Well, you know, 5 November is coming up, so here in the UK everyone is into gunpowder plots lately...
Well, you know, 5 November is coming up, so here in the UK everyone is into gunpowder plots lately...
What are they going to do? We have far more military might than the EU combined
As surprising as it apparently is to a certain kind of American, not everything in international relations has to be resolved with violence.
The US is committing hostile acts against EU member states, and measures like withdrawing cooperation in these programmes are a reasonable and proportionate response. Trade sanctions would be a more serious step up: no-one would win in the short term if that happened, but the US would probably lose a lot more. There would be direct costs, of course, but also probably irreparable damage to the United States' wider international credibility and reduced cooperation from other nations who were already less predisposed to support the US on matters of mutual interest.
From the outside, it seems very strange that so many people in the US are so proud of their vast military-industrial complex and security services. Here in the UK, the most damaging coverage of the US recently had nothing to do with spying or wars, not that those are winning many friends here. The really sad stuff was shots of pathetic posturing from the political leadership of both the main US parties, juxtaposed with footage of federal workers in DC holding banners saying "Please do your jobs so we can get on with ours", and stories of couples whose wedding days were spoiled, and descriptions of children with very serious health problems who weren't getting experimental drugs that were their only hope because the programmes to trial them were suspended. The idea that such a dysfunctional government, run by politicians so completely out of touch with the basic needs of their own people, should be trusted with anything of significance, security-related or otherwise, just seems bizarre at this point.
Firefox 24 fixed 7 critical security vulnerabilities, on top of the 4 fixed 6 weeks earlier in Firefox 23, and 4 more fixed 6 weeks before that in Firefox 22, and 3 more 6 weeks earlier still in Firefox 21, and so on. Within the past year there have been Firefox releases that fixed as many as 12 critical vulnerabilities.
By your argument, since I have no reason to believe the latest Firefox will have no known vulnerabilities for the entire time that release is current, we should probably just declare Firefox to be dangerous by default and have it prompt users before opening every page from a site they didn't already OK explicitly.
In fact, Microsoft should just flag Firefox as known insecure software and push out a Windows update that warns users about this every time they try to run it, even if Firefox itself is already doing that. And then Microsoft should push out another update a few weeks later that fully removes Firefox from everyone's system for their own safety, and they should kill support completely for anyone who doesn't install that update within the next few months.
Isn't it lucky that Microsoft have an alternative technology that they'd prefer us all to use instead, which they can generously offer to us when they shut down what we've chosen to use previously?
Why should anyone spend a lot of time and money "modernizing tech" when the existing tech is tried and tested and does its job well?
Mozilla won't force the issue. It makes no commercial sense of all the big Java-using corporations to play along. Why do I think IE6 is still used? I think it's because the browser vendors tried to move the goalposts, and the corporate world told them where to go.
I think you're right about the importance of individual players, but the overall trend is unstoppable.
The thing is, it is stoppable. Businesses that rely on Java applets will simply stop upgrading their browsers, and the browser makers will have created IE6 all over again and for exactly the same reason as last time.
The large organisations are probably all running heavyweight malware scanning at the entry point to their network anyway, and the current generation of browsers and plug-ins that will still run Java applets all prompt for confirmation already. The security gains for those organisations from the pressure you're talking about are small, probably the benefits from having all the latest shiny are also small, and the cost of abandoning key intranet facilities developed over many years could be high.
Ironically, lots of people on forums like this will then complain about how their corporate employers are still running some browser from the dark ages because their intranet doesn't follow the proper standards, because they're too young to remember that Java applets predated all those new standards by well over a decade, and because they're too innocent to realise that in most cases businesses aren't installing browsers for them to surf the Internet, they're installing browsers for them to use the tools they need to do their jobs and they don't much care whether anything else works or not.
For what it's worth, I agree with much of what you wrote there. JS performance has come on dramatically in the recent past, and combined with new HTML and CSS tools, you would be much better off starting a new project today using HTML+CSS+JS in most cases.
However, it's not the demands of new software that bothers me in this situation. It's the gazillions of developer-years' worth of existing, working, "legacy" software that is getting broken. We can't have everyone rewriting their entire software portfolio every six weeks because someone at Mozilla or Google decided they don't like the current reality. Put bluntly, neither Mozilla nor Google is that important, as I suspect the former is about to realise rather painfully.
You know, I remember a world wide web where random people ran their own websites giving away free everything
...wrote mx+b for free, before sharing it via a web forum operated by a commercial organisation and funded by ads.
I have never had any problems getting applets to run across all the major browsers, until the recent rounds of deliberate breakage from various browser vendors and Oracle.
Similarly, I have had applets deployed in the field that kept running quite happily for years. I have current ones from the Java 5 days that worked fine well into the Java 7 era, and nothing was breaking during the updates, again until the past few months when APIs that were stable for nearly 20 years got changed and other similar silliness.
Depending on who you ask, there are about 2.5B people using the Internet now. If we assume most of them use the Web and we assume that the pattern for Chrome is representative of the general population, that means more than 200,000,000 people used a Java applet at some point in the previous month.
Even I am surprised by that, but in any case, it seems you and I have very different ideas of what "almost extinction-level rare" means.
The number of support e-mails in my inbox this week from those users suggests that they aren't too happy about being "defended" in this way.
You do understand that without those Bad Things you so hate, there probably wouldn't be a Web worth saving, right? Someone has to pay the bills, and if you're not going to pay for content, you're not going to accept advertising, you want full privacy and security when using services you're not paying anything for... Who is going to write the cheque?
I hate DRM and spammy ads and privacy invasions as much as anyone -- more that most, probably, given that I really do give up on some things most people accept because I refuse to support the intrusions. But still, we live in the real world, and you can't just wish Bad Things away without proposing Better Alternatives. BTW, "everything I want should be free and unencumbered" is not a viable Better Alternative.
If you are still developing/depending on applets, 1995 called they want their stupid ideas back.
Hi 2013, this is 1995 calling. When your new shiny toys have the portability and performance and flexibility that we had nearly two decades ago, and developers can write software using them with a reasonable expectation that it will still be working in 5 or 10 years (or even 1 or 2 years) without needing constant maintenance, then you get a vote. Until then, we'll keep our "stupid" ideas, because they've been helping us get useful work done since before you were born. Kthxbye.
Anyway, generally warning people before loading any java applet: "This plugin is insecure" is great.
No, warning people before loading an insecure plugin that it is insecure is great. Warning people that a newly updated plugin with no known vulnerabilities is insecure confuses them and teaches them that your security messages are worthless and they should just click yes.
I don't think anyone is claiming that Java is some paragon of Internet virtue that should be trusted without question, or that blocking plugins from unknown sites until the user OKs them is necessarily a bad idea. However, crying wolf and creating obscure UIs and turning everyday software into nuisanceware isn't a good response.
Must we have this troll comment every time someone mentions Java applets?
Java applets are commonly used, as they have been for many years. According to this Chromium blog post from September 2013, 8.9% of Chrome users had launched something using the Java plugin in the past month.
Among the common uses that get mentioned every time this discussion comes up are: public access to banking and government systems in various countries, games, user interfaces for devices (scientific equipment, network infrastructure, all kinds of examples), access to local hardware devices that aren't yet available via newer technologies, some popular teleconferencing and VPN software, and little demo graphics written by academics to go on their web sites a decade ago that are still just as relevant today.
In other words, just because you don't use Java applets yourself or know when they're still useful, don't assume everyone else is in the same situation.
The tree of research must from time to time be refreshed with the blood of bean counters. -- Alan Kay