Forgot your password?
typodupeerror
Java Open Source Oracle

Oracle Removes Java Signatures, Breaking Webstart 198

Posted by timothy
from the is-this-your-homework-larry dept.
sproketboy writes "It seems Oracle has decided in their infinite wisdom to remove digital signatures from the Java projects that they put into the open source community. Of course this breaks any application out there depending on Java Webstart using these libs. Looks like Java3D and JAI are currently affected — probably other APIs are as well. Oh Oracle! What are we supposed to do with you?"
This discussion has been archived. No new comments can be posted.

Oracle Removes Java Signatures, Breaking Webstart

Comments Filter:
  • by Chrisq (894406) on Thursday September 22, 2011 @08:28AM (#37478432)
    Oracle only said they'd keep it open source. They never said they'd let you use it.
  • Why do we even need corporations to be involved and in control of our programming languages. Is it not time to rid ourselves as programmers from the tyranny of these greedy organizations by simply choosing to not use proprietary programming languages?
    • I can't feel bad for the idiots who lock themselves in. It's not like it's any secret or that they didn't have a choice.

    • What is a "proprietary programming language", and why Java is one?

      In any case, practice shows that corporate backing is pretty much necessary for any language to be successful, because it's what brings advanced tooling support. You can have a bunch of enthusiasts write a compiler and some skeletal standard library. But you need someone to work on "boring" things such as an IDE (and specifically on polishing its UI), and then a slew of technical writers to have solid documentation.

      Doesn't mean the language i

    • Why do we even need corporations to be involved and in control of our programming languages. Is it not time to rid ourselves as programmers from the tyranny of these greedy organizations by simply choosing to not use proprietary programming languages?

      This is a clueless post. This is not fine arts where you choose to paint oil on canvas or watercolor. Rarely do you, as a programmer, choose the implementation language, even for new development. Rarely, rarely, rarely, only if you are in a small shop, or you are entrepreneur or your own business dealing with small clients or small contracts.

      Again, to reiterate, this was a clueless post, full of rhetoric at the expense of everything else.

  • by Anonymous Coward on Thursday September 22, 2011 @08:29AM (#37478442)

    from FTA:

    It's been several years since Oracle (previously Sun) stopped providing support for the open source Java3D projects. It was decided that keeping binaries signed with old Sun signing certificates represented a potential security risk, and because of this, we have removed the old Sun signing certificates for the binaries on download.java.net.

    Cause you know...that makes sense.

    • by fnj (64210)

      On what planetoid does that make sense, and on what planetoid was it too hard to generate new Oracle signing certificates?

  • It's Their Culture (Score:5, Insightful)

    by WrongSizeGlass (838941) on Thursday September 22, 2011 @08:30AM (#37478456)
    Oracle is used to dealing with very large corporations. Now that they have their hands on Java, which directly affects many users, web hosts (large and small), etc, etc they just don't know how to handle things. Forcing major changes onto companies that Oracle has by the implementation & licensing balls is one thing, but trying to force major changes onto the real world will only lead to a backlash and the adoption of alternatives to Java.

    It will take a little time to untrench Java, but the intertubes won't stand for this type of reckless and disrespectful behavior. A change is a commin'.
    • >they just don't know how to handle things.

      Never attribute to malice what can be explained by incompetence. Or so think those who believe the excuses of malicious people.

      How comfortable does it feel to know your company database is in the hands of these fine folks.

      • by jonbryce (703250)

        Well if it was an Oracle database that I was paying a 6-7 figure sum in support fees per year for, very comfortable, provided my company was big enough to be able to afford it.

        A MySQL database, not comfortable at all.

        • by gomiam (587421)
          Why would an Oracle DB make you feel safer? MySQL belongs to Oracle [google.es].
          • by asdf7890 (1518587)
            Because, exactly as he states in the message you replied to, that expensive Oracle DB comes with a useful SLA-bound support contract where-as MySQL comes with nothing of the sort.
            • by sjames (1099)

              When it comes from a large vendor, an SLA is only as good as your legal department's ability to overwhelm their legal department in a discovery war.

        • I am not sure yours is a counterpoint, and I'd see postgres more suitable to replace oracle.

    • by ultranova (717540) on Thursday September 22, 2011 @09:12AM (#37478800)

      Forcing major changes onto companies that Oracle has by the implementation & licensing balls is one thing, but trying to force major changes onto the real world will only lead to a backlash and the adoption of alternatives to Java.

      Are there alternatives to Java? Mandatory bounds checking, garbage collection and all that implies, and inability to break type safety combined with good execution speed are not easy to implement, especially in a multi-platform way.

      • inability to break type safety

        They removed casts and NULLs from Java?

        By the way, Go and D seem decent alternatives.

        • by yacc143 (975862)

          Actually there is Modula-3 too, where quite some of the Java ideas have come from. (Admittingly without a VM and non-C-ish syntax)

        • by ultranova (717540)

          They removed casts and NULLs from Java?

          Trying to cast an object into an incompatible type results in an exception. Trying to use a null pointer results in an exception. Both exceptions can be caught and handled. They don't leave the program into an undefined state, as they do in C or C++.

        • inability to break type safety

          They removed casts and NULLs from Java?

          By the way, Go and D seem decent alternatives.

          Do they have a component model and architecture? Remote debugging out of the box? Ability to step through back and forth a stack call while on debugging mode? Management extensions? An similarly sizable application ecosystem?

          Don't get me wrong, I think Go is a far superior language than Java, but it does not have anything of the sort mentioned above (whereas Java does). And as Google itself has said it, Go is a systems programming language intended to replace C and C++, not Java.

          There is a lot more to d

      • Yes. Modula 3, for example. has

        Mandatory bounds checking, garbage collection and all that implies, and inability to break type safety combined with good execution speed

        .

      • by binkzz (779594) on Thursday September 22, 2011 @01:26PM (#37482050) Journal

        Are there alternatives to Java? Mandatory bounds checking, garbage collection and all that implies, and inability to break type safety combined with good execution speed are not easy to implement, especially in a multi-platform way.

        I hear good things about Flash. They just released a new version so I'm certain it'll be around for a while.

  • Serves'em right (Score:5, Insightful)

    by Meneth (872868) on Thursday September 22, 2011 @08:50AM (#37478624)

    Serves JavaWebStart coders right for relying on third-party, online systems.

    In that vein, one can consider what would happen if Google suddenly stopped hosting JQuery [googleapis.com]: about half of the javascript-using websites in the world would stop working. :)

  • For the love of god. Put Oracle out of its misery. They're killing a good thing.

  • by prionic6 (858109) on Thursday September 22, 2011 @09:10AM (#37478784)

    I don't like oracle either. But if you are writing a webstartable application, you probably have the infrastructure to sign your own jars. So you could sign the Java3D-jars yourself and distribute them together with your application. Depending on availability of something like http://download.java.net/media/java3d/webstart/release/j3d/1.5.2/windows-i586/j3dcore-d3d_dll.jar [java.net] - signed or not - isn't really advisable anyway.

    • by pavon (30274)

      That's what I was thinking. I'm a bit ignorant on the specific issue with Java3D though, maybe you can set me straight. For any other library we just bundle everything up into a single (signed) jar file which can then be used with Java Web Start or as a stand-alone application. However, since Java3D requires native libraries to get decent performance, I have been under the impression that users had to run the Java3D installer separately (same for JMF). If we can get away without doing so, that would be nice

      • by prionic6 (858109)

        I don't use Java3D but if you look at the jnlp file at http://download.java.net/media/java3d/webstart/release/java3d-latest.jnlp [java.net] you can see how native libraries are included depending on os:

        • by prionic6 (858109)
          <resources os="Windows" arch="x86">
          <nativelib href="j3d/1.5.2/windows-i586/j3dcore-ogl-chk_dll.jar" download="eager"/>
          <nativelib href="j3d/1.5.2/windows-i586/j3dcore-ogl_dll.jar" download="eager"/>
          <nativelib href="j3d/1.5.2/windows-i586/j3dcore-d3d_dll.jar" download="eager"/>
          </resources>

          <resources os="Windows" arch="amd64">
          <nativelib href="j3d/1.5.2/windows-amd64/j3dcore-ogl_dll.jar" download=
    • by Anonymous Coward on Thursday September 22, 2011 @09:28AM (#37478978)

      Yea I don't see the big issue. I always thought it is VERY bad practice to depend on external links to libraries, especially if you're already providing some libraries yourself (e.g. your app). Who knows how long these links stay valid, it can lead to inconsistencies and so on. If they're not under your control, you shouldn't have any expectations.

      If this breaks things for you, you did something wrong to begin with.

  • Oh Oracle! What are we supposed to do with you?

    Nuke it from orbit...it's the only way to be sure.

  • by Anonymous Coward on Thursday September 22, 2011 @09:29AM (#37478984)

    To blame is the infinite wisdom of developers that decide to reference libraries from Oracle servers. They could instead sign all the libraries themselves and put them on their own download servers. That has the added benefit that Webstart doesn't need to rely on dozens of third-party download hosts to be up and running, but only your own host must be up.

  • Someone (Google?) should just make a language identical to Java and call it something else. Even existing Java compilers could compile it and existing Java VM's could run it! Then they should extend and alter it so we can call Vectors Vectors and use them like arrays, and do operator overloading, and other sugar that Javas "Everything is a Fucking Object, Now Shut Up" keeps us from.

    Oh, and get rid of those damn fonts. The Sun Java fonts look like shit on any screen at any resolution. Oh and fix Java embeddi

    • by flibuste (523578)
      Operator overloading? To end up with an operator mess like in C++ and not making the difference between apples and oranges? Hell no! If there is one thing that Java properly didn't incorporate, it's operator overloading and friend methods/classes. Phew..
    • by Cigarra (652458)
      They did it already [android.com].
    • by rrohbeck (944847)

      And what happens when the language has some traction and Google gets all protective about it?
      If you're using a language that doesn't come out of Academia and FOSS it's your own damn fault if the vendor makes decisions that screw you.

  • Oracle just gave us an 'affeine break.

  • by horza (87255) on Thursday September 22, 2011 @03:31PM (#37483404) Homepage

    Though I've been a professional Java programmer I never enjoyed it as much as the other languages. It died on the desktop, it died on the web, but got a good foothold in the enterprise web services side. Mostly thanks to Sun driving it very hard, and it riding on their reputation of Sun's rock solid hardware and Solaris OS.

    Oracle has done a good job of killing it. It is clear the owners don't care about it, it's sinking in a legal mire, and now it breaks in ways that would never have happened under Sun's stewardship. Time to move on.

    Phillip.

  • This affected Mercedes-Benz USA. One of their most important apps is a JavaWebStart. This explains the company wide failure we had.

"A great many people think they are thinking when they are merely rearranging their prejudices." -- William James

Working...