Will New Red-Text Warnings Kill Casual Use of Java? 282
New submitter ddyer writes "Java 1.7.0_40 [Note: released earlier this month] introduces a new 'red text' warning when running unsigned Java applets. 'Running unsigned applications like this will be blocked in a future release...' Or, for self-signed applets,'Running applications by UNKNOWN publishers will be blocked in a future release...' I think I see the point — this will give the powers that be the capability to shut off any malware java applet that is discovered by revoking its certificate. The unfortunate cost of this is that any casual use of Java is going to be killed. It currently costs a minimum of $100/year and a lot of hoop-jumping to maintain a trusted certificate.'"
Apparently, applets only (Score:5, Informative)
Re:Apparently, applets only (Score:5, Informative)
Exactly.
OP doesn't seem to know anything about Java.
This will not affect standalone Java programs, only applets.
It could be argued that they should have done this a long time ago.
Mark
Re:Apparently, applets only (Score:5, Informative)
It could also be argued that java has no place in browsers given the modern flexibility of javascript. The UI features are worse, the performance differences are negligible, legit code is sandboxed either way. All you're left with as an advantage for true java is threading.
Re:Apparently, applets only (Score:5, Informative)
This would not affect Eclipse, no, but it does affect locally produced applications that are distributed from an intranet web server with Java Web Start / Java Network Launch Protocol.
Previously, we could just self-sign our app and users could choose to accept the app once and for all and not be bothered so long as the signing cert didn't change. Now, all of our users running Java 1.7.0_40 are given the threatening dialog each and every time they run our internal app, and they can't get rid of it.
We're going to pony up for a code signing cert from a (Java-recognized) certificate authority to make the dialog go away. It's a hassle, but probably still the right thing for Oracle to do at this point.
Re:Probably Not (Score:1, Informative)
Re:Apparently, applets only (Score:5, Informative)
The most advanced you've played has no bearing on the most advanced you can play. WebGL is fine.
Re:Apparently, applets only (Score:2, Informative)
But if the cert is signed by a cert in the jvm's cacerts file it will be signed by a certificate authority. That's what that file, and only that file, does; it defines what certificates the jvm recognizes as belonging to a certificate authority..