More Java hair tearing

February 4, 2013

Another episode in the war between Apple and Java, with Mozilla/Firefox joining in. I almost wrote “The Alliance”, or maybe “The Axis Powers”. Who are the bad guys?

Late on Friday I got an email from the nice support folk at Liverpool Telescope, warning me that their Phase 2 GUI tool might stop working for me. Checking out their news item, its an issue for anybody using a Mac, and anybody using Firefox. They link to some news items here, here, and here. As usual, not only did Apple do this very suddenly, they did it WITHOUT TELLING THEIR CUSTOMERS. Stuff just stopped working.

My geekier readers will remember an earlier possibly somewhat alarmist post by moi, within the comment stream of which it became clarified that the problems concerned the Java plugin for web browsers, not regular Java Apps using the JRE.  Now the LT GUI is not an in-browser thing – its Java Webstart, which is just a fancy way of providing a link to the latest version of a Java App. Brief panic while I tried out Topcat and Aladin. If Topcat stops working I am fucked. (This is Mark Taylor’s evil plan of course). However, T&A are fine.

It seems Apple stopped any webby-Java things work using the Xprotect list, including webstart. I have no idea what Xprotect is. Alex, you now have permission to pontificate. I hear a dark rumour that if you know which plist to edit you can work round this.

Meanwhile, I have a virtual machine running Debian and the delightfully spartan Enlightenment window manager, and I can carry on loading up more PanSTARRS transients into the LT database…


Update Monday evening. Gets more confusing. The LT folk sent round an email saying that Apple had released a software patch, explained here, and available through the usual Software Update tool. However … no such update was offered to me…  After consulting a few users, it seems people 10.8 never saw a problem at all; those with 10.6 were totally blocked, but are now fixed by the patch; but those of us with 10.7 have not been offered a patch ?

Meanwhile I am playing with about eighteen different Linux window managers to see which one I like best.


Java in crisis?

October 22, 2012

We all use Java every day : stand-alone Java applications like Topcat and Aladin; in-web-page Java applets (Aladin again); and on the server side (e.g. WSA and VSA). But now it seems there is a security crisis; serious people are telling us to disable or remove it. Wuh ? At the risk of boring the ungeeks let me explain how I just stumbled into this understanding. Its a classic tale of confusion, coincidence, and mysterious disappearances.

I am a big fan of Tiddlywiki. Its a personal wiki – a kind of hyper-notebook. You run it on your own computer, or even from a memory stick. Its very clever. Just a single html file, containing both your text, and the javascript needed to edit it. The tricky bit comes when you want to save your changes. That requires your browser to write a file onto your computer – a new version of that single html file. Thats done with Java, as opposed to javascript. You place a file called “tiddlysaver.jar” in the same directory and it does the work. You have to give explicit permission to write onto your disk of course. We ain’t nuts.

So… recently … for reasons I won’t bore you with, I wiped my Firefox installation and made a new one. (Well ok – my wordpress front page widgets weren’t working, and after many tortured days, it was the only fix that worked.) A few days later I tried to update one of my tiddlywiki notebooks. It wouldn’t save. Trawled through various FF settings but couldn’t fix it. So I tried to do my edits in Safari. Same. And Chrome. Same. Oh. Maybe the FF change was a coincidence ? If it fails everywhere, it must be a MacOS problem? Then I suddenly remembered I’d had the identical problem when I upgraded to Mountain Lion. Sensible chap that I am, I’d left myself a wee note. It said “go to the Java Preferences app and tick the box that says enable applet plugin“. So, off I goes. Hmm. No such checkbox. Must have been removed in some recent system upgrade.

Now… a few weeks back I had a hair tearing Time Machine problem. Apparently my backup was going to take 11,158 days. I spent several days fretting about this on and off and wondering what I had screwed up. Then  lo! A new Software Update was announced which amongst other things said “this also fixes a problem some users may have been having with Time Machine backups”. And yea, indeed, verily did the SU completely fix this problem. Grrr. Wasn’t me at all. Wish I’d known.

So… maybe its another Apple SNAFU. Is there a new SU ? Yup. And look! Its a Java update! But … (a) it still didn’t fix the problem and (b) the Java Preferences app has completely disappeared !! I check out the “more detail at apple support” page . This says

This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.

This update also removes the Java Preferences application, which is no longer required to configure applet settings.

Click on the region ? What region ? What the hell does that mean?

Then I read a bit more on the Tiddlywiki home page. It seems all the major browsers are clamping down on Java, disabling by default, and making you jump through more hoops. For Firefox there is a specific Tiddlywiki fix – a FF extension called TiddlyFox. So at least I am (temporarily) sorted…

On Chrome, if you try to run an applet like Aladin, you get a banner saying”Java(TM) is needed to run some elements on this page” and there is button labelled install plug-in. This takes you to an Oracle page which says

Chrome does not support Java 7. Java 7 runs only on 64-bit browsers and Chrome is a 32-bit browser.

If you download Java 7, you will not be able to run Java content in Chrome and will need to use a 64-bit browser (such as Safari or Firefox) to run Java content within a browser. Additionally, installing Java 7 will disable the ability to use Apple Java 6 on your system.

OK, screw that then. How about Safari ? The Aladin applet seems to run ok. But Tiddlywiki does not. This is because it wants to write to your disk. Some documentation on the Tiddlywiki site told me what to do … open Safari preferences, go to “Advanced” and tick “Show Develop menu in menu bar”. Then a new menu items appears in your menu bar called “Develop” with options for grown-ups. (Don’t forget to open the door marked “beware of the leopard”.) Finally move down that menu and mark “Disable local file restrictions”. Yay !! But guess what. That menu item no longer exists. Somebody really doesn’t want us to do this.

Finally … I started roaming around the interwebs the way you do, seeing if other folk had the same probs. I stumbled over this nice Java Tester Page. This is where I first saw the scary words “Java Security Flaw”…  I then followed the link to this article by Michael Horowitz and things began to make sense … sort of.

It seems there are serious security flaws that won’t be fixed until February 2013. Horowitz says

Java is used by both installed applications and websites. If you only need Java for an application, disable it in all your browsers. OS X users on Lion and Mountain Lion had Apple do this for them (more below). Windows users in this situation may want to consider the portable version of Java available at portableapps.com.   If you need Java for a website, enable Java in a browser used only on the site that needs it. For all other websites, use a browser that has Java disabled.

I can remember back when Java was the next big thing. Now, it’s all but a curse word.

Jeez.  Gordon Bennett. Is it really true ?


Follow

Get every new post delivered to your Inbox.

Join 117 other followers