Java-Gaming.org    
Featured games (81)
games approved by the League of Dukes
Games in Showcase (487)
Games in Android Showcase (110)
games submitted by our members
Games in WIP (552)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: 1 2 [3]
  ignore  |  Print  
  Security update breaks A LOT OF STUFF!  (Read 18653 times)
0 Members and 1 Guest are viewing this topic.
Offline SimonH
« Reply #60 - Posted 2010-04-18 15:07:10 »

I got the same popup - seems it's an automatic security update for FF. As far as I can tell it doesn't break anything to have the JDT blocked, but I'm worried that users will think that all java has been blocked!

People make games and games make people
Offline jojoh

JGO Knight


Medals: 5
Projects: 7


games4j.com


« Reply #61 - Posted 2010-04-19 00:22:43 »

But I doubt the average user would use the JDK, as long as the popup doesnt also apply for the JRE.
I don't think the java plugin is different depending on if a JDK is installed, so I would assume that this pop-up is not specific for dev nerds. I think that having the JDT blocked won't be a problem until Java 7 is out, but I think that this will help fuel "Java is dangerous voodoo" among average users.

From the link:
Quote
The Java Deployment Toolkit takes the guess work out of determining what versions of the Java Platform end users have installed on their PCs. It supplies Java based web applet/application deployers with a simple JavaScript interface. This greatly increases the ease of detections of users' Java environment, as well as the ease of Java Platform deployment.

Offline Momoko_Fan

Junior Member


Medals: 2



« Reply #62 - Posted 2010-04-19 06:33:20 »

If you installed the u19 version it would show this. But most users I think would install the u20 one and wouldn't see it.
Since lwjgl 2.4.2 was released I can't notice the difference between u20 and the others, it just shows the "confirm official certificate" dialolg as usual and then works fine, even with unsigned code and all. Some other applets/webstart on other sites that still use the old lwjgl will show the "block dangerous components" though  Undecided People should upgrade to 2.4.2 ASAP.
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 76
Projects: 15


★★★★★


« Reply #63 - Posted 2010-04-21 13:12:09 »

its official, mozilla is blocking all versions of the java plugin prior to Java 6u20.

http://www.theregister.co.uk/2010/04/21/mozilla_blocks_java_plug_in/

IMO it maybe bad for the overall java market share as people are likely to uninstall java altogether rather then update but also good to see what remains of the crappy java plugin1 being killed off by firefox. Java plugin1 will now no longer work in Firefox (already didn't work in chrome and new releases of opera).

In the long term it should help java applets as the user experience is actually pretty good for java plugin2. Lets just hope Oracle don't do anymore major blunders with the plugin and continue working to improving it.
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 781
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #64 - Posted 2010-04-21 13:25:29 »

its official, mozilla is blocking all versions of the java plugin prior to Java 6u20.

http://www.theregister.co.uk/2010/04/21/mozilla_blocks_java_plug_in/

IMO it maybe bad for the overall java market share as people are likely to uninstall java altogether rather then update but also good to see what remains of the crappy java plugin1 being killed off by firefox. Java plugin1 will now no longer work in Firefox (already didn't work in chrome and new releases of opera).

In the long term it should help java applets as the user experience is actually pretty good for java plugin2. Lets just hope Oracle don't do anymore major blunders with the plugin and continue working to improving it.

IMHO, both in the short and long term, this hurts Java.

These security problems tend to be remembered for years, no matter how safe Java is right now.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 76
Projects: 15


★★★★★


« Reply #65 - Posted 2010-04-21 13:41:20 »

IMHO, both in the short and long term, this hurts Java.

These security problems tend to be remembered for years, no matter how safe Java is right now.

Well its reputation can't get any worse then it is now right? Smiley

Apart from a massive chunk of java plugin installs now just silently no longer working on firefox, it can only get better right?

This news was most likely only picked up by people who read tech sites and have an interest (or hatred Smiley) for Java. People tend to have short memories and should forget in a few months (hopefully). Just look at how many vulnerabilities Flash has had (wonder why mozilla hasn't blocked those versions of the flash plugin?)

Offline DzzD
« Reply #66 - Posted 2010-04-21 15:01:09 »

I dont really like the idea of blocked plugins, those plugins have to be installed by the user so it sound really strange for me to block them, it shoud be to the responsability of the plugins vendors not mozilla...

Offline Momoko_Fan

Junior Member


Medals: 2



« Reply #67 - Posted 2010-04-21 16:55:29 »

Why do they block it like that though? I mean can't they just force you to update to u20, rather than showing all that security blocking thing?
Offline trembovetski

Senior Member




If only I knew what I'm talking about!


« Reply #68 - Posted 2010-04-21 16:55:47 »

its official, mozilla is blocking all versions of the java plugin prior to Java 6u20.

http://www.theregister.co.uk/2010/04/21/mozilla_blocks_java_plug_in/

IMO it maybe bad for the overall java market share as people are likely to uninstall java altogether rather then update but also good to see what remains of the crappy java plugin1 being killed off by firefox. Java plugin1 will now no longer work in Firefox (already didn't work in chrome and new releases of opera).

In the long term it should help java applets as the user experience is actually pretty good for java plugin2. Lets just hope Oracle don't do anymore major blunders with the plugin and continue working to improving it.

From what I can see FF only blocks the deployment toolkit, not the java plugin.

Dmitri
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 76
Projects: 15


★★★★★


« Reply #69 - Posted 2010-04-21 18:08:23 »

From what I can see FF only blocks the deployment toolkit, not the java plugin.

Dmitri


ah, thx for clearing that up.

Quote
What is Java Deployment Toolkit?
Since Java SE 6 Update 10, we have introduced new JavaScript functions for developers to easily detect users' Java environment and deploy their Java Applet and Java Web Start applications. The Java Deployment Toolkit includes:
Accurate detection of installed JREs
Seamless JRE installation
Complete applet launching (JRE detection and, if necessary, upgrading) in a single line of code
Complete Web Start program launching in a single line of code

so guess it'll just break functionality without actually disabling the applet plugin.
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline trembovetski

Senior Member




If only I knew what I'm talking about!


« Reply #70 - Posted 2010-04-21 22:09:14 »

ah, thx for clearing that up.

so guess it'll just break functionality without actually disabling the applet plugin.


Even that's not clear. Deployment toolkit is just a bunch of javascript code served from Oracle's website - the "plugin" isn't really needed for that. From what I recall the plugin just provides better jvm detection and stuff like that. The deployment toolkit should be able to function w/o the plugin.

Dmitri
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 781
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #71 - Posted 2010-04-21 22:19:08 »

Even that's not clear. Deployment toolkit is just a bunch of javascript code served from Oracle's website - the "plugin" isn't really needed for that. From what I recall the plugin just provides better jvm detection and stuff like that. The deployment toolkit should be able to function w/o the plugin.

Dmitri


How can a 'bunch of javascript code' served from Oracles site be considered a security hazard? That has absolutely nothing to do with the security holes in the plugin.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline jojoh

JGO Knight


Medals: 5
Projects: 7


games4j.com


« Reply #72 - Posted 2010-04-22 02:32:01 »

Yes, I would also think it is a little bit more than just a bunch of javascript, but I could be wrong. It could be that this name is used for more than one thing? The only useful link I found was this: http://www.kb.cert.org/vuls/id/886582 (Mentioning ActiveX and dll)
Not even the Update Release Notes for 6u20 seemed to mention anything useful, which is a bit strange.

Offline endolf

JGO Coder


Medals: 7


Current project release date: sometime in 3003


« Reply #73 - Posted 2010-04-22 05:59:55 »

Reading the article on elreg, and the linked sites, it only blocks versions before u20, and if users click on the 'explain' link, it tells them so.

Most users won't read anything though.

Endolf

Offline trembovetski

Senior Member




If only I knew what I'm talking about!


« Reply #74 - Posted 2010-04-22 17:09:44 »

You could read this for yourself: here's the deployment toolkit's javascript file (in human readable form):
http://www.java.com/js/deployJava.txt

See the references to the deployment toolkit plugin? Like this one:
1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
    getJREs: function() {
        var list = new Array();
        if (deployJava.isPluginInstalled()) {
            var plugin =  deployJava.getPlugin();
            var VMs = plugin.jvms;
            for (var i = 0; i < VMs.getLength(); i++) {
                list[i] = VMs.get(i).version;
            }
        } else {
            var browser = deployJava.getBrowser();
       
            if (browser == 'MSIE') {


There's a bunch of other code which attempts to use the DT plugin first (for updating java and so forth), and if it's not available, works around it.
Offline trembovetski

Senior Member




If only I knew what I'm talking about!


« Reply #75 - Posted 2010-04-22 17:10:59 »

Reading the article on elreg, and the linked sites, it only blocks versions before u20, and if users click on the 'explain' link, it tells them so.

Most users won't read anything though.

Endolf

Again, disabling the deployment toolkit plugin won't prevent them from running java applets. Unless they freak out and uninstall java completely (always possible).

Offline endolf

JGO Coder


Medals: 7


Current project release date: sometime in 3003


« Reply #76 - Posted 2010-04-22 17:14:47 »

Again, disabling the deployment toolkit plugin won't prevent them from running java applets. Unless they freak out and uninstall java completely (always possible).

I was just pointing out that the latest version of java have any components blocked. Eventually the problem solves itself Smiley

Endolf

Offline pjt33
« Reply #77 - Posted 2010-04-22 17:22:54 »

Reading the article on elreg, and the linked sites, it only blocks versions before u20, and if users click on the 'explain' link, it tells them so.
I'm sure that when I clicked on the "explain" link it said <= u20. It didn't however, block u20 (or, come to that, u17, although it did block u16).
Offline Matzon

JGO Knight


Medals: 19
Projects: 1


I'm gonna wring your pants!


« Reply #78 - Posted 2010-04-26 21:57:15 »

1  
Thread.currentThread().getContextClassLoader().getResource()


Should work if they've implemented it as expected. There should be a delegating class loader across all the resource/code JARs that can be used to see all of them. In a JEE world you'd expect to see this classloader being passed around on the thread.

works, however world + dog is using the "old" method - so they broke a shitload of stuff I think

Offline endolf

JGO Coder


Medals: 7


Current project release date: sometime in 3003


« Reply #79 - Posted 2010-04-26 22:38:57 »

On the other hand, it's been known for quite some time that you should use the context class loader. It's even in Kev's webstart guide (getting your resources), and thats ancient Smiley

Offline Matzon

JGO Knight


Medals: 19
Projects: 1


I'm gonna wring your pants!


« Reply #80 - Posted 2010-04-27 08:33:58 »

this article goes a bit in-depth about the topic:
http://www.javaworld.com/javaworld/javaqa/2003-06/01-qa-0606-load.html

but it doesn't make it THAT clear which to use Smiley

am I correct in generalizing it into: if the resource is not in the same jar as the class - then use the context loader? - else use the classloader directly

or should one just always use the context ?

Offline endolf

JGO Coder


Medals: 7


Current project release date: sometime in 3003


« Reply #81 - Posted 2010-04-27 08:47:24 »

I just always use the context one, whether that's correct or not I don't know, but it always seems to work Smiley

Endolf

Pages: 1 2 [3]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

CopyableCougar4 (22 views)
2014-08-22 19:31:30

atombrot (34 views)
2014-08-19 09:29:53

Tekkerue (30 views)
2014-08-16 06:45:27

Tekkerue (25 views)
2014-08-16 06:22:17

Tekkerue (18 views)
2014-08-16 06:20:21

Tekkerue (26 views)
2014-08-16 06:12:11

Rayexar (65 views)
2014-08-11 02:49:23

BurntPizza (41 views)
2014-08-09 21:09:32

BurntPizza (31 views)
2014-08-08 02:01:56

Norakomi (41 views)
2014-08-06 19:49:38
List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06

List of Learning Resources
by SilverTiger
2014-07-31 11:54:12

HotSpot Options
by dleskov
2014-07-08 01:59:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!