Apple blocks Java on the Mac over security concerns
Will no one rid us of this turbulent software?
It's been a rough couple of weeks for Java. Security issues are dogging the code, the latest fix may cause almost as many problems as it solves, and now Apple has decided to block Java completely.
French blog MacGeneration originally picked up the blockade, noticing that an update to Apple's XProtect now blocks all versions of Java on OS X 10.6 (aka Snow Leopard) and above, the second time in two weeks Apple has blocked Oracle's code.
Apple, along with browser manufacturers, started blocking Java when a major security hole was discovered in the code earlier in the month. Oracle downplayed its significance, but then was forced to admit that it had a problem and rushed out a code patch (with the obligatory offers to install crapware at the same time).
Now Apple has blocked it again, and other players are starting to make moves to get rid of Java as far as possible. On Tuesday, Mozilla announced it was ending the auto-loading of plug-ins for Firefox – while not actually mentioning Java by name – and Apple has already stopped bundling it with OS X by default.
'No Java for you!', says Apple (source: MacGeneration)
The security status of Java has been under review for some time, with increasing numbers of people removing it as a precaution. Given Oracle's somewhat lackadaisical attitude towards patching its software, developers are increasingly looking for other options to avoid introducing weaknesses into their code.
But Apple's decision could spur the Java team to sort out their issues once and for all. Certainly if feedback from El Reg readers on our forums is any indication, the code is about as popular as an explosive piñata.
Both Oracle and Apple have felt unable to respond to a request for information on the issue. ®
Re: this raises a number of questions
"If java ever had a purpose its rapidly losing it."
Java's original purpose was to provide a provably secure sandbox for running untrusted applets. (If you have to trust the app, you might as well run native code.) It is debatable whether the implementation was ever good enough to realise that noble aim, but it certainly isn't today.
No matter. In order to achieve that, it had to provide safe equivalents to enough of the native API to be useful. Consequently, it acquired a secondary purpose of "write once run anywhere". This is now its sole purpose. Java is therefore an alternative to frameworks like Qt.
Given some effort, one presumably *could* resurrect the "provably secure" aspect and that would be of interest to a lot of people. Clearly, however, neither Sun nor Oracle could/can be bothered and as long as Oracle have a final veto on what one can call "Java", their lack of support makes "secure Java" impossible. The best possible outcome, therefore, is for Oracle to throw a hissy fit and discard Java altogether, only for it to be picked up by freetards who are actually willing to do justice to the original design.
Maybe I'm reading this wrong, but the screenshot seems to indicate that it's the Java Applet PlugIn that is being blocked, not Java itself.
Re: this raises a number of questions
"I would not be surprised if Java succumbed to death by a thousands cuts in the next 10 years."
IMO Java is the biggest con perpetrated upon the IT industry in decades. The language itself is less powerful and less flexible than C++ (not that C++ is a shining beacon of how a language should be designed but i digress..) that it was supposed to replace, still generally runs slower and uses more memory than an equivalent C++ binary, requires the correct JVM to be installed before it'll work (write once run anywhere? Do me a favour!). and the JVM as we know is subject to security holes not to mention bugs.
If java ever had a purpose its rapidly losing it. My personal opinion is C++ will regain ground on unix server side development along with python and for windows C# will - if it hasn't already - kill java stone dead in the years to come. Assuming MS can get its act together. As for the web , forget it, java died there long ago. It might limp on for a few more years on android until they realise the pointlessness of double compilation but even that will stop eventually.