Java-Gaming.org    
Featured games (91)
games approved by the League of Dukes
Games in Showcase (576)
games submitted by our members
Games in WIP (498)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1] 2
  ignore  |  Print  
  Chrome now blocks applets by default  (Read 10584 times)
0 Members and 1 Guest are viewing this topic.
Offline zammbi

JGO Coder


Medals: 4



« Posted 2011-04-09 19:16:02 »

Not sure if anyone else noticed but in Chrome 11, applets are now blocked by default.


Current project - Rename and Sort
Offline DzzD
« Reply #1 - Posted 2011-04-09 19:22:26 »

unsigned applet too ?

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 70
Projects: 15


★★★★★


« Reply #2 - Posted 2011-04-09 19:24:01 »

hmm, might be a bug in Chrome otherwise it'd be really stupid if they did that. Are you on linux?
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline zammbi

JGO Coder


Medals: 4



« Reply #3 - Posted 2011-04-09 19:29:34 »

"Are you on linux?"
No, windows 7.

"unsigned applet too ?"
Seems so.

"might be a bug in Chrome"
Could be(though I don't think so), I am using a beta. I'll research some more.

Current project - Rename and Sort
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 70
Projects: 15


★★★★★


« Reply #4 - Posted 2011-04-09 19:37:42 »

http://code.google.com/p/chromium/issues/detail?id=76737

above link looks relevant, from the comments it looks like it might be intentional and the java plugin is infobar'd by default Shocked.
Offline DzzD
« Reply #5 - Posted 2011-04-09 19:50:24 »

Google is becoming fun...

Offline zammbi

JGO Coder


Medals: 4



« Reply #6 - Posted 2011-04-09 19:54:07 »

Great... Well maybe we should complain on that thread, someone might listen.

Current project - Rename and Sort
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 605
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #7 - Posted 2011-04-09 19:56:39 »

Seriously, last year we saw such an incredible rise in exploits of bugs in the JRE, that were possible from within unsigned applets, that this is almost a natural response.

Chrome already replaced buggy Adobe Reader with their own PDF reader, probably for the same reasons.


You really can't blame them for trying to protect their users.

Quote

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline DzzD
« Reply #8 - Posted 2011-04-09 20:08:22 »

problem is that it bring new rules in Web world, every plugins can bring security holes this should not be a chrome concern, like if window start to block steam because they think it is not enought secure, or any other software... this is not fair

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 70
Projects: 15


★★★★★


« Reply #9 - Posted 2011-04-09 20:14:07 »

yup, looks like some anti competition play here from Google. The flash plugin continues to work as before with no block even though it was massively targeted too. Don't forget that Oracle released a massive patch ball with the last Java 1.6.0_24 release which fixed most of the known security holes, so not sure that argument holds much weight.
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline zammbi

JGO Coder


Medals: 4



« Reply #10 - Posted 2011-04-09 20:17:46 »

Quote
yup, looks like some anti competition play here from Google. The flash plugin continues to work as before with no block even though it was massively targeted too.
Yeah though they work directly with adobe to make it more sandboxed in Chrome. Why couldn't they work directly with Oracle? I guess it's because of the suing Tongue

Current project - Rename and Sort
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 605
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #11 - Posted 2011-04-09 20:17:46 »

It's always a compromise.

Given the very poor state the applet plugin was in for more than a decade and the still very marginal use and the massive security problem, I personally think it's a fair attempt at raising the bar to get infected.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline benc1213

Senior Newbie





« Reply #12 - Posted 2011-04-09 20:21:49 »

Yeah I have noticed that but I switched to firefox 4 a few weeks ago and I am so glad I did.
Offline DzzD
« Reply #13 - Posted 2011-04-09 20:27:05 »

In a perfect world maybe, but I cant imagine there is not something behind

this is not a good solution, security hole are everywhere and the global security gain here is negligeable, it just increase the bad reputation of java

once again just imagine tha Microsoft decide Chrome is not enought secure... should they block it this way ? I mean they could just decide to sell a security certification to any software running on window, but is it  real solution ? thundirbird, Outlook, IE, Chrome, FF, Steam, Skype, Emul etc... are all potential nice infection vector

nowaday not only browser are using internet, security must be thinked more globally, the gain in security is so poor that this cannot be something else than a "pike" to Oracle

Offline oNyx

JGO Coder


Medals: 1


pixels! :x


« Reply #14 - Posted 2011-04-09 21:09:55 »

yup, looks like some anti competition play here from Google. The flash plugin continues to work as before with no block even though it was massively targeted too. Don't forget that Oracle released a massive patch ball with the last Java 1.6.0_24 release which fixed most of the known security holes, so not sure that argument holds much weight.

Flash is integrated into Chrome. Like Chrome itself, it's kept up to date automatically.

Java's update rate is pretty sluggish.

By the way, Firefox blocks old versions of Java completely. E.g. 1.6.0_07 (can't figure out the exact version number, but I know that they blocked that one) and everything before gets blocked. Everything prior to _10 doesn't work anyways (incompatible).

弾幕 ☆ @mahonnaiseblog
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 70
Projects: 15


★★★★★


« Reply #15 - Posted 2011-04-09 21:16:43 »

yeh true, blocking out dated plugins is fine and Chrome already does this for all plugins.

However this time they've gone further and blocked every version of java (intentionally), even if its up to date.
Offline oNyx

JGO Coder


Medals: 1


pixels! :x


« Reply #16 - Posted 2011-04-09 23:37:53 »

Infobar'd, not blocked. Wink

弾幕 ☆ @mahonnaiseblog
Offline ra4king

JGO Kernel


Medals: 322
Projects: 2
Exp: 4 years


I'm the King!


« Reply #17 - Posted 2011-04-09 23:54:24 »

I posted about how outrageous this is and all I got was that I have my facts wrong and then they disabled commenting on the issue alltogether Angry
And I thought I liked Google Cry

Offline Riven
« League of Dukes »

JGO Overlord


Medals: 605
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #18 - Posted 2011-04-10 00:07:17 »

I posted about how outrageous this is and all I got was that I have my facts wrong and then they disabled commenting on the issue alltogether Angry
And I thought I liked Google Cry
I read your replies there.

Keep in mind that you are not dealing with 'Google' here but with people. You're certainly acting immature and have just pissed off somebody at the position to make significant changes, ruining it for others that would have more informed arguments as apposed to "But clearly this exchange was a waste of both our times." Like that ever helped in a discussion.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline Addictman

Senior Member


Medals: 3
Projects: 1


Java games rock!


« Reply #19 - Posted 2011-04-10 00:17:56 »

To ra4kings defence; It wasn't his comment that stated "But clearly this exchange was a waste of both our times."

That aside, I see where google is coming from. The one thing that Chrome has really taken heat for, is it's lack of security. So it's understandable that they're trying to address security issues.  Do I personally like it? No. Would my mother like it, if she knew what it was in the first place? Definitely.
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 605
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #20 - Posted 2011-04-10 00:23:17 »

To ra4kings defence; It wasn't his comment that stated "But clearly this exchange was a waste of both our times."

Oops. I thought "dua...@gmail.com" was ra4king. My apologies.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ra4king

JGO Kernel


Medals: 322
Projects: 2
Exp: 4 years


I'm the King!


« Reply #21 - Posted 2011-04-10 01:02:04 »

@Riven
It's all good Grin
Btw, I'm ra4king everywhere on the internet Wink

@Addictman
But Java is not Google's to control. Google can't take heat for security issues on behalf of Java so I really see no point to block autorun for all version of Java. They should only block older versions because it is getting quite annoying allowing every single site I go to.

Offline Addictman

Senior Member


Medals: 3
Projects: 1


Java games rock!


« Reply #22 - Posted 2011-04-10 01:23:25 »

I understand what you mean, and as I said, I personally don't like it. But Java's installed on so many computers around the world, and so few of those computers actually *use* java actively. Let's face it, the members of this forum aren't exactly the average user when it comes to Java. So, if/when a new huge gaping security hole emerges in the current java version, what's the safest thing to do? Ignore it, and wait for Oracle to fix it, and risk the vast majority of users around the world that have java installed but don't know what it is, to go into a tantrum over Google because they erroneously think Chrome's the culprit? Or, force those that actually use java services to "click once".

In a perfect world; screw google. In the real world: screw applets.
Offline ra4king

JGO Kernel


Medals: 322
Projects: 2
Exp: 4 years


I'm the King!


« Reply #23 - Posted 2011-04-10 01:27:06 »

Agh screw the real world Angry

But yes, that unfortunately makes sense Cheesy

Offline BoBear2681

JGO Coder


Medals: 18



« Reply #24 - Posted 2011-04-10 07:37:51 »

At the risk of having an unpopular opinion in this forum, I really don't mind this.  They're essentially embedding functionality similar to (parts of) NoScript into the browser.  Of course, I do see the concern as a Java developer about user perception.

Folks often say that users will usually click "Yes" to any dialog asking them anything, without even reading or understanding it, to try to get software working on their computers.  Might that happen in this scenario as well - "Oh, I have to click OK here to use my banking site, whatever"?
Offline Nate

JGO Kernel


Medals: 128
Projects: 3
Exp: 14 years


Esoteric Software


« Reply #25 - Posted 2011-04-10 08:40:02 »

Built in FlashBlock (the Firefox plugin) for Java. Cool.

Offline Scarzzurs
« Reply #26 - Posted 2011-04-10 09:43:03 »

It seems a bit overprotective, but on the other hand companies like Apple have been practising stuff like this for years...

I must also admit that after surfing sites that are filled with applets, I have at some point actually wanted a feature like this.
I have a plugin like that for delaying Flash loading called FlashBlock. However as with FlashBlock I as the user made the decision, not the author of the browser...

In regards to security, I'm not sure how much difference it will do.
People will still click the "Allow virus to install" button.
Only the 10% that doesn't will be a tiny bit more protected (future Java patches should fix it anyways).

Hmm, I wonder how big the chances of a removal of this feature is, if Java security goes up...

- Scarzzurs

My games and Projects:
BlastingPixels.com,
Old website
Offline delt0r

JGO Coder


Medals: 22


Computers can do that?


« Reply #27 - Posted 2011-04-10 12:36:43 »

I do and always have had java blocked by default. Same with java script and flash. I want to surf and read the web, not have the web  intrude on me. I enable these "run client side" features  only for specific pages or cases.

Quite frankly not only do i understand where google is coming from. I think its a good idea.

I have no special talents. I am only passionately curious.--Albert Einstein
Offline DzzD
« Reply #28 - Posted 2011-04-10 12:52:18 »

a problem is also that if the user is asked once (by Chrome), logicaly user have been prevent and than the Applet should then be given full access without the need to be signed (stupid to ask twice), this completly make the sandbox of java Applet useless/obsolete.

If Applet is considered as unsafe it should not need to be signed anymore, continu to ask for a secure certificat to gain full access will mean unsigned Applet are considered secure

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 70
Projects: 15


★★★★★


« Reply #29 - Posted 2011-04-10 13:09:06 »

oh well, another nail in the JavaFX 2.0 coffin.
Pages: [1] 2
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

xsi3rr4x (15 views)
2014-04-15 18:08:23

BurntPizza (14 views)
2014-04-15 03:46:01

UprightPath (27 views)
2014-04-14 17:39:50

UprightPath (12 views)
2014-04-14 17:35:47

Porlus (29 views)
2014-04-14 15:48:38

tom_mai78101 (51 views)
2014-04-10 04:04:31

BurntPizza (110 views)
2014-04-08 23:06:04

tom_mai78101 (211 views)
2014-04-05 13:34:39

trollwarrior1 (179 views)
2014-04-04 12:06:45

CJLetsGame (185 views)
2014-04-01 02:16:10
List of Learning Resources
by Longarmx
2014-04-08 03:14:44

Good Examples
by matheus23
2014-04-05 13:51:37

Good Examples
by Grunnt
2014-04-03 15:48:46

Good Examples
by Grunnt
2014-04-03 15:48:37

Good Examples
by matheus23
2014-04-01 18:40:51

Good Examples
by matheus23
2014-04-01 18:40:34

Anonymous/Local/Inner class gotchas
by Roquen
2014-03-11 15:22:30

Anonymous/Local/Inner class gotchas
by Roquen
2014-03-11 15:05:20
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!