Mozilla Blocks Vulnerable Java Versions In Firefox

Trailrunner7 writes with this excerpt from Threatpost: "Mozilla has made a change in Firefox that will block all of the older versions of Java that contain a critical vulnerability that's being actively exploited. The decision to add these vulnerable versions of Java to the browser's blocklist is designed to protect users who may not be aware of the flaw and attacks. 'This vulnerability — present in the older versions of the JDK and JRE — is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox's blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms,' Mozilla's Kev Needham said."

Re:Java dying?

[jellomizer]

I think Java is just maturing not dying.

Java found it niche. JavaEE is still big, as it is a great platform for Web Services. However Java Applications have never gotten popular because they always end up looking a bit out of date (although it has greatly improved) compared to what the other platforms offer.

Slashdot hates Java because they hate anything that isn't Pure GNU open source.

Re:Java dying?

[CubicleZombie]

However Java Applications have never gotten popular because they always end up looking a bit out of date

The Windows look-and-feel should have been enabled by default. Then Java wouldn't look like a 15 year old version of Solaris.

Re:Java dying?

[Bill_the_Engineer]

I'm just going to respond to a few of your points:

No, there are a lot of legitimate reasons to hate Java, mainly because it promised things it couldn't deliver.

There are plenty of other languages that promises much and deliver few. I think a lot of language preference depends on what you learned first and who you choose to associate with. I know plenty of Perl programmers who swear Perl is the one true language, and the same with C++, Python, Ruby, etc. Each language has its strength and weaknesses, but none of them have anything that warrants the level of hate. Except for Perl it is perfectly fine to hate that one. :P

Then there's performance. Java performance is on a par with StrongTalk or Self, yet it's a much lower-level language. Performance is usually okay, but again Java promised C-like performance and then shows misleading benchmarks to demonstrate it.

I don't know where you get your information from but Java does pretty well on the performance front. It benefits greatly from its static typing system and doesn't suffer from the overhead that is associated with the dynamic languages like Perl, Ruby, and Python. Java is magnitudes faster than the current batch of young languages and is in close ranks with the big three (C, Fortran, and C++). The fact that it runs without recompile on multiple hardware platforms is a bonus.

Next there's the pain of interfacing Java with other languages. If I have a C library, I can trivially call it from most scripting languages, from Objective-C, from C++, from D, from Pascal, from Lisp, and so on.

To be fair, I'd hope it would be trivial to call a C library from within C++ and Objective-C otherwise something is seriously wrong since they are pretty much derived from C. As for "so on" I do know that there is usually a binding meta languages involved (Perl's comes to mind), so I don't think JNI is any less different than the others. Since the other languages tend to be *much* slower, binding to a C library is much more important for them.

Then there's the incompatibilities between versions. Once you've got your write-once-run-anywhere program working on your customer's machine, he installs a new version of the JRE and it stops working. Meanwhile, the statically compiled, statically linked, program in another language works just fine...

Not necessarily true. You can keep your older versions of the JRE installed. Of course your comparison is with a "statically compiled, statically linked program" and not the more compact and prevalent dynamically linked programs. Nothing prevents someone from continuing to use the older JRE with a Java application that has all of its dependencies included in the application JAR file.

And then there's the library system. Some rookie mistakes, like making String final. More importantly there's the design patterns fetishism that's so prevalent. There's a reason for all of those JavaProgramFactoryFactoryFactory jokes...

And this is unique to Java?

Re:Java dying?

[SplashMyBandit]

The feature that C# doesn't have is 'cross-platform'. This is not a language flaw, it is a library and design flaw - targeting Windows. Mono does not implement the same libraries as the Microsoft .NET stack, and it turn out it never will. Unless you are a Windows only shop (which only households and smaller companies are) then the .NET stack has a lot of wonderful features but will always be technically inferior to Java because of the lack of true cross-platform capabilities. The fact that C# has some nice syntactic sugar is great, but still misses the point that you want your language *everywhere* you need to be. Java adopts features slowly not because the maintainers don't know about closures etc, it is because the language maintainers are trying to avoid Java turning into C++, which is harmful for enterprise adoption (with some lesser skilled programmers). This is one reason Java gets about 3 times the adoption world-wide as C#, despite the C# language niceties (see Tiobe for numbers). I can't see that changing for a long time no matter how many funky features C# gets first.