Firefox's Blocked-By-Default Java Isn't Going Down Well

JG0LD writes "The Firefox web browser will, henceforth, require users to manually activate Java objects on sites that they visit, Mozilla has confirmed. This even affects up-to-date versions of Java, which you can see on the block list. The change is aimed at improving security and moving away from a dependence on proprietary plug-ins, but critics say it will cause untold headaches for developers, admins and less-technical end-users. "

Re:Already considering uninstalling firefox

[Kjella]

Well, if you're in Norway then 800-900,000 people use it daily and 2.9 million occasionally to access their bank and various other public services through BankID. They are moving away from Java now after all the security issues, it was announced in April but hasn't happened yet so with this I expect Firefox usage here will drop like a rock.

Re:Headaches for developers?

[Dahamma]

Because Java allows native access to USB hardware. Haven't seen that in Javascript.

And no offense, but do you know what a digital signature is? Having the source code to the algorithm doesn't affect security. That would be like saying "I know how AES works, therefore I can decrypt all AES-encrypted data!" Doesn't work that way.

Re:Didn't they learn from Microsoft?

[buchner.johannes]

Actually it's not an authorization dialog, but a "click-to-play" on the embed objects. You can get the same functionality already by setting plugins.click_to_play to true in about:config. That is just going to be a default setting on new installs, but you can set it to false. I set it to true myself, because it is useful to not have arbitrary Flash code to just start running (and playing).

The gamble Mozilla makes is that because of the extra step, companies will move to putting content into HTML5 rather than external plugins, because it makes their website more clunky. They also do replace external PDF viewer plugins with a HTML5/JS based one, so it is a coherent strategy towards open technologies. There are plenty of benefits if it works out, security is one of them. And it's a phased, non-invasive method, which can be disabled.