Apple readies final in-house Java updates ahead of Oracle handoff
Apple on Friday released previews of the final two custom-built Java runtime updates for OS X before the company hands over all responsibility to Oracle.
The updates, titled "Java for OS X 2012-004" and "Java for Mac OS X 10.6 Update 9," are to be the last Apple-tailored runtimes for OS X 10.6 and 10.7 before all Mac-centric Java development moves to Oracle.
Apple dropped Java from the default installation of OS X 10.7 Lion after the company announced in 2010 that it would deprecate the software's release for the Mac platform.
In April, Oracle announced the availability of its own Java development kit and JavaFX SDK for Mac users after working on the software with the OpenJDK Community.
Most recently, a Java SE 6 exploit caused the largest malware dissemination in Mac history. The Flashback trojan was said to have affected over 600,000 Macs worldwide, mining sensitive data that reportedly netted the malicious code's authors as much as $10,000 a day.
In response to Flashback, Apple had to quickly push out a number of updates as well as a dedicated removal tool.
The final Apple-supported updates will offer compatibility with future Java implementations and will include the feature of disabling the web component after 35 days of non-usage.
From the preview notes:
The updates, titled "Java for OS X 2012-004" and "Java for Mac OS X 10.6 Update 9," are to be the last Apple-tailored runtimes for OS X 10.6 and 10.7 before all Mac-centric Java development moves to Oracle.
Apple dropped Java from the default installation of OS X 10.7 Lion after the company announced in 2010 that it would deprecate the software's release for the Mac platform.
In April, Oracle announced the availability of its own Java development kit and JavaFX SDK for Mac users after working on the software with the OpenJDK Community.
Most recently, a Java SE 6 exploit caused the largest malware dissemination in Mac history. The Flashback trojan was said to have affected over 600,000 Macs worldwide, mining sensitive data that reportedly netted the malicious code's authors as much as $10,000 a day.
In response to Flashback, Apple had to quickly push out a number of updates as well as a dedicated removal tool.
The final Apple-supported updates will offer compatibility with future Java implementations and will include the feature of disabling the web component after 35 days of non-usage.
From the preview notes:
There has been no official word on when the updates will arrive for public consumption, but with Oracle ready to take over the rollout may happen soon.Java SE 6 applets and Web Start disable after non-use
This preview contains a stub applet plug-in and a modified Web Start launcher for Mac OS X 10.6 Snow Leopard. This technology disables these Java web components after an extended duration of non-use (35 days). This policy is already present in "Java for OS X 2012-003" for OS X 10.7 Lion.
Oracle's Java 7 applet plug-in disables Java SE 6 applets and Web Start
This preview contains additional enhancements to the OS X Java integration features to disable or redirect functionality to Oracle's Java 7 applet plug-in, if present. This includes deactivating most panels in Java Preferences, routing .jnlp file launching to the Oracle Java 7 Web Start launcher, and .jar file launching to the plug-in embedded JRE.
Comments
If I'm not mistaken, Oracle is only supporting Java 7 on the Mac and Java 7 will only be officially supported for OS 10.7 Lion. This announcement then basically means Java SE 6 support for Mac, whether bug-fix or security fix, is dead and Java support for Snow Leopard is dead.
http://www.computerworld.com/s/article/9226696/Snow_Leopard_users_most_prone_to_Flashback_infection
This would seem problematic, because the user-base for Snow Leopard is actually still slightly larger than Lion. I'm guessing Java SE 6 is likewise still more widely used by developers than Java 7. Ideally, Apple would continue to support their Java SE 6 implementation in Snow Leopard and Lion through to the end of 2012 to coincide with Oracle's official consumer Java SE 6 EOL. By that time Mountain Lion would be released to drive down Snow Leopard user-base, the Java 7 Mac runtime would actually be shipping to consumers instead of just a developer beta, and overall Java 7 adoption would be higher.
This is why you fix every bug in the code, duh you lazy ass devs.
Quote:
Originally Posted by marcusj0015
This is why you fix every bug in the code, duh you lazy ass devs.
hopefully thats a joke... or you are totally clueless.
Fuk bring the new MACS already...geez.
I understand that this is all for the best in the long run but, nevertheless, I have a bad feeling about this. I think transition periods are prime times for attacks/exploits. Fortunately, I have little need for Java and normally have it turned off.
Goodbye Java. You are a perfectly good programming language to deploy on a locked down corporate LAN, but putting the entire platform in a browser plugin, and then deploying on the public Internet? Madness.
How about a Java patch for Tiger and Leopard, too? Or at least a removal tool (if the current one doesn't work).
Quote:
Originally Posted by DimMok
Fuk bring the new MACS already...geez.
All the complaining about Macs in threads not about Macs is basically spam.
… Funny, isn't it? Five years ago, I'd be deposed for even hinting at suggesting that. But then again, five years ago Macs were actually important to Apple. Sort of. They had just removed "Computer" from their name.
Quote:
Originally Posted by ascii
Goodbye Java. You are a perfectly good programming language to deploy on a locked down corporate LAN, but putting the entire platform in a browser plugin, and then deploying on the public Internet? Madness.
I couldn't resist...
But you know, that's not really how Java happened, right? It was a popularized first as a browser plug-in, before gaining popularity running servers.
available from Oracle since last week:
java version "1.7.0_04"
Java(TM) SE Runtime Environment (build 1.7.0_04-b21)
Java HotSpot(TM) 64-Bit Server VM (build 23.0-b21, mixed mode)
Quote:
Originally Posted by Suddenly Newton
I couldn't resist...
But you know, that's not really how Java happened, right? It was a popularized first as a browser plug-in, before gaining popularity running servers.
I didn't mean to imply an historical order between the two usages. But in any event, hopefully removing the plugin from the default OS X install will mean fewer people will be dining in hell.
Quote:
Originally Posted by ascii
Goodbye Java. You are a perfectly good programming language to deploy on a locked down corporate LAN, but putting the entire platform in a browser plugin, and then deploying on the public Internet? Madness.
Oracle's java is a download - just like it is on all other platforms. Though running Java clients is not the typical pattern. JavaFX may change that...though I haven't looked into it. Most companies use Java on the server side and leave the client on the web via JavaScript, ActionScript, ASP.NET, etc.
Would it be possible for Java to be selectively activated only for approved websites? For example I use Etrade and much of their site uses Java. Since the site is a trusted one and I approve of any data transfers couldn't Safari be configured to recognize that and allow Java to run? Site I don't approve would not have access to Java. This would of course require some reengineering of Safari, but aside from phishing it would help prevent drive by infections/attacks.
Are you sure eTrade's site uses Java? I thought it just used Javascript, which isn't really affected by all this Java malware and Java bug exploit stuff. I don't use eTrade currently, but as of about a year or so ago, its site only used Javascript if I recall correctly, and not Java.
Ok, time to kill off both Flash AND Java -- nothing but problems. After all, Java was SUN's answer to OpenStep, and Cocoa is today's OpenStep... Remember McNealy's claim of "all the wood behind one arrow" when announcing OpenStep for Solaris, and then killing OpenStep when Java came out?! Be gone Java!
Quote:
Originally Posted by libertyforall
Ok, time to kill off both Flash AND Java -- nothing but problems. After all, Java was SUN's answer to OpenStep, and Cocoa is today's OpenStep... Remember McNealy's claim of "all the wood behind one arrow" when announcing OpenStep for Solaris, and then killing OpenStep when Java came out?! Be gone Java!
Agreed.
Tell that to all the fortune 500 companies that run their businesses on Java on the server. Also, desktop Java GUIs (ie Swing) aren't entirely dead for custom stuff.
Agreed about killing Flash.
Try looking at Click to Plugin extension for Safari to allow Java applets on a particular site.
Quote:
Originally Posted by ltcommander.data
If I'm not mistaken, Oracle is only supporting Java 7 on the Mac and Java 7 will only be officially supported for OS 10.7 Lion. This announcement then basically means Java SE 6 support for Mac, whether bug-fix or security fix, is dead and Java support for Snow Leopard is dead.
http://www.computerworld.com/s/article/9226696/Snow_Leopard_users_most_prone_to_Flashback_infection
This would seem problematic, because the user-base for Snow Leopard is actually still slightly larger than Lion. I'm guessing Java SE 6 is likewise still more widely used by developers than Java 7. Ideally, Apple would continue to support their Java SE 6 implementation in Snow Leopard and Lion through to the end of 2012 to coincide with Oracle's official consumer Java SE 6 EOL. By that time Mountain Lion would be released to drive down Snow Leopard user-base, the Java 7 Mac runtime would actually be shipping to consumers instead of just a developer beta, and overall Java 7 adoption would be higher.
If Apple follows past practices, as soon as Mountain Lion is released, all secuirty and bugfix support for Snow Leopard will terminate anyway. We may see one final batch of fixes as Apple cleans house from all their existing outstanding issues, and then the taps will close forever.
Oh sure, some new versions of certain Applications may continue to be released for a little while with support for Snow Leopard - such as iTunes, which is a revenue-generating tool.
But other than that... Snow Leopard (and by extension, all 32-bit Intel based Macs) will be just as much of a no-go for any security-conscious users as Leopard and Tiger (and by extension, all PowerPC-based Macs) already are.
Quote:
Originally Posted by doh123
hopefully thats a joke... or you are totally clueless.
Nope, I just wouldn't quit and call something good.