Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will New Red-Text Warnings Kill Casual Use of Java?

Posted by timothy on from the brew-more dept.

New submitter ddyer writes "Java 1.7.0_40 [Note: released earlier this month] introduces a new 'red text' warning when running unsigned Java applets. 'Running unsigned applications like this will be blocked in a future release...' Or, for self-signed applets,'Running applications by UNKNOWN publishers will be blocked in a future release...' I think I see the point — this will give the powers that be the capability to shut off any malware java applet that is discovered by revoking its certificate. The unfortunate cost of this is that any casual use of Java is going to be killed. It currently costs a minimum of $100/year and a lot of hoop-jumping to maintain a trusted certificate.'"

7 of 282 comments (clear)

  1. Apparently, applets only by SirGarlon · · Score: 5, Informative

    TFA says this is for "Rich Internet Applications," that is, Java applets embedded in Web pages. It doesn't seem this would affect Java programs that you execute locally, such as (for example) Eclipse.

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
    1. Re:Apparently, applets only by snookerdoodle · · Score: 5, Informative

      Exactly.

      OP doesn't seem to know anything about Java.

      This will not affect standalone Java programs, only applets.

      It could be argued that they should have done this a long time ago.

      Mark

    2. Re:Apparently, applets only by i+kan+reed · · Score: 4, Informative

      It could also be argued that java has no place in browsers given the modern flexibility of javascript. The UI features are worse, the performance differences are negligible, legit code is sandboxed either way. All you're left with as an advantage for true java is threading.

    3. Re:Apparently, applets only by jonabbey · · Score: 4, Informative

      This would not affect Eclipse, no, but it does affect locally produced applications that are distributed from an intranet web server with Java Web Start / Java Network Launch Protocol.

      Previously, we could just self-sign our app and users could choose to accept the app once and for all and not be bothered so long as the signing cert didn't change. Now, all of our users running Java 1.7.0_40 are given the threatening dialog each and every time they run our internal app, and they can't get rid of it.

      We're going to pony up for a code signing cert from a (Java-recognized) certificate authority to make the dialog go away. It's a hassle, but probably still the right thing for Oracle to do at this point.

      --
      - jon

      Ganymede, a GPL'ed metadirectory for UNIX
    4. Re:Apparently, applets only by i+kan+reed · · Score: 4, Informative

      The most advanced you've played has no bearing on the most advanced you can play. WebGL is fine.

    5. Re:Apparently, applets only by Anonymous Coward · · Score: 2, Informative

      But if the cert is signed by a cert in the jvm's cacerts file it will be signed by a certificate authority. That's what that file, and only that file, does; it defines what certificates the jvm recognizes as belonging to a certificate authority..

  2. Re:Probably Not by Anonymous Coward · · Score: 1, Informative

    Now if you only knew the difference between Java and JavaScript.