Java-Gaming.org    
Featured games (81)
games approved by the League of Dukes
Games in Showcase (498)
Games in Android Showcase (117)
games submitted by our members
Games in WIP (563)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: 1 [2]
  ignore  |  Print  
  Chrome now blocks applets by default  (Read 11489 times)
0 Members and 1 Guest are viewing this topic.
Offline Alan_W

JGO Knight


Medals: 8
Projects: 3


Java tames rock!


« Reply #30 - Posted 2011-04-10 12:01:57 »

While this may give an additional layer of security against unpatched privilege escalation bugs, I believe that many of the java attacks are using self-signed and and relying on the user clicking through the warning without considering the risk.  So now signed code will get two separate warnings (which will probably get clicked through) and unsigned code will get a single warning (even though the risk is fairly low provided the latest JRE is installed).  Can't say I'm impressed. It would be better to configure Java not to accept self-signing by default and have the browser insist that the latest JRE is installed.

I guess part of the problem is the length of time Oracle is taking to address security issues.  If a new security escalation bug is discovered, there is too large a window of opportunity in which it can be exploited.  The Oracle-Google lawsuit might also be resulting in a bit of tit-for-tat.


Time flies like a bird. Fruit flies like a banana.
Offline Addictman

Senior Member


Medals: 3
Projects: 1


Java games rock!


« Reply #31 - Posted 2011-04-10 12:10:00 »

Yeah, google is looking out for google, not Java. Perfectly understandable.
Offline JL235

JGO Coder


Medals: 10



« Reply #32 - Posted 2011-04-10 15:45:55 »

It seems like Java is replacing Flash as the plugin to hate.

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 800
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #33 - Posted 2011-04-10 16:14:10 »

It would be better to configure Java not to accept self-signing by default and have the browser insist that the latest JRE is installed.

I still don't see how CA-signed is more trustworthy than self-signed. The difference is that you have to pay for one. The checks these CAs perform are laughable. I once got a code-sign certificate for a companyname the business I registered it for didn't own.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline Matzon

JGO Knight


Medals: 19
Projects: 1


I'm gonna wring your pants!


« Reply #34 - Posted 2011-04-10 17:05:05 »

technically, that's the browser / javas fault. They shouldn't trust "laughable" CAs.

Offline gouessej
« Reply #35 - Posted 2011-04-11 08:46:48 »

It is not fair. Flash is proprietary, even within a sandbox it can be dangerous. This change in Chrome is in favour of Flash. It is too much. I will go on advising people to switch to Mozilla Firefox 4. I spent some time in fixing another "bug" in Chrome but Google preferred using another fix because it wanted to keep the dangerous file warning. Google prefers driving Java more scary in its web browser, it is intentional both for applets and Java Web Start.

P.S: The answers of Google guys are quite silly. They underestimate the use of Java.

Offline hishadow

Senior Newbie





« Reply #36 - Posted 2011-04-11 12:13:12 »

I have about 6-7 months left of my Applet-based project. I wonder if it will even run by the time I'm finished? Smiley

As long as plugins are up-to-date they should be allowed to run. Give a warning if not, suggest upgrade, or block if its too old. Java is just as established as Flash, and there's no reason to discriminate because of security issues. Flash is just as riddled with security flaws as Java. Concerning signed applets, I think there's ground for extra security warnings.The best thing would be for Oracle to a major redesign of the warning system though.
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #37 - Posted 2011-04-28 13:24:25 »

yay, chrome 11 is now released to the masses, with the above change.

Google state the following as their official reason for the change:

Quote
Plug-ins help browsers process special types of web content, like Flash or Windows Media files. Some plug-ins, such as Flash, are used by many websites on the Internet. Other plug-ins are only used by a small number of sites. Since plug-ins can occasionally be a security risk, Google Chrome now blocks plug-ins that are not widely used. When this happens, you will see a message such as the following:

"The Java plug-in needs your permission to run."

You should only run the plug-in if you trust the website you are visiting (for example, your banking website might legitimately use a Java applet).

To let the plug-in run on the site, follow these steps:

To run the plug-in just this once, click Run this time in the message. The plug-in will run, but if you re-visit the site, you'll be asked for permission to run the plug-in again.
To always allow the current site to run the plug-in, click Always run on this site. Subsequent visits to the site will run the plug-in without asking again.

If you don't want Google Chrome to ask your permission before running lesser-used plug-ins, use the command line flag --always-authorize-plugins.
Online kevglass

JGO Kernel


Medals: 164
Projects: 23
Exp: 18 years


Coder, Trainee Pixel Artist, Game Reviewer


« Reply #38 - Posted 2011-04-28 13:30:42 »

Wonder if 2 million users for one game counts as "widely used" ?

Kev

Offline woogley
« Reply #39 - Posted 2011-04-28 13:56:51 »

Wonder if 2 million users for one game counts as "widely used" ?

Kev

2 million users _paid_ out of 7 million accounts
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #40 - Posted 2011-04-28 14:12:51 »

and its also estimated that it'll be at least 4 millions copies sold by the end of the year. Smiley
Offline steveyO
« Reply #41 - Posted 2011-04-28 14:32:45 »

out of 2 Billion Internet Users http://www.internetworldstats.com/stats.htm
I make that 0.2%.. Still. Not widely used  but getting there Huh

https://play.google.com/store/apps/details?id=com.bullsquared.alggame Annoying Little Gits (Android)
www.bullsquared.com   Play java (applet) games! www.chessclockpro.com Free Online Chess Clock
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #42 - Posted 2011-04-28 16:14:07 »

strange that Unity3D isn't blocked though when its used even less frequently then Java.
Offline ShannonSmith
« Reply #43 - Posted 2011-04-28 16:34:10 »

It's pretty clear this has nothing to do with the numbers. The 90-95% of people they claim will never need Java for there web experience was pulled out of thin air. Also the reason google became such a popular search engine was because of the 1% of searches that competitors couldn't get right.
It's pretty clear this is a direct attack on Oracle and Apple and I think doing so via your software is a pretty sad way to go about it.
Offline CyanPrime
« Reply #44 - Posted 2011-04-28 19:08:53 »

strange that Unity3D isn't blocked though when its used even less frequently then Java.
That's just retarded. I was about to switch to Chromium, but now screw that. I'll keep my big slow FF lol.
Offline DzzD
« Reply #45 - Posted 2011-04-28 19:11:26 »

Quote
before running lesser-used plug-ins, use the command line flag --always-authorize-plugins.
this sentence tell everything about Google, they are just ashole .. oups... sry for the bad word  Lips Sealed java is the second (or near) plugin most used all over the world

Offline JL235

JGO Coder


Medals: 10



« Reply #46 - Posted 2011-04-28 19:11:38 »

It's pretty clear this has nothing to do with the numbers. The 90-95% of people they claim will never need Java for there web experience was pulled out of thin air. Also the reason google became such a popular search engine was because of the 1% of searches that competitors couldn't get right.
It's pretty clear this is a direct attack on Oracle and Apple and I think doing so via your software is a pretty sad way to go about it.
The reason Google became popular was because 1) they didn't surround the search engine with a portal and 2) it worked. The Google guys had a basic test they would perform where on a rival search engine they would search for that competitor (i.e. searching for altavista on AltaVista). Most search engines at the time failed this test.

The simple fact is that Java is used on only a minority of websites, whilst at the same time it's becoming more and more popular as an attack vector. I don't think there is any conspiracy here, I think it comes down to Google wanting to be able to say that Chrome is safe. With bugs in Java WebStart (including some recent ones), they cannot claim this whilst Java is enabled by default. The problem here lies with Oracle.

Offline DzzD
« Reply #47 - Posted 2011-04-28 19:15:44 »

Google is just think too much they are God, and they are doing good without any concern about law or fairplay

[size=6pt]<offtopic>
as google take most of its money incom from adsense... I dream of the day a cupple of website will produce false click on those advertisments on random website using their own visitors, making the whole system unreliable
</offtopic>[/size]

Offline CyanPrime
« Reply #48 - Posted 2011-04-28 19:24:10 »

This also extends to Chromium! I thought Chromium would have higher standards, but they're just as evil :<
Online princec

JGO Kernel


Medals: 380
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #49 - Posted 2011-04-28 19:45:20 »

Good for Google. Die applets die.

Cas Smiley

Offline CyanPrime
« Reply #50 - Posted 2011-04-28 19:53:43 »

So is it only unsigned applets?
Offline DzzD
« Reply #51 - Posted 2011-04-28 20:02:28 »

Good for Google. Die applets die.

Cas Smiley
it was a so sweet time when we was still saying "What is Google?"

Offline zammbi

JGO Coder


Medals: 4



« Reply #52 - Posted 2011-04-29 06:21:27 »

Quote
So is it only unsigned applets?
For all applets.

Current project - Rename and Sort
Offline erikd

JGO Ninja


Medals: 16
Projects: 4
Exp: 14 years


Maximumisness


« Reply #53 - Posted 2011-05-04 19:46:31 »

I just successfully launched an applet (a signed one) using Chrome 11.0.696.57 (on Ubuntu 11.04).
Am I missing something?

Offline namrog84

JGO Ninja


Medals: 46
Projects: 4


Keep programming!


« Reply #54 - Posted 2011-05-04 20:03:08 »

They can still be run just fine.  They just require 1 extra step of "allow this to run"  unless you have it turned on already to allow all.

I just successfully launched an applet (a signed one) using Chrome 11.0.696.57 (on Ubuntu 11.04).
Am I missing something?

"Experience is what you get when you did not get what you wanted"
Offline erikd

JGO Ninja


Medals: 16
Projects: 4
Exp: 14 years


Maximumisness


« Reply #55 - Posted 2011-05-04 20:56:05 »

They can still be run just fine.  They just require 1 extra step of "allow this to run"  unless you have it turned on already to allow all.

I didn't even have to do that.

Offline zammbi

JGO Coder


Medals: 4



« Reply #56 - Posted 2011-05-05 00:01:01 »

I guess it's because your on Ubuntu. Because I'm on Chrome 11.0.696.60 on Windows.
Which is odd that they have done that.

Current project - Rename and Sort
Pages: 1 [2]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

radar3301 (12 views)
2014-09-21 23:33:17

BurntPizza (31 views)
2014-09-21 02:42:18

BurntPizza (22 views)
2014-09-21 01:30:30

moogie (20 views)
2014-09-21 00:26:15

UprightPath (28 views)
2014-09-20 20:14:06

BurntPizza (33 views)
2014-09-19 03:14:18

Dwinin (48 views)
2014-09-12 09:08:26

Norakomi (74 views)
2014-09-10 13:57:51

TehJavaDev (103 views)
2014-09-10 06:39:09

Tekkerue (50 views)
2014-09-09 02:24:56
List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06

List of Learning Resources
by SilverTiger
2014-07-31 11:54:12

HotSpot Options
by dleskov
2014-07-08 01:59:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!