Oracle To Drop Java Browser Plugin In JDK 9 (softpedia.com) 165
An anonymous reader writes: After Mozilla said in October that it would stop supporting Firefox plugins on the older NPAPI technology, Oracle had no choice now but to announce the deprecation of the Java browser plugin starting with the release of the JDK version 9, which is set for release in March 2017, and developers are urged to start using the Java Web Start pluginless technology instead. Security issues also had a big part in Java's demise.
Java's demise (Score:1)
The plugin is in demise. Java is going strong. FUD.
I'm old enough to remember (Score:2)
Re:I'm old enough to remember (Score:5, Insightful)
The thing is, Java applets actually were write once, run anywhere in terms of browser portability, at least until the powers that be started making it difficult to run applets in a browser at all. The same was true of Flash.
In contrast, newer technologies that are supposed to provide functionality that plugins were good for, like HTML5 media elements and canvas/SVG/WebGL, have wildly different levels of feature support, implementation quality, and performance across browsers. I understand the reasons browser makers want to drop plugin support, but the alternative browser-native technologies still have a long way to go.
Re: (Score:2)
Java applets were written once and then failed to run for most people because they didn't have the plug-in, couldn't install it, couldn't update it, had Java disabled etc.
We should all be pushing for web apps to be Javascript and HTML. Forget even stuff like canvas and WebGL. We want apps that are function and display useful data in a readable manner, not flashy stuff, right?
Re: (Score:2)
We should all be pushing for web apps to be Javascript and HTML. Forget even stuff like canvas and WebGL. We want apps that are function and display useful data in a readable manner, not flashy stuff, right?
I agree up to a point. Functionality is more important than presentation, and certainly we want readable and usable over flashy. That said, there is definitely a place for well-designed visualisations and custom interactions in GUIs, not to be flashy but because they are more efficient and less error-prone. Implementing that functionality in a web context does need some capable tool, whether it's Java, Flash, a D3-backed SVG, or something else entirely.
Re: (Score:2)
That's probably just poor programming by whoever developed that particular applet, then. I've worked on projects that used applets for similar embedded UIs and they continued to work fine through many years of JRE updates.
Re: (Score:3)
Most networking gear mgmt is tied to a specific version of java.
Re: (Score:2)
The UIs I've worked on in that field aren't. :-)
Re: (Score:2)
Cisco's sure as hell are.
ProCurves sure as hell are.
Re: (Score:2)
I didn't write those, so I can't comment on why they have the limitations you're reporting. All I can say is that the similar software I have developed, in some cases also related to networking hardware, has never run into these "must have exactly JRE version X" issues as far as I'm aware, nor can I see any likely reason they ever would (other than now not working with any future versions of some browsers or Java plugins beyond support being cut off, obviously).
I'm not saying the version ties you're complai
Re: (Score:2, Insightful)
Been stating this for a long time now. I've had (way) less issues writing portable code in Python and Perl than i did in Java.
Re: (Score:2)
Re: (Score:2)
How do you write your user interfaces in Python?
Pick your favorite UI toolkit and use its Python bindings. PyGUI [canterbury.ac.nz] is super lightweight and it will render native widgets on Windows, Mac and *nix (GTK+ 2)
Does Python3 run your Python2 code?
For the most part, yes, but it is not necessary; Python 2.x is still widely used so most setups have both Python 2.x and 3.x installed. In fact, i'd argue that version management is easier on Linux scripts than it ever was on Java.
Re: (Score:2)
Wait, there's a Puhon plug-in for web browsers? Awesome! Where can I get it?
You can plug-in Python programs using IronPython and Silverlight. But there's no need for a plugin - there's surprisingly plenty of support for client-side Python: Brython [brython.info], Skulpt [skulpt.org], Pyjs [pyjs.org] et al.
Re: (Score:2)
What the **** were you writing?
First problem is the Perl/Python environments that ship with your OS change between OS releases, and not all OS's even have these runtimes. Even if they did, they'd be different versions all with different sets of bundled libraries. So we have cygwin, rhel5, rhel6, rhel7, ubuntu, solaris, etc. all with slightly different perl/python environments.
To solve that you have to compile the whole runtime yourself, with add-on modules/libraries, and support your multiple platforms while at it. (because we're talking about portability, right?) Summing it up - a god-awful NIGHTMARE.
Jesus Christ, was your last programming gig back in the 70s? Package and version management has been a non [die.net] issue [wikipedia.org] on both languages for ages now. Python even has a fantastic sandboxing tool called virtualenv [readthedocs.org], widely used in conjunction with pip, which means you can basically install Python program of any complexity, from scratch, with a single command. This includes dependencies which might not be the same version as the one used by the rest of your system. Good luck doing that with Java when your dependenci
Re: (Score:2)
Taking that a step further, IIRC, the ability to run a Java applet directly from within a browser was one of the original primary selling points of Java. In fact, I think it was originally promoted as an applet language that you can write full-fledged programs in, rather than as a full-fledged programming language that you can (could) write applets in.
Of course, times change. If the flying car ever becomes a big success, I predict that its primary selling point will eventually become that it can drive on r
Re: (Score:2)
If the flying car ever becomes a big success, I predict that its primary selling point will eventually become that it can drive on roads, and its flying capability will be deprecated.
Watch how the drone fracas unfolds. TPTB may not be on about letting everyone have a flying machine [wikipedia.org].
Re: (Score:2)
I'm old enough to remember when Java was supposed to be "write once, run everywhere"
you don't have to old to look at the millions of android devices running write once run anywhere apps written in java.
Re: (Score:2)
Re: (Score:2)
OP said "Java".
Java: a programming language
JVM: an implementation of a virtual machine that executes byte code.
regardless, does it make a difference? android code is byte code compiled from java source code. the paradigm is the same.
Re: (Score:2)
That would be like saying you write a program in c and cross-compile it to perl, and claim that you're running c.
No on would ever claim to be running C because C isn't a runtime it's a language. By the same token, I don't claim to be "running" Java, because it isn't a runtime, it's a language. I'd claim to be writing Java. You just made my point for me, thanks.
What does almost everyone mean when they say they code in Java, or use Java at work? They mean the programming language. They aren't talking about the JVM. I mean really, when people say they are Java developers, do you think they mean the code in Groovy, or Sca
Re: (Score:2)
No on would ever claim to be running C because C isn't a runtime it's a language
Really? So when I compile a C program I'm not linking in the C runtime library [wikipedia.org]? Of course I am - otherwise the executable wouldn't be able to start.
Now if you don't want ANY runtime, try assembler. Just don't make any system calls, any bios calls, etc., because they too are part of the runtime environment.
Well, we will be using JRE 8 for a while then (Score:2, Insightful)
Re: (Score:1)
The malware authors will surely love your organizationi for keeping the web plugin around for them to exploit. Now they won't even have to worry about security bugs being patched.
Re:Well, we will be using JRE 8 for a while then (Score:4, Insightful)
Your fear-mongering is several years of out date. Java applets have had multiple levels of click-to-play style protection for a long time. Malware authors are having much more success targeting things like Android users these days.
Re: (Score:2)
Your fear-mongering is several years of out date. Java applets have had multiple levels of click-to-play style protection for a long time. Malware authors are having much more success targeting things like Android users these days.
Yeah and the click-to-play has been bypassed multiple times.
Re: (Score:2)
Re: (Score:2)
[citation needed]
I'm not saying it doesn't exist, but so far I haven't seen any report of malware that can successfully bypass the click-to-play limitations in both the browser and Java itself. There have been some ingenious attacks on parts of the infrastructure, such as the Pawn Storm issue a few months back, but as far as I'm aware even those required the browser itself to have Java enabled and only compromised the Java plugin's security architecture.
As an aside, if such malware did exist, it would self-
Re: (Score:2)
We have way to many systems dependent on it. Most of our big applications are JSP based, but we have quite a few java applications browser and even desktop based.
There are just so many systems out there that depend on Java, many of which are embedded in hardware. This was a bit short sighted of the hardware vendors.
Re: (Score:3)
JSP - No change
Desktop - No change
Browser - Easy fix
If you really have applet still in use today, you can convert them to Web Start without touching the binary. All you need to do is update your web page and make a jnlp file that points to where the applet is and any configuration that was originally on the web page itself.
There aren't many problems,here are the edge cases I can see:
1. Packaged sites - You want to support your applet with ads (who does this with Java anymore?)
2. Javascript interop.
3. Cross
Re: (Score:3)
And how do I update the web page on our IP KVM switch?
Re: (Score:3)
Assuming that the java applet is the only thing you are interested in (as in it is not heavily integrated with the web page), you can use appletviewer. I don't think they will get rid of this as it is just a simple container for applets rather than interfacing with the browser. Took me an hour back in college to make one of those myself.
I think you can also put the jsp file that runs the applet on another server as long as it is on the same domain as your switch.
Re:Well, we will be using JRE 8 for a while then (Score:4, Informative)
"Oracle plans to deprecate the Java browser plugin in JDK 9. This technology will be removed from the Oracle JDK and JRE in a future Java SE release."
So you have until JRE 10 at the earliest when it's removed. JRE 9 isn't scheduled to come out until 2017 and JRE 10 sometime after that, so the more pressing problem will be finding a browser that supports NPAPI plugins to even run the current plugin: Chrome has already removed NPAPI support in Chrome 45, Firefox will be removing it by the end of 2016, Edge never had NPAPI support, and I have no idea about Apple's plans with Safari (my guess would be remove support in next release of OS X).
Gonna have to keep around an old version of Firefox or Chrome (portable version, perhaps?) to be able to use legacy applet based applications.
Re: (Score:2)
Exactly, someone who need this for legacy reasons should write a browser extension that replace the applet from the HTML and replace it with a JNLP application link.
Re: (Score:3)
Re: (Score:2)
Your problem then is not the deprecation of the plugin, your applications will not run either with today browsers and Java 8. I am talking about people using current Java and the plugin. An extension can generate a JNLP file with the applet-desc [oracle.com] element and make your applet run outside the browser. Hey current plugin allows you to use JNLP already to describe the applet and when running move the applet outside the browser window, on a different process.
If the applet is interacting with the HTML document, th
Re: (Score:2)
I have seem some really insidious embedding of java into a page. It's not always 'here's a big div like thing with a java running in it'. One that infuriated me the most, a weird applet that's sole job was to *check* if you had java before enabling the html button to download a jnlp.
Re:Well, we will be using JRE 8 for a while then (Score:5, Insightful)
A bad tech bet? Java as a web technology has lasted in the region of two decades. There are Java applets that academics wrote as quick illustrations of some concept from their lecture course in the 1990s that are still just as valid and still work just as well today, except for the browser guys and Oracle deciding applets should die. Java has its problems, but it has been one of the most stable and reliable technologies in the history of computing.
If you want to talk about bad tech bets, consider that if a trendy JS framework is still in serious development after two years it's doing well. For some newer features, if all the main browsers can even manage to provide a stable and compatible implementation for two months (long enough for all the evergreen ones to update once or twice) it's a pleasant surprise.
Re: (Score:2)
Odd, I found about 50% of such things don't work anymore. (And it feels risky to even try them.)
Anyhow, we need a new browser standard/paradigm that gives brower-based applications desktop-like behavior and natively supports common desktop idioms, such as scroll-bars, MDI, combo-boxes, grid editors, etc. so that one doesn't ha
Re: (Score:2)
Odd, I found about 50% of such things don't work anymore.
A lot of things -- useful things -- provided as Java applets have stopped working lately as the browsers and Oracle itself have increasingly locked down what plugins can do and how they are integrated. There have been ever-increasing numbers of scary warnings about things like who signed what and ever more hoops to jump through just to publish or run an applet. The thing is, those are almost 100% artificial barriers put there by Oracle, Apple, Google, Mozilla, and friends. The underlying Java code that actu
Not required by most (Score:1)
I uninstalled Java for a year or two, but was forced to reinstall it when working on my CCNA. It is amazing how horrible Cisco's software is.
Re: (Score:2)
It is amazing how horrible enterprise software is.
Fixed that for you. I'm eternally amazed how terrible all the 'enterprise' software vendors do at making software, Cisco included.
Demise? (Score:2)
Re: (Score:2)
Yes, the browser plugin's demise. Or are you incapable of understanding the context of that phrase?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
> In fact, I hired professionals, lots of professionals, to do it for me after a while. I hired them because I needed things done that I was incapable of doing. If I could have done it myself, I'd have not needed to hire them. It's not like I just hired random people for the goodness of the economy. No, I needed good people to do difficult things. I wanted the best and I wanted stuff (and people) that didn't really exist. So, I even paid them well. If it was easy, I'd have done it myself. They were paid
Re: (Score:2)
And yet I was able to fully understand the context of the phrase. Seems I'm not the one needing remedial English lessons.
Re: (Score:2)
In a sentence immediately following the statement that the browser plugin was going away ... do you understand the difference?
Java in the browser is all but dead. Java, outside of the browser, is not.
All I can say is good riddance to the piece of shit browser plugins, which have been terrible security risks for years now.
But ... (Score:1)
But,but,but ... Java runs in a sandbox and can't possibly be a security risk. I know that because experts told me so in the 1990s and experts are NEVER wrong.
Re: (Score:3)
But but browser insecurity is because of plugins (Mozilla security bugs [mozilla.org]). I know that because browser vendors told me so in the 2000s and experts are NEVER wrong. :P
Note: bugs aren't the only problem here, it is your update process, and Oracle Java has an awful one, add to that that people do not update. OpenJDK does not suffer of this bad update process because distributions use their package manager to push updates.
Re: (Score:2)
Even with timely updates, the browser plugin was just a security hole whack-a-mole game. Only Flash Player managed to be a more bug-ridden piece of shit.
Re: (Score:2)
OpenJDK does not suffer of this bad update process because distributions use their package manager to push updates.
That assumes one allows unattended updating or a strict adherence to checking and installing the updates manually, or not being allowed to install updates because it can only be an approved configuration and the configuration change board never meets...
Re: (Score:2)
true, but is is better that a fracking systray icon, for a normal user is just a system update
Re: (Score:2)
The worst thing, IMHO, is not just that it was a systray icon, but that at some point the updater would attempt to run immediately! I'd start doing something, and UAC pops up with a "Are you sure you want to run this?" My instinct is "WHAT IS THIS MALWARE?!?" and to click "Hell no"
Re: (Score:2)
Java had its share of bugs leading to zero-day attacks - language implementation bugs, not the browser. This one [mitre.org] made a lot of noise a couple years ago [dontneedcoffee.com].
Re: (Score:2)
This is why all major browsers are abandoning Netscape plug-ins (or ActiveX in the case of MS Edge). Google's NaCl seems to be the best replacement. It runs bytecode plugins at near native speed, fully sandboxed.
Having said that, Javascript PDF viewers are more than adequate and the only other thing is Flash... So do we need binary plug-ins at all?
"Java's demise" (Score:2, Insightful)
Hardly, unless you are talking about browser plugin technology. It was never big there to begin with, but Java is still a major player in server side technology.
Re: (Score:2)
Hardly, unless you are talking about browser plugin technology.
The browser plugin has needed to die for 20 years, so I'm glad to see it finally happen.
The submitted appears to now know the difference between the Java browser plugin and the Java language. The former is dying (it's about time), while the latter is thriving.
Will be fun to see (Score:1)
Inevitable (Score:2)
This isn't surprising if you've been following Chrome. By some metrics it's the most used browser now, and they dropped support for NPAPI plugins (like Java) due to security concerns. Oracle's official reply to this has been "use Firefox" which in my opinion was incredibly short sighted, unless they feel Java just won't work using PPAPI. Who on earth is going to use a plugin in their website that doesn't support one of the biggest browsers? That person would have to build a fallback for Chrome, and at that
Re: (Score:3)
As a java developer, working on java from JDK 1.0,
This is a long time coming, Java is now mostly used on large server side projects. Its driving the Big Data revolution with technologies like Apache Spark. Running countless servers on Tomcat and/or Spring containers.
Oracle is not wrong in discontinuing the browser plugin. They should have done it with JDK 5
Re: (Score:2)
Its driving the Big Data revolution
I think I just threw up in my mouth a little. Not to disparage the technical benefit of the technology, but that phrasing just makes me cringe about anything.
Re: (Score:2)
Java is now mostly used on large server side projects.
ever heard of Android?
Re: (Score:2)
Java is now mostly used on large server side projects.
ever heard of Android?
Since when does Android run Java byte code? Oh, it doesn't.
Re: (Score:2)
so quick to be a smart ass. check your work next time.
Java is now mostly used on large server side projects
it doesn't say java byte code does it? it says java, as in the language.
Re: (Score:2)
Java is now mostly used on large server side projects.
ever heard of Android?
Java does not, and never has, run on android.
Re: (Score:2)
Sigh. You are right, Android doesn't run The JVM. But that's not what the OP said is it?
Java is a language that is compiled into various forms. One is dalvik, and now ART byte code that's run on Android. Also, you can take Java byte code compiled libraries and run them on Android if you want to quibble.
So, right, Android doesn't run Java, it just runs apps written in Java and libraries compiled to Java Byte Code. Good thing we cleared that up.
Re: (Score:2)
Re: (Score:2)
Here you go,
{quote}
Dalvik programs are written in Java using the Android application programming interface (API), compiled to Java bytecode, and converted to Dalvik instructions as necessary.
{quote}
https://en.wikipedia.org/wiki/... [wikipedia.org]
You done now? If you are going to say "Ah HA! It doesn't actually run Java byte code, it converts the byte code to Dalvik instructions!"- well, that's the definition of a quibble. It's an implementation detail of Dalvik that a developer doesn't need to care about. From their point
Re: (Score:2)
Funny - my Android uses the Android RunTime - dalvik was dumped at the last upgrade. The very FIRST WORDS from your link: "Dalvik is a discontinued process virtual machine." It even says that as of Android 5.0, there is no more dalvik.
Re: (Score:2)
ART is just a different runtime. it still allows java byte code. from the developer's perspective, it's no different. ... darn.
regardless, what percentage of devices are running Dalvik. what percentage run ART? oh
Re: (Score:2)
As you can see in this diagram [android.com], the .apk file only contains .dex files, resources (compiled and uncompiled), and the AndroidManifest.xml file. No .class files (which means no java byte code) to be seen. Not for Dalvik. not for Art.
And you can't just blindly write java sourc
It will not be dropped from java 9 (Score:1)
The announcement says that the plugin will be deprecated from java 9, and removed "in a future Java SE release".
Re: (Score:2)
um... no I think they meant deprecate. The term works well when describing parts of a system that are still their but not worthy of praise in light of the new shiny version that is better.
Deprecate from Latin deprecari de (expressing reversal) and precari (to pray for or praise)
So to deprecate is to literally anti-praise something. I don't think that deprecated APIs 'lose value over time' in the sense of depreciate, I think a point is reached beyond which the advice from the language writers is to not use t
Dupe post got promoted. (Score:3)
Interestingly the dupe post promoting Softpedia got promoted over the post that directly linked the Oracle Blog post: http://slashdot.org/submission... [slashdot.org]
malware vector (Score:2)
Re: (Score:3)
Fuck Java. I hated it was a requirement for my networking classes and I hate what it has done to the industry in terms of advertising/abuse.
Java didn't do any of that. People did. And if it wasn't Java, they would have used something else. Java, is just a tool that people use to accomplish a goal.
Re: (Score:3, Insightful)
I'll leave arguing about the merits of the language and the JVM to the experts; but applet support has, quite simply, been painfully unsuitable for use on anything except fully trusted, ideally internal, material more or less
Re: GOOD (Score:2)
every plugin has a possible hole, no matter which one it is.
Re: (Score:2)
Actually, they do. libstdc++ may have several versions living side by side. Java is more of a pain because the runtime strategy wasn't really designed to be versioned the same way.
The problem with Java (and activex, and flash) is that the initial design point is to empower code that executes, but the code is executed from remote sites without any vetting. The usage model is a person perusing sites as if they were passively reading documents ends up incidentally executing things that are allowed to do muc
Re: (Score:2)
Well, since Java often deletes the old versions by default (for security reasons) when updating, so it's default behavior breaks a lot of shit.
Re: (Score:2)
Well, since Java often deletes the old versions by default (for security reasons) when updating, so it's default behavior breaks a lot of shit.
what software do you install that keeps around every previous version of the software and allows you to switch between them?
i know, if you don't want to update, don't update? i know, kind of crazy thinking though.
Re: (Score:2)
You might want to try reading the comment I was replying to.
Default applies updates, default deletes old versions, critical software relying on old version gets broken.
All 3 are bad, all 3 are default.
Re: (Score:2)
Default applies updates
I've never had the Java installer auto-update without user confirmation. I don't even think that's possible, but even if it is, it's most definitely not the default behavior. Regardless, if you have something like that configured on a mission-critical system, I'd suggest turning it off. That's true for all software on such a system, not only Java.
Re:GOOD (Score:5, Informative)
Re: (Score:3)
So does every other language...what's your point?
He is having problems with his homework. You know, OP is just suffering from "little rebel without a cause with zero exposure outside the classroom" syndrome.
Re:GOOD (Score:5, Insightful)
I don't like Java for other reasons, but the performance of the runtime is actually not out of whack compared to other managed runtimes.
Many Java developers however put out poor performing code. They would do things terribly no matter the language.
Re: (Score:2)
To a certain extend the JVM does attempt to detect poorly writing code and will attempt to optimize the opcode at runtime. But there's only so much it can do.
Even Microsoft has a pretty decent VM for .Net, but because the op codes change so much version to version the JVM has proven to be far more useful for other languages (JRuby, Jython, Scala, Closure, etc.)
Re: (Score:2)
Right, though the same can be said of all runtimes that it tries to optimize, but there's only so much it can do. Particularly since a lot of slowness I see involves being stupid about network usage, and the runtime has no way of knowing anything that could help that (it has no idea whether the data would be static, that the target has another set of vocabulary that's faster, that another access pattern would work, etc).
Re: (Score:2)
Re: GOOD (Score:2)
Compared to competition FireÃfox is lean today.
Re: (Score:3)
Unfortunately for you (or any Java hater), Java as a programming language is as healthy as ever, with Java devs being on high demand despite being commonly taught in school. Android is probably no stranger to its renewed success.
If you are talking about Java applets (that's what the browser plugin is for), it only had limited success : Flash and then JavaScript essentially killed it. As for advertising/abuse, I don't remember it being that bad, at least compared to Flash. It did have a lot of vulnerabilitie
Re: (Score:2)
Re: (Score:2)
I hate what it has done to the industry in terms of advertising/abuse.
Yeeeaahhh Riiight. JAVA is the reason for all the advertising/abuse -- Flash and/or Javascript had no part in that.
Re: (Score:2)
I like you. JavaScript is the worst offender ever.
Re: (Score:2)
This thread isn't about politics, climate change, foreign relations, or women in STEM.
Re: (Score:1)
And yet it was the dog that was walking funny this morning.
Re: (Score:2)
Maybe related to the fact that I appended "?nobeta=1" to the address when browsing AC
Re: (Score:2)
Systemd bashing generates more heat these days than good ole MICRO$~1 bashing.