Firefox's Blocked-By-Default Java Isn't Going Down Well

JG0LD writes "The Firefox web browser will, henceforth, require users to manually activate Java objects on sites that they visit, Mozilla has confirmed. This even affects up-to-date versions of Java, which you can see on the block list. The change is aimed at improving security and moving away from a dependence on proprietary plug-ins, but critics say it will cause untold headaches for developers, admins and less-technical end-users. "

Didn't they learn from Microsoft?

Users hate authorizing things, and become trained drones blindly okaying everything anyway.

As security models go, it's a poor one.

What's the big deal?

Oracle Java has ALSO decided, due to the persistent security problems due at least in part to having concurrent (i.e., old) versions installed (and the fact that the largest exploit kits have used Java as one of their main vectors for some time now, alongside Adobe Reader of course) to disable Java plugins in the browser by default in recent updates.

So, what's the big deal? This is the correct decision from a security perspective. I can't remember the last time I saw someone on the World Wide Web actually USE a Java applet for good, rather than for evil. And I'd have noticed, because even after all these years, it still runs like an absolute dog. It's the kind of thing you might use on a local application (such as Minecraft, which is what I think probably most people who still have it installed use it for now, albeit they'd likely have the 64-bit version which wouldn't have a working browser plugin in a 32-bit browser anyway!) or an intranet site (which is your administrator's problem, to re-enable it for that site only, or to use a different browser for the web and the intranet, which you can totally do and is good practice).

I've got many other criticisms about Firefox recently from a security and performance perspective - let's face it, it's just not the zippy, efficient browser it used to be, even relatively-speaking, it's lost its mojo and the security team have a reputation for having a slow, and fairly arsey, response - but this seems to be the right decision and they should be lauded for it. IE has also done it, as has Chrome.

Re:Untold headaches?

[macraig]

You just succinctly explained why tools like NoScript are so desperately needed, not why they aren't. The real problem is Web design that serves an agenda contrary to the desires and rights of those who use the Web. Fix that problem and annoying tools like NoScript won't be necessary.

What that means, BTW, is that Web developers need to grow both a conscience and a spine and say NO when they're asked to code Bad Things. It also means that the pushovers and corporate plants over at the W3C need to stop adding crap to the standard that aids and abets these Bad Things.

Re:What need?

[Anonymous+Brave+Guy]

If you are still developing/depending on applets, 1995 called they want their stupid ideas back.

Hi 2013, this is 1995 calling. When your new shiny toys have the portability and performance and flexibility that we had nearly two decades ago, and developers can write software using them with a reasonable expectation that it will still be working in 5 or 10 years (or even 1 or 2 years) without needing constant maintenance, then you get a vote. Until then, we'll keep our "stupid" ideas, because they've been helping us get useful work done since before you were born. Kthxbye.