Apple machines might not seem like it is going to ruin things marketshare-wise but keep in mind that many top top top executives are running Apple machines (often to the chagrin of their IT people) these same executives will now resent Java at tiny more than they did before (which might have been zero).
But all that said, I am pretty sure that 90% of the Java being written these days is for the server side of things in large organizations and thus is completely unaffected in theory.
A simple example of how irrelevant such an Apple technology choice can be would be the penetration of Objective-C outside of the Apple ecosystem. I code Objective-C every day and would never consider using it one inch outside of the apple ecosystem. But Apple's move underlines my experience that Java is just not the "Hot" language it was; not dead just not "hot". The mathematical problem with not being the "Hot" language is that it is starting to be nibbled away at the edges without any growth to replace this nibbling. I am seeing Python replacing it as the defacto learning language much as I watched Java replace Pascal as one of the defacto learning languages of the pre 2000's. In science Python is taking over, in finance I am seeing the academic world switching over but not the business world; the business world has a full on love of all things Java.
But before you cast any stones these are all trends; you can yell Hey Mindcraft is Java and it is cool. But what I am saying is that the surface area of Java is retreating toward a core of the business world and it is severely losing its grip on the "programming 101" world; which is where hearts and minds are won. Also keep in mind that many of the kids who may have been learning Java in their programming 101 classes just had all their code die seeing that university students so love their Apple laptops. Hearts and minds baby.
Goodbye old friend.
I would up-mod this had I the points. I can just see the whole appendix thing; awesome visualization. My guess is that some prude downmodded you. Or some PR flunkies. Too bad you went with the Anonymous thing.
It sounds like his users require Java for some crucial work-related application. So, if the choice was expose users to possibility of an exploit, or not get any work done, enabling a vulnerable Java is probably the less costly measure to take.
Uh this was a zero day active exploit. Are you saying you WANT to deal with that? Apple did you a favor. Are you so confident in your staff's ability to avoid getting owned. That's a lot of very sensitive info you would be compromising.
A fool throws a stone into a well and a thousand sages can not remove it.
At least they are fucking with a condom...
I find it funny how yet another Windows8 story ran last week, and there were many suggestions that businesses should all switch to the Mac.
As an Apple user : no, they don't anger me. Insecure pile of shit 3rd party software (Java) should be disabled.
I obtained a patch from my IT department that reversed the change. My understanding is that it modified a PLIST to change the minimum version of Java required.
Our VPN software uses Java, so it is a pain to not have it.
What is still annoying about it is that there is no way to selectively enable it. I understand that it is secure, that's fine. Consequently, I'd like to be able to whitelist Java applications that I trust (i.e. ones that come from corp) and not become vulnerable to ones that aren't trusted. Firefox has accomplished this by replacing the app with an 'Enable Javascript' button. With Safari you're either unable to work or you're letting it all hang out there.
So why didn't the fools at Apple allow disabling for applets, but enabling for Java web start and regular Java apps? If we are exposed unnecessarily to exploits, it is now Apple's fault.
I have no problem with Apple disabling Java. I would like them to provide some notice and I would like them to provide a way to whitelist trusted applications. That doesn't seem unreasonable.
... I had a cloud server get funky on me and the java console for it ran in java. I had used it before, but suddenly...nothing.
Good thing I had a trusty Ubuntu box nearby.
Well they disabled it, and would only permit a version that wasn't even released - no documentation or anything.
I think us big customers could have been treated a bit nicer.
Anyhow yes I want it to still be enabled - our front desk machines can't browse anywhere they want ;).
How was I supposed to know to search for 'disable XProtect' when the Java download link failed? I was cursing Oracle.
No. I was happy they blocked it before I removed it completely anyway.
So, in the name of security, Apple XProtects users of Snow Leopard and higher from the evil Java.
In the meantime Oracle's update is only good for Lion or better.
But usage numbers from last month showed 10.6 and lower as being the largest installed base of Mac OS.
I'm not seeing how either action works to the greater good of Mac users, especially since Oracle has updates good for XP.
Some days it's just not worth
chewing through my restraints.
Java != Javascript
WCO (Whoosh... Captain Obvious)
No, it's a verb form (plain past/past participle). Back to school with you.
Woo-Hoo! Good one!
Whole corporations and government agencies? Which corporation other than Apple relies exclusively on Apple computers? I'm very curious which government departments are exclusively Apple shops...
Ken
If you're going to be mad, yell at Oracle for shit-tier code security.
On Windows (and most other OS I've ever worked with) there would be an audit trail a system admin could follow that would document the changes to the OS. Did this change require users to "opt-in" to automatic updates, or was it done without notice to the end-user/system admins?
Ken
I was the last year in my University to take C++ in freshman Computer Science. Everyone after that was Java. I felt like I dodged a bullet.
The idea of the JVM was awesome... yet it took what 10 years to get other languages compilable for the JVM?
But of course that was never the plan, I suppose.
All these Java developers. They've all be running on almost 20 years of promise...and very little delivery. Not one single app is written in Java that is ubiquitous. 20 years. Even the web browser itself, which they should have been able to rule the world with manifested itself so poorly ( hot Java ) that it was quickly abandoned.
The grand accomplishment Java has had is the honor of getting ripped off by the Android SDK and of course a the honor of the new malwar hot topic.become a
Yay for that I guess.
I'm not seeing this here. But since this is /. if you want to override:
look for your /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
downgrade the java version. So for today this means change:
from:<string>1.6.0_37-b06-435</string>
to: <string>1.6.0_37-b06-434</string>
You shouldn't be emailing this to users. Apple offers administrative servers that allow you to make the change directly. The charge is I think $50.
The "fools at Apple" make the security system a standard XML file which is editable by admins. You can do anything you want with it.
As I see it around here, the elite (i.e. the ones best placed on the political game) are the one that get fancy apple hardware (plebs get cheapo Dell and keep it for 6 years - getting a company Blackberry instead of continuing to use your iPhone is a sure sign of disgrace). There are maybe few of them, but when something wrong happens to them, all the work stop suddenly with everybody put into crisis meeting with additional status meeting 4 times a day.
The dictionary disagrees with you:
http://dictionary.reference.com/browse/spelt
spelt1 [spelt] verb
a simple past tense and past participle of spell1 .
spelt2 [spelt] noun
a wheat, Triticum aestivum spelta, native to southern Europe and western Asia, used chiefly for livestock feed.
http://www.merriam-webster.com/dictionary/spelt
1. chiefly British past and past participle of spell
2. Subspecies (Triticum aestivum spelta) of wheat that has lax spikes and spikelets containing two light red kernels. A related species, Triticum dicoccon, commonly known as emmer wheat or farro, was cultivated by the ancient Babylonians and the ancient Swiss lake dwellers; it is now grown for livestock forage and used in baked goods and cereals.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
I called AppleCare as soon as the plug-in showed up as invalid. The two most infuriating aspects of the call were the impression I got that Apple could hack into my Mac at any time (assuming a network connection to Apple) and the claim that Apple had not installed Java on my machine in the first place. After the call, I checked and indeed Java was installed when I bought the computer, directly contradicting the support supervisor's assertion, but I still have no proof of whether or not Apple has the power to silently force updates.
The security implications of promiscuously running Java applets, so Apple was right to do something. The problem is that they did so without warning; without asking permission; and with no obvious way to re-enable the plug-in. I understand that some people successfully re-enable applets by modifying XProtect.meta.plist, but all I managed was to eliminate the "inactive plug-in" message, leaving a completely empty gray rectangle.
Now, with Apple having repaired the problem, I'm calming down, but I've set up a blog, AppleHackedMyMac to discuss this, the possibly encroaching walled garden, security, and the like.
Apple doesn't write Java, Oracle does. If you want a work around you are talking to the wrong large company.
How is it OK? Because you are running Apple's anti-malware tool and have configured it to pull the list from Apple's servers. A list which you can at will. So if you don't like it.
a) Disable their anti-malware
b) Pull the definitions from somewhere else
c) Modify the file however you want.
Yeah it is isn't like Apple writes books on the design on Darwin, documents the add on services and makes the whole things open source. Oh wait.
Apple runs dozens of these protection services. The average end user has no idea where they do. Apple's position is pretty clear. If you don't know enough to be able to use launchctl and see what Apple is loading you don't know enough to make an informed decision about what should be running.
AC is a total D-bag for ripping such a sweet, fast, open-hardware, low-power device. If any grownups are interested in the specs on this 12-watt, 4-core laptop that runs without any proprietary bios or drivers, check here: http://www.lemote.com/en/products/Notebook/2010/0310/112.html
Just so you know, Apple only adds versions of Java to this list that are actively being exploited in the wild. Are you sure you want to take this risk?
If so, you should probably be using an npapi wrapper that limits java plugin to your specific domain, and while you're rolling that out, you can bypass the xprotect setting.
The Enterprise SDK lets you push out new provisioning files to managed devices. If you were to send an invalid provisioning file the app wouldn't run. Presuming that Apple can do anything you can do with the Enterprise SDK... does that count as a cite?
Maybe you don't have the latest MacBook with Mountain Lion. But you also don't wear pleather pants with the butt cut out.
[citation needed]
sudo nano /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
Ah, yeah, typo sorry. I meant Java.
get real, OpenBSD and FreeBSD let you choose a browser; chromium for example is in the packages. HURD? pffft, who gives a shit
i thought that was all four of its device drivers
No, you are the IT equivalent of the cast of Glee.
Young, geeky, bullied by retards who hate them for liking something that the retards don't like? ;)
Disproportionately gay?
Jesus was all right but his disciples were thick and ordinary. -John Lennon
I don't know, i'm aware automatic updates is on, i can't remember whether it asked directly about it. In any case that doesn't answer my question.
How about Oracle angers users by making it so that Apple has to keep blocking their buggy software? Seriously. How long will it take Oracle to learn that exploits are worth paying attention to?
I'm running ML I could be very upset but actually, I hadn't noticed the blocking of Java. Perhaps the fact that I have it and Flash (along with a lot of other cruft) disabled in my browsers masked that fact.
Suppose you were an idiot. And suppose you were a member of congress. But then I repeat myself. -- Mark Twain
My wife has an an Apple MAC OS/X. I don't recall ever giving Apple permission to modify my machine. Does Apple have a back door built into all OS/X systems that allows them to disable whatever they want at will without me knowing? What else can they do? Should I be encrypting all my disk partitions?
pgmer6809
or possibly flamboyant style over substance?
Judging by Apple's behavior over the last several years, I think Apple would be just fine with that. I'm pretty sure Apple doesn't want professional and business customers.
Consider, for example, the sorry case of the Mac Pro, now a couple years without a substantive update. Or consider Final Cut Pro X (aka "iMovie Pro," the perfect tool for part time wedding videographers). Or the defunct XServe. Or try to deploy and manage Apple software that's only available through the "App Store." Or try to set up an AppleID without a credit card (probably a good idea if you need to install Apple "App Store" software and don't want your employees ringing up apps on the company dime). Or look at the catastrophe that OS X server, now a cheap (in every sense of the word) "App," has morphed in to. Or look at Apple's update and bug fix policy for OS X (hint: there is none, although we've tentatively inferred that Apple may offer some critical fixes for exactly the current and previous version of OS X, and that OS X versions are incremented once a year -- so have fun on the OS upgrade treadmill; hope the next version doesn't kill off some critical feature your business relies on, like PowerPC emulation, or OS 9 support, etc...). Or try to divine WTF Apple is going to do with/to/about absolutely anything at any point in the future. Beyond Apple's pathological paranoia and secrecy, we have to conclude that if Apple considers the needs of business or professional use at all, it considers them a nuisance.
OS X is not appropriate in almost any business environment that depends on Apple doing absolutely anything other than letting you send twitters about your Facebook updates and paying for music through iTunes.
Apple hasn't told me how to do it. Yes, some hackers figured it out.
Did you call Apple Enterprise support? Does your organization have the proper agreements in place with Apple, for them to support use of OS X by a business (instead of ordinary consumer use) ?
Did you voice the concerns with your Apple rep?
Here are the release notes from this update, which I read this morning when installing this patch:
"On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. You may re-enable Java applets by clicking the region labeled 'Inactive plug-in' on a webpage. If no applets have been run for an extended period of time, the Java web plug-in will deactivate."
It's right there, just have to read it. People shouldn't be blindly installing updates anyway.
with 30 years of prior use its not so simple to just move on - yes we may be foolish, but what can one do at this point?
Since Java was not commercially available until 1995; it's not possible that there is 30 years of prior use.
Although the point is well taken that Apple broke for some users a business line application with its security policy decision .
For consumer devices it's the right choice. IT needs to override Apple's policy decision, for their businesses; and not allow vendors to make configuration changes like blacklisting software -- without IT validating the change.
Apple's security policies should always be what will keep the greatest number of users in the safest situation -- even while inconveniencing the few who are using an uncommon functionality.
Change control 101. The proper response was for IT to disable blacklisting in the first place, and carefully monitor any blacklisting activity by the software vendor, to determine if they need to do anything for their Enterprise environment.
It's just one of the risks you take, if you allow an outside vendors to define patterns, version, or identity of applications that are not allowed to run, or patterns that are deemed risks; and change those patterns without review.
I'm a normal person who is poor socially, tech savvy, good hygiene and have had sex with both genders. Could you recommend an OS?
Uh this was a zero day active exploit. Are you saying you WANT to deal with that? Apple did you a favor. Are you so confident in your staff's ability to avoid getting owned. That's a lot of very sensitive info you would be compromising.
Sometimes being able to work, AND being vulnerable: is not as bad as a complete work stoppage.
There is a risk that you might be targetted by a zero day exploit, that might be successful. Say that risk is 1%; and the cost of a breach is 15 million$; mostly spent in legal fees, compliance fees -- sending letters to customers about the data breach, settling any legal complaints, etc.
Now let's say you rely on Java for many critical business functions, and you have a 50% work stoppage, if your workers can't start Java -- they can't access CRM, ERP, customer support systems, billing, Order taking, etc.
The work stoppage for 1 hour costs $3 million.
Now: What is worse: A 1% risk of losing $15 million, OR a 100% risk of losing $3 million, due to shuttering of the business applications, not being able to take orders, and losing customers, due to CSR unable to provide satisfaction, without working CSR applications?
Let's try a bank analogy....
A new zero-day vulnerability has just been discovered in a certain vendor's ATM; that allows a criminal to possibly use a simple technique to enumerate account numbers of other bank customers, and withdraw arbitrary amounts of money from their account without entering a PIN number.
Upon discovering this, does the bank immediately shut down all their ATMs, for fear, a thief will abuse it? [Despite angering all their customers, denying everyone access to their money, and losing 20+ millions of dollars a day due to account closures -- versus the 2 or 3 million in expected losses due to thievery]
or do they begin discretely working with the software vendor to develop a patch, while putting in place monitoring to search for signs of abuse?
Apple doesn't like to think that they have "big customers". Notice the Xserves and decline of professional media editing software. They treat everyone like home users because iTunes is their cash cow now, and businesses don't buy hundreds of thousands of dollars worth of mp3s and iOS apps. If you're trying to get work done with apple software, you're doing it wrong.
So your proposal is that they shut down their entire fucking business?
Java != Javascript
If you're writing JavScript, don't forget to use the !== operator instead of !=
Long live the BSD license
I think you're extremely misguided with regards to how xprotect works.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I'd go so far as to suggest not believing ANYTHING you read about apple posted on slashdot until you have verified the facts yourself.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
And so you should be cursing oracle. If the software wasn't so hideously insecure, it wouldn't be on the blacklist.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
thereby defeating the purpose of disabling it, if the click-drool uninformed end user can just turn it back on without having to look it up and perhaps be told why it is a bad idea.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Well duh...all malware is basically a Zero-day exploit.
The Enterprise SDK lets you push out new provisioning files to managed devices. If you were to send an invalid provisioning file the app wouldn't run. Presuming that Apple can do anything you can do with the Enterprise SDK... does that count as a cite?
Nope.
Enterprise provisioning profiles are completely different. They (and the development provisioning profiles too) allow you to authorise apps signed by a non-Apple held certificate to run. That is not the mechanism that allows App Store apps to run.
Anyway the OP claimed that it had already happened. No evidence provided.
The answer is Apple doesn't care about you and your cruddy Java based business apps. What you demanding is for the 99% of Apply users who don;t have any need for Java to be exposed to zero day exploits so it's easier to support your companies cruddy Java based corporate apps. Apple is actually being nice. Really they should ban Java from Safari, end of story, no way to install or enable it. Ans I hope you and your superiors realize that's the direction things are heading. Not with just Apple but every other browser out there.
...They disabled Java Web Start too, so whole corporations and government departments are suddently shut down...
That's terrible. Just terrible. So, hypothetically, how often would someone need to find Java bugs to keep them shut down?
Oracle owns the rights to the Java VM, but Java language is also used with the Davlik VM on Android. The less people are able to use and develop for Java, the less potential they have to create code that is cross platform (runs on many OSs, not just targeting a single OS), and the less potential they might take up coding applications for Android.
Other languages can compile down to Java byte-code too.
I'm not saying this was Apple's motive, but they're not exactly strong points that would presuade Apple to not make it hard to use Java on Macs either...
I wrote my firewall in Java.
Its really easy for some nerd to say your a fool for using Java, but when you have a business line application line Sungard Banner (which uses Oracle Forms which is Java based) with 30 years of prior use its not so simple to just move on - yes we may be foolish, but what can one do at this point?
Apple shuts off Java and they essentially killed off our front line application.
Really all this does is make us move more towards Windows and Linux desktops for anyone who has a business need for a computer.
30 years of prior use? Java is not even 10 years old yet. How can you have been using it for 30 years?
I suggest you disconnect all of those machines from the internet. If they are not on the internet, you will not receive the automatic updates disabling Java, and you will not have to worry about visiting malicious websites.
Switching to Windows or Linux won't necessarily help you, as most modern browsers (eg: FireFox) also blacklist plugins when there are people getting hacked left/right and centre.
Of course, you could just tick the box disabling Safari's automatic check for blacklisted plugins. It's only one tickbox. It's pretty insecure though.... personally I think any serious business would be better off closing down for the few days until oracle releases a patch, than risk some hacker logging in and stealing all your customer's private information - that could send you bankrupt.
The person who had to make Sungard Banner probably said to his boss that it was foolish to make this in Java.
That's two more users that sites that still use Java.
I shut it off years ago. Every year or so it whines about a missing plugin. But realistically, at this point nobody sane uses Java and there's so little out there it's not worth worrying about.
Need Mercedes parts ?
thats cause there aren't any windows servers LOL
hahahaha
you made me laugh real hard you asshat
By a process of elimination, Android. Yeh, that works.
This. Why is that so hard to understand for so many posters? Parent almost nails it.
Compare the statements:
- Mozilla/Apple/whatever should never decide which plugins a user can or can't use!
- grep should never decide what a user can or can't pipe it to!
They're the same as far as the issue is concerned.
How many would use grep if you could only pipe it to some commands if you installed and maintained your own version of grep (Apple) or made several configuration changes on each use (Mozilla)?
Yeah you can quote Einstein in the XML or introduce the complete works of Shakespeare, anything you like, but that doesn't mean it will work.
Here's something for you to include in all your XML: />
<Idiot
If I owned a Mac, the first thing I would do is to investigate disabling automatic updates, remote control, and other internet access that I didn't approve of.
It's standard procedure. FFS, it's so standard, that even my sons do as much with all their devices. They demand that WHATEVER THE HELL they are running, it runs THE WAY THEY WANT IT to run.
There's this newfangled tool that you've likely never heard of: http://lmgtfy.com/?q=How+to+disable+automatic+updates+on+Mac
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Nice in theory. In practice you're describing almost every middle class person in western countries. And I'd wager to say most people in general. Even if the middle class in the west is the single greatest representation of it.
Everything will be taken away from you.
They don't ask unless by "ask" you mean "telling you about it afterwards".
Yes Mozilla is a little bit less fascist than Apple, but not much, and breaks non-trivial business uses that have no practical alternatives to java because java despite all its many flaws is actually the safest approach (/. heads asplode at the thought).
Anyone who haven't disallowed java (along with lots of other stuff) for normal browsing and who doesn't avoid/banhammer 3rd-party ads and scripts have been walking around begging for buttrape* the last decade. That doesn't mean that Mozilla or Apple does the right thing by running around covering "everyones" gaping browneyes:
1st users should learn to use computers and be in control, otherwise any security is impossible.
2nd Apple and Mozilla are covering those user browneyes using their e-penorz. They're small penorz and don't necessarily hurt and many users don't even realize they're there but they're still being buttraped --constantly. Many of them have IBM and Microsoft up their backs as well and probably think it's a normal good and cozy feeling.
* Contrary to what many seem to believe the internet does not consist exclusively of normal browsing, 3rd-party ads, 3rd-party scripts, faceblehs, porn and e-farms.
Was this article about Apple blocking Java just in Safari or completely on their entire OS?
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
You're picking a fight with AC?
You just lost everything.
Yawn... my point still stands Linux software can be just as crappy as any other software. The OP pretty much lost everyting when he claimed the contrary. All you have to do to see that is visit the Ubuntu AQ site.
Only to idiots, are orders laws.
-- Henning von Tresckow
I want my bank to yank the machines. I don't want my money stolen because you can't plan ahead and visit a branch during business hours.
Memory is deceptive because it is colored by today's events. - Albert Einstein
He didn't but I did elsewhere in the thread. He's right so don't make any excuses if you happen to like it. You might have IBM and Microsoft in there as well and there's bound to be room for more (like the 4TB of Google I walk around with ...hardly feel a thing, 4TB takes amazingly little space).
Apple hasn't told me how to do it. Yes, some hackers figured it out.
Did you call Apple Enterprise support? Does your organization have the proper agreements in place with Apple, for them to support use of OS X by a business (instead of ordinary consumer use) ?
Did you voice the concerns with your Apple rep?
Are you suggesting that unless he's jumped through all of these hoops then he hasn't got a valid grievance? Cause it kindof sounds like an arbitrary list that you made up.
Oracle didn't block java, you tool
-- Linux user #369862
BiOS?
In Denmark we have a login system (NemID) which is needed to log in to all home-banking systems and all government websites like administration of taxes, social security etc. The login is done with a Java applet (which doesn't even work in OpenJDK, only Oracle).
Uh this was a zero day active exploit. Are you saying you WANT to deal with that? Apple did you a favor. Are you so confident in your staff's ability to avoid getting owned. That's a lot of very sensitive info you would be compromising.
if you're running it for webstart it doesn't matter that much if there's an exploit.
what apple should have done is that they should have added a "do you really want to run this applet??" dialog to their fuckin browser like every other decent browser has. that then again doesn't have as much to do with webstart, though that as well should have the same question because webstarted programs can do pretty much anything anyways(exploits or not!).
apple did no favors to anyone here. and they can still get and run a dmg with no warnings whatsoever. however they'll be sure to disable that in an osx update in 2014 "to protect users"(to get everone to download their apps from appstore exclusively).
world was created 5 seconds before this post as it is.
Please have more children, you are doing it right.
How does Apple know what Java apps to whitelist?
Your number is too low for you to be acting this young.
This what happens when you lock yourself in to the fascist mindset of Apple.
On the bright side, I've never managed to get java to work in a web browser with any version of any Linux distro for the last 12 years. It never works out of the box, it never works following tutorials, it never works period. Apple users aren't missing anything useful. Java is worthless and stupid anyway.
Considering I had a commercially available, off the shelf java development environment in 1998/1999, I think you might like to reconsider - Java may not be 30 years old, but it's older than 10.
And "Oh yes I did" is not proof outside of panto season.
They're saying that being proactive about security devices with known remote exploits by shutting it down AND NOT TELLING ANYONE is bad.
If you're at work and the electrics go off, and no reason is forthcoming, four hours later they come back on.
After the entire workforce has been complaining about it, someone from office services says "Yeah, there was a problem with the electrics, so we turned them off rather than risk an electrical fire", do you think that it's a bad thing that they didn't bother telling anyone, just because it's good that they protected lives?
Or would this only be the case if it were done by Apple?
They don't ask unless by "ask" you mean "telling you about it afterwards".
Yes Mozilla is a little bit less fascist than Apple, but not much
It must be so hard for you, having to click the big grey warning Firefox shows to run Java applets. The effort required to move the mouse an inch and the button a millimetre is such a huge PITA I'm surprised it hasn't caused World War III.
No colour or religion ever stopped the bullet from a gun
I only realize a computer doesn't have Java installed when I try to start Minecraft.
Fear is the mind killer.
Keep apologizing.
Keep apologising for Apple you dufus fanboi.
Couldn't they have caused it to fail backwards to the previous version?
I suppose that that would be too difficult though, with some users programs not being compatible.
I am not angered! On the contrary, I love it. I have removed Java entirely from my Macbook Pro and Windows machines and I never intend to go back. Java is, simply put: a horrendous piece of software!
When judging this move, I think it's important to keep in mind the intended user base of MacOS systems. These are not intended to run legacy, mission-critical business apps. In fact, Apple has never really cared that much about legacy support – backwards compatibility has always been a Windows thing. (Steve Ballmer seems to be forgetting why people stick with his company, but that's a different issue.) Macs are aimed primarily at home users, with a secondary but still strong user base among graphics arts professionals. For both of these demographics, the risks of leaving obsolete, bug-ridden versions of Java enabled far outweigh any potential benefits. Most of these people will never run any Java applications at all, and of the few who do, almost all will be able to use the up-to-date version of Java to do so. Yes, I know there are crappy "enterprise" apps that only work on 1.4.2 beta or some such nonsense, but Apple doesn't care about that – and frankly, they shouldn't. That isn't their target market. If you run a business you should be using Windows 7 for your desktops – it's designed from the ground up to be suitable for both home users and enterprises, and lets you control all the security stuff through group policy.
I spent all day Thursday troubleshooting one of our all-Mac customers with six other people in the room, all shouting different ideas. Only at the end of the day did we discover the news. I was really shocked Slashdot hadn't reported it.
I went home and had nightmares about installing and reinstalling Java on Mac.
Secession is the right of all sentient beings.
I'm at work during business hours, you insensitive clod!
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
get real, OpenBSD and FreeBSD let you choose a browser; chromium for example is in the packages. HURD? pffft, who gives a shit
I'm sure it's a serious issue to the Hurd users. Both of them.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
In fact, it's about 20 years old (development started in 1991, effectively released in 1995).
http://www.oracle.com/technetwork/java/javase/overview/javahistory-index-198355.html
Dude, 5 minutes of Googling would have told you that. But instead you bitch here. Probably why you're making 80k/year after 10 years. Drone sysadmins...
So let them provide a pop up warning of the dangers instead of making the data completely inaccessible. And no, if the in house Java app is the only java running on the system, it no more compromising then it was before.
You can disable Java in most all browsers and still have it run applets and programs on the desktop. This is what I have done with windows machines so we aren't needing to replace $60k software packages because apple doesn't understand things.
Nearly every phone app uses Java, apart from apple dumb phones.
I'd have gone with hip, trendy, with no substance yet still has a strong following of like minded cult followers.
firefox did this so I had to reinstall while blocking mozilla on my firewall , then change about:config to disable all plugin checks to get java back. Now I have java but am more open to attacks, thats Mozilla for stupid decisions that put your users at more risk than before. ( it would not accept even the latest version of java and java was a must for my web so there was no choice )
No one caught you up, huh? Gay jokes in 2013 are basically just you trumpeting your own ignorance. But hey! Welcome to the trash heap of history. Enjoy the laughs it gets from the insecure nerds around here.
The rich Nigerian Prince is thankful that his account wasn't compromised by this research.
A lot of people are mad because so many online banks use java. I understand Apple trying to protect there uses but people need to pay bills. At least make an announcement on apple.com or something.
http://www.thetechnologygeek.org
All 7 remaining people using Java are angered?
I haven't thought of anything clever to put here, but then again most of you haven't either.
Meaning a fully secured system is close to useless because the onyl secure system is an unplugged system.
Dude, do us all a favor, and make your system super safe.
Of course news about a fake are Fake News.
So is he paying Apple to fix something broken by Apple?
Really, that's where you go with this?
Now, granted, we don't have automatic updates on our Macs...so this issue didn't affect us... but whatever.
Have you been reading the comments here from enterprise IT admins?
Manually changing a plist file on hundreds or thousands of machines is not an option in the enterprise world.
Disabling xprotect as an OS preference requires elevated rights. In the enterprise world, end users do not have elevated rights on their machines. This is not an option.
Using an alternate browser requires allowing the user to install software or run non-whitelisted applications or, even if they can run a browser without admin rights, it is likely still a violation of corporate IT policy. This is not an option.
The problem with what Apple did was not how it affected whiny macfags who for whatever reason are still using a website or two with Java applets. The problem with what Apple did is that they pushed a crippling system change without warning or disclosure to managed enterprise machines and provided no way to revert the change.
If a tree falls in the forest with no one around to hear it, does it still make a sound?
Erk... does it even allow disabling only applets? Is it even documented anywhere?? Is there a gui for it? Nobody knows the answers to these questions. We only know about this XML because hackers found it.
And OS X doesn't let you choose a browser?
Scorta futuere amo!
So the moral equivalent of a spellchecker is equivalent to a keylogger in your world, eh?
Does it even allow disabling only applets?
No.
Is it even documented anywhere??
It is a pretty clear file.
Is it even documented anywhere??
It is at the Darwin layer. Darwin is open source.
Is there a gui for it?
There are lots of XML editing GUIs.
MINIX 3 ate all HURD's market share, what with its features including actually being functional
You would be surprised at how many sites still use it. It is fine as long as you are writing a servlet or using JSP or something like that. Just don't use EJBs. Please. Most abused misfeature I have ever seen.
Oh and if you check the TIOBE index Java is increasing the lead over C# again. Probably because C# popularity is falling like a rock. Even Miguel de Icaza has stopped pushing for it. I do not know if it is from all the Android programmers, or how Microsoft is falling out of grace even from general purpose computing applications, or what.
your spelt "fascists" wrong...
Can you spell "retard?" I knew you could.
All software is insecure until the 0days happen enough to make it seem otherwise. Web APIs have to be even more secure than Windows due to having cross platform ubiquity but that is often incredibly expensive to a free-software developer that has a new-feature-filled schedule.
Actually, he wasn't saying that, he was asking why people expect double standards for Apple when they are doing what he perceives as phoning home too.
The whole thing IS NOT open source. If you pulled the FOSS parts of OS X out of OS X you would have no boot, no interface (due to dsmos crypto), no sound or graphics (CoreAudio and Quartz are closed source), no code execution, and so many other things that need no mention.
The only part of OS X that is open source is the low level part and that's because they assimilated an Open Source project to make it in the first place. All edits and additions to the code are the result of needing to update the low level API and kernel infrastructure to support new functionality for themselves. All the mid-level API's are proprietary, and as a result OS X as a whole is NOT open source.
Disbelieve me, please post xprotects source.
I have to admit I'm not an expert but I believe they are just using: http://www.clamav.net/lang/en/ to implement File Quarantine.
Why would software written in 100% Pure Java or otherwise using the Java libraries correctly rely on a particular JDK?
Flash is just not where the cool kids are. HTML5 has almost entirely taken over all the basic requirements of making a dazzling website that dances about on your screen.
So where's HTML5 CS that can be used to make self-contained animations and games like what you see on Newgrounds? Let me know when something like French Erotic Film (safe for work, despite the name) is ported to HTML5 without bloating it by a factor of ten by rendering it to video
I have that at work, with firefox and chrome also installed, but for some things the Safari just pops up. Apple controls your horizontal and your vertical....
If you’re a Mac user who suddenly can’t access websites or run applications that rely on Java, you’re not alone. For the second time in a month, Apple has silently blocked the latest version of Java 7 from running on OS X 10.6 Snow Leopard or higher via its XProtect anti-malware tool. http://mastlists.com/
>Does it even allow disabling only applets?
>
>No.
So it's completely broken then, and promotes insecurity.
And if the XML isn't documented, no matter how "clear" it may or may nor appear to be, then I risk in the future having entire companies shut down because some update assumed something I didn't know. Nice one Apple.
So it's completely broken then, and promotes insecurity.
How is it completely broken? It doesn't look inside applications and from Apple's perspective that's inside. If you want to enable specific things you turn them on.
And if the XML isn't documented, no matter how "clear" it may or may nor appear to be, then I risk in the future having entire companies shut down because some update assumed something I didn't know. Nice one Apple.
Apple provides a management interface to push updates on managed computers. You don't have any risk because managed computers update from the management servers not Apple.
My Mac users are childlike creative spirits, there are bad things out there, they will get eaten, I must protect my own, what else can I do?
Or a member of the gay scouts of America
Impossible. ClamAV uses Windows binary heuristics. Mac OSX would not be able to detect any viruses for itself with that but would detect Windows viruses, and I have tested first hand as to how well Mac OSX detects Windows viruses - it doesn't.
OK. Interesting so is your theory they are buying it from someone or just keeping it in house? And if so why?
Apple integrating third party software into their core would be like Labi Siffre making a record with Skrillex. Apple's main marketing line is that everything they make 'just works' and that is based on the fact that the entirety of OS X is made in house aside from the FOSS bits. Apple couldn't FOSS the antivirus as that would just invite workarounds, cracks and attack vectors to be developed. Apple's style would be to buy a small nimble security company and re-purpose their tech, and I've seen zero security tech purchases so far.
Apple Open-Sourcing their antivirus would be like sending North Korea a complete library of blueprints on American military equipment because hackers would have access to the source code so they could see any flaws or holes that exist. Sure after a couple of battles/major viruses those holes would be patched going forward, and that's why AVs like ClamAV are so robust, but Apple has share prices to think about and one major outbreak is all it takes for that to nosedive.
Right now I suspect Apple don't even have heuristics (scanning of application files for bits of code that look malicious in order to catch new virii), they work on sigs, where Apple find a virus then update your list silently. Java is now being identified and blocked in a similar manner.