Hacker News new | comments | show | ask | jobs | submit login
Apple says no Java for you, removes plugin from browsers on OS X 10.7 and up (engadget.com)
116 points by somethingnew on Oct 19, 2012 | hide | past | web | favorite | 106 comments

If you care about good journalism, follow the source. This is Engadget aggregating an Ars Technica story. That's fine -- there are good reasons for aggregation -- but if you are going to share on social networks, take the time to click to the original and reward the real reporting -- in this case from Dan Goodin.


Sorry bout that :)

They are uninstalling the Apple-provided Java browsing plugin and letting Oracle handle the browser plugin from now on. Sounds good: why keep Java around by default as a potential security hole now that very few sites use it?

They still provide Java for applications like CrashPlan, Minecraft, or JungleDisk which need it.

Don't forget Runescape, one of the biggest MMORPG's in the world, which uses Java for it's 3D front end client, but even they will be gone soon; they're moving to HTML5.

Wow, I never thought I'd see the day when Runescape wasn't Java.

I was surprised too when they decided to switch, I'm a ten year veteran since RSC, so Java has always been the way I have thought of that game. Even the company name, JaGex, is an abbreviation of 'Java Game Experts.'

They have released some detailed graphics of the new rendering engine in HTML5 and what I assume is Javascript and the results are fairly spectacular, much more clarity and the improvement is at least partially visible, it just remains to see if it will run as fast as RS2.

I should however clarify, the back end will still be a mixture of Java, with C++ strapped on top where needed.

I didn't know runescape still existed, I played that game 11 years ago.

It was really big for a while, had in excess of 200,000 players on at a time, then poor decisions on part of the company who runs them and being bought out by another company caused the game to be less popular than it was.

Currently it stands at about 110,000-140,000 people on at once per night, which while being no mean number itself, consists of a large number of bots, or computerized players, programmed to perform tasks which generate in game money to be sold to legitimate players on external websites.

The % of bots was said at the last RuneFest to be around the 30% mark, but since most players have used some form of botting program in the past, it is more likely to be around 50%.

Over the years, there has been a lot of turmoil in game, from free trade and the wilderness being removed, to it being reinstated, to the release of pay-for-perks via the squeal of fortune, a relatively new money making venture by JaGex, instigated by the new owners (Possibly named MMG, I can't remember off the top of my head) whereby players can buy spins on a virtual wheel of fortune, with prizes ranging from experience lamps, to 50 coins, to rare items and weapons (in a form which may not be sold) all the way up to 200,000,000 coins (which admittedly is extremely rare.)

The culmination of these changes has resulted in a player backlash, whereby the forums (and not just the 'rant' forum) are constantly filled with topics and players complaining, wishing the game was how it used to be.

Adding to this, several staff who felt strongly about the future of the game, also being players themselves, quit their positions at the company, including the CEO. (There is a much longer story and this is very watered down.)

But to give a proper response: The game is still very much existential, though internally, it is filled with anger and cheating.


I am in no way affiliated with JaGex, I know some of the staff use HN and I don't want to get any of them in trouble, the new owners tend to act first and think later.

I switched from FreeBSD as my desktop to OSX about four years ago because:

a) I needed a unix based desktop

b) I needed end user components (browser, printing, etc.) that just worked

Circa 2008, everything in Safari "just worked" - every site, every player, every piece of embedded bullshit on every little web 2.0 site blah blah blah.

But now I need to manually futz around with flash every two weeks to keep it working ... and now java as well ?

I think OSX still has an edge for me, in terms of getting things done, due to printing and ... ? It's getting awfully close to even, though.

Since I was the lone developer using windows at my workplace, I decided to give Apple/OSX a fair shake. The fact OSX was unix based seemed awesome to me (some of my projects are in C).

Then began the hell of trying to do anything "unixy" on OSX. Custom libraries just for the mac (custom libev??), needing to install XCode Dev Tools to get gcc compiler(???). Sigh.

In the end I just ended up running a CentOS VM in virtualbox, and I do my development there. The ONLY benefit I currently gain from a Mac is creating iOS apps.

OS X is indeed a rather nasty Unix platform right now because Apple in the midst of a long drawn out transition away from GCC. They are shipping a completely outdated GCC and an obsolete libstdc++, yet most libraries are still compiled with that ancient libstdc++.

I tried to use LLVM's libc++ instead but I had to recompile so many libraries and make sure the dynamic linker actually picks them up that it was just too big of a hassle. I don't see light at the end of that tunnel right now.

I'm thinking of giving Linux another try as a development platform.

Apple really follows the tradition of commercial UNIX: An ugly thrown together pile of shit as userland and third party libraries. It's worse now with their fear of GPLv3. But even before GPLv3 there were issues. Sometimes you had to wonder where Apple even got the source for such ancient tools. There were security bugs that had been fixed in *BSD or GNU 10 years earlier.

> They are shipping a completely outdated GCC

They are shipping a heavily modified GCC that originally was forked in 2008. The version of GCC they ship is entirely based on LLVM via Clang and is intended to be a hold-over for everything to transition to Clang over LLVM.

It's 4.2.1, but the compiler is actually simple to replace anyway. The real problem for me is the C++ standard library.

If you were on Windows you'd need to install Visual Studio just to get a compiler. XCode is similar. You haven't seen hell until you try and use Cygwin on Windows to get anything "unixy" done.

It sounds like you weren't using MacPorts or Homebrew to build your libraries. They're a lot closer to the distributions you see on Linux and BSD.

> If you were on Windows you'd need to install Visual Studio just to get a compiler.

Not true, even if you consider only Microsoft software.


And if my project involves heavy use of shared libraries, I'll take cygwin over macports any day.

Apple's command line tools for XCode are available as a separate download from XCode from their developer portal too.

I didn't know Microsoft had a stand-alone compiler, but I'm not even sure what such a thing would be used for other than to be embedded in some other software.

How is cygwin any better than a package manager like MacPorts or Homebrew?

If you're having this much trouble with shared libraries, you're doing something quite odd. They're usually less obnoxious than their equivalent .DLL files.

Apple has gone to great lengths to get fully POSIX certified. As far as the libraries go, they're nearly identical to their Linux or BSD counterparts. The number of platform-specific issues you'll have to deal with when using standard versions of the libraries are usually small.

In looking through open source, I always see a lot more of `#ifdef WINDOWS` than I do for anything OS X specific, especially in the networking and threading departments.

There's no need to install XCode in order to have GCC/LLVM and satellite programs. Go to connect.apple.com, authenticate and download the "Command Line Tools (OS X version) for XCode."

For developer tools, check out the command-line developer tools: https://developer.apple.com/downloads/index.action?=command%... Kenneth Reitz worked with someone at Apple to get a small (~100MB) package containing what you need for opensource work without the full XCode.

You should be using homebrew: it's been a LONG time since I've needed to do anything unusual to get most OSS web & media apps built. "brew install libev" and get on with life.

OSX is not "unix based". OS X is unix. And it comes with php, ruby, python installed. I remember having to get gcc toolchain on linux too, maybe it has changed since.

A thousand times this. I used OSX at one job where everyone else was too and was appalled at how bad it is for getting work done. It's pretty and shiny but broken by design in terms of usability. Switching windows is a pain in the ass (different shortcuts to 'alt-tab' between windows of the same application), maximizing a window doesn't work properly, no way to change the window manager. Those are just my gripes with the GUI. As parent pointed out, the best way to do *nix-based work on OSX is to run linux on a VM. This throws the 'is unix-like' argument out the window.

So a crap GUI, crippled CLI, very questionable company policies and politics and to top it off it costs twice as much as everything else. You have to be out of your mind to buy into this.

> Switching windows is a pain in the ass (different shortcuts to 'alt-tab' between windows of the same application)

This has been standard for many years: Command-Tab switches applications, Command-` switches windows within an app. If that doesn't work, it's because an application vendor has taken specific measures to break it - something which is possible on any platform and should be reported as a bug.

As for doing Unix work, again, this is just griping: you're blaming OS X for things which you either didn't learn or where the upstream vendor has hard-coded Linux-isms, which is increasingly rare. The combination of the command-line developer tools and homebrew means that for most people running linux in a VM useful only for final validation testing.

Mostly the window switching is weird for people as the metaphor nearly everyone is used to is 'command + tab switches window' whereas OS X is 'command + tab switches application'. I actually prefer it that way, but it's not for everyone.

It's funny when people complain that Apple's GUI isn't like the OSes that copied them... When in fact that's because they copied them wrong... :\

I agree there are crippled parts to OSX's CLI, but would be curious to know which bits you think are crippled? As from your other assertions, I suspect they are shallow.

> no way to change the window manager

Is this actually the case? I use Linux as my primary OS, but I recall seeing xmonad running in osx on a macbook.

That xmonad was almost certainly managing the X11 apps while the native apps were being managed by the standard Apple window manager.

Most Mac users (including myself) make no regular use of any X11 app.

(In fact, shortcomings in X11 and software that relies on X11 are the main reasons I left Linux in the first place).

I'm with you. Switched from Linux in about 2003, but lately I've been trying to get back into Linux (Ubuntu, as if that matters). I feel like the walls are closing in and I don't like it.

You're not obligated to use Safari, you know.

And I don't. But that isn't the main thing.

I've been using Linux Mint, and can highly recommend it.

> But now I need to manually futz around with flash every two weeks to keep it working ... and now java as well ?

I don't understand how the java plugin is an issue. It's been disabled on all my machines for the last 4 years, and I don't remember any instance where I'd have whished to enable that thing.

In Denmark there is a Government created SSO (NemID) which is required in any interactions with government agencies.

Need to move and update your registered address? Java

Need to file your taxes? Java

Need to check your last paycheck, insurance statement? Java

Want to gamble through the national gambling provider? Java

As stated by others: Need to check your bank account? Java

Same in Germany if you want to file your taxes online.

However, using a java applet to login is slow and painful. Maybe this move my Apple will increase support costs and encourage these govt agencies to drop the java requirement.

There are a variety of things that still use it. VPN services are probably the #1. WebEx and other services like that a close second.

I found out yesterday that songkick's itunes importer is an applet. I think for some things applets may still be the best solution, though of course it's a shrinking market.

You won't find Java/Applets on your usual flyby website hoping to capture you in your procrastination time, nor in one the usual tech sites. However, it's used in many more specialized areas.

Here's a few areas I've used it recently:

* HP integrated Lights Out (i.e. your server appears dead, you fire up a browser, gets a java applet with direct access to the server/bios) * My bank. Seems most online banking here in Europe use java applets. This is a common case. There's millions of people, non-tech people, that wants online access to their bank. * Provisioning a point to point radio link (the management app was a Java webapp - started with java web start, not an applet though)

Some banks rely on Java. Also, I guess a lot of browser-based management of enterprise computing "stuff" runs as a Java applets as well. I've used server and SAN managers that require Java.

Really? If you want these plugins, just do the one-time install when you first encounter the Missing Plug-In message, and then everything will "just work" again. (Well, perhaps you'll have worse battery life and maybe a less secure system.) There's a reason why that error message has a button next to it that makes it really easy to install the missing piece, as opposed to hunting for the right software on the Internet.

Can you be more specific about needing to "manually futz around with flash every two weeks"? I'm guessing you mean software updates, but I have a hard time believing that Flash stops working unless you update it. If you don't value the added security of having Flash updates decoupled from OS X releases, then you can just tell Flash to stop prompting you to update (or better, just tell it to do so automatically).

I'm curious what you're using that requires flash. as far as i can tell, it's pretty much dead. youtube and vimeo both support HTML5, and other than that it's just ads and games.

Youtube HTML5 is experimental and not production quality. Many (most?) videos pop up a "Flash player is required" error when you try to access them even after turning on html5 on.

Probably something to do with ads, random joe videos have a high success rate and videos from the youtube front page low.

Predominately the ones that won't play in HTML5 are the ones with advertising support on, seems YouTube hasn't gotten the ad overlays working properly (or something) and they've not gone full HTML5 yet.

They'll happily serve h264 versions of those to mobile devices, however, so if you enable debugging in safari you can switch the user agent to 'iPad' from the 'develop' menu and the page will reload and work just fine. You don't get the high def options though.

Many are "not available on your device".

I wouldn't say 'many', a while ago that was more true, but recently all the ones I've tried work fine with this trick, whereas only about half the videos play in 'desktop' safari sans flash.

github's "copy url" bit!

Also, there is more video on the internet than youtube and vimeo, there is decent software done in flash (such as balsamiq mockups) and sometimes it's the only way to get to some content.

I have flash disabled with click2play and I end up starting it _at least_ once a day.

> github's "copy url" bit!

That's entirely a limitation imposed by JavaScript not supporting keyboard access. We'd rather not rely on Flash, but we have to in this case.

I guess you mean "clipboard"?

Anyway, I was being facetious, but that does show there are things you can do currently with flash|java|whatever that you can't do with JS.

Obviously I'll be happier when it's possible to do everything only with JS.

Gaming is a front where Flash still ahead of HTML5. HTML5 is getting there but at the moment Flash provides a more integrated solution for developers who want to build web games.

Loads of websites here in Taiwan. While the rest of the world you could say "moved on", that's just not true, other places keep making the same crappy websites like it's 1997...

I have seen a Taiwanese bank's ActiveX(!!) customer support applet just a year ago.

SoundCloud and everything similar, and at least recently, Facebook video - I use Chrome mostly for these two websites.

The biggest users nowadays are probably porn websites, but you still find it every where on little things. Our national weather observatory, for example, uses a Flash based map to show animated forecasts.

OSX still just works, Chrome and Firefox are easy browsers to keep working, there's not really any maintenance required.

That said these are not really reasons to switch operating systems, there's nothing particularly difficult about using chrome or Firefox on Linux, or for that matter, printing.

> But now I need to manually futz around with flash every two weeks to keep it working ... and now java as well ?

Just disable Flash in Safari until Adobe has a Chrome-level automatic update mechanism. I use Chrome for precisely that reason - I haven't had to think about Flash since they started packaging it. I've had Flash disabled in Safari for a long time and almost everything works without it - the only thing I notice regularly missing are the copy/paste convenience helpers on sites like bit.ly.

As for Java, I have exactly one site where I need to run it - the Web100 NDT testers - and that's both a niche case and hardly compelling versus the security considerations of using a product from a recklessly inattentive maintainer.

To be fair, the one thing they don't want to just work is exploits. Neither Flash nor Java has the best security track record. Java lately has been embarrassingly bad: http://arstechnica.com/security/2012/08/critical-bug-discove...

Of course, they were already installing the Java plugin but disabling it by default; not sure why they needed to take the extra step of removing the plugin completely.

Neither Flash nor Java has the best security track record. Java lately has been embarrassingly bad

People say this sort of thing a lot, and obviously with some justification.

However, it's not as if the browsers themselves have a great track record on security either. Firefox had to yank their last update shortly after making it available because of a severe problem, and the update was itself intended to fix quite a few serious security vulnerabilities. Every month we get around to update day for Windows and there are typically a handful of security fixes for IE pushed out. And so on.

It seems fairly clear by now that no-one actually makes a really secure browser yet, with or without plug-ins. It's just a problem that we haven't yet learned to solve, at least not without sacrificing some other benefit that the teams making mainstream browsers value more and choose to prioritise.

If we need independent security tools to keep browsing safe anyway, is avoiding plug-ins any more than a modest improvement?

(And I write this as someone who did once get hit by an undisclosed and unpatched exploit in Java, resulting in a complete reinstall. It wasn't fun. But I don't suppose it would have been any more fun if it had been a zero-day vulnerability in the browser itself.)

You're right.

IIRC, the last non-Java security update I installed updated a bunch of image format libraries to fix exploitable vulnerabilities. We can't even safely decode static image files! I'm not sure how we expect to safely sandbox executable code, whether it's Flash, Java, Javascript, or anything else.

Even so, if Java's currently being exploited on a wide scale and Oracle's not having the greatest luck fixing the problems letting malware in, it seems prudent to direct people away from it unless they really, really need it.

Any well may be poisoned, but if you know this one is you'd avoid it and warn others, wouldn't you?

For me, the odd thing here is that they were already disabling running Java by default, which does a lot to defeat the drive-by download problem. Given that such a mechanism is in place, we already seem to have achieved the main goal you mentioned before: exploits don't "just work".

At that point, making Java "just work as long as you click somewhere to confirm you want it to" seems a reasonable policy to me. As many here have pointed out, reports of the death of Java applets serving useful purposes have been greatly exaggerated.

CUPS these days pretty much "just works" so there goes your other reason...

...if only Java in the browser wouldn't have failed so bad (and it did long time ago, Apple's decision is just a sad reminder of this), we would actually have the "nirvana" of using Python (Jython), Ruby (JRuby), Clojure and more IN THE BROWSER! Same language on the server and in the browser, even on mobile, and the ability for every developer/team to CHOOSE that language from a few option that run on the JVM... (I know we'll have this one day, with languages that compile to Javascript, but... it could have so much more beautiful, another lost "alternate reality", like the ones in which Lisp went mainstream and even OSs were build in it... sigh...)

How dump could Sun and Oracle (I know, the browser Java fight was maybe already lost when Oracle came in...) be not to realize the potential ecosystem that could grow around this? Sigh...

There are several projects that attempt to implement JVM in JavaScript. Doppio [1] seems to be the most mature one. So, we may yet see JVM-based languages in the browser (and without the need for a plug-in).

[1] http://int3.github.com/doppio/about.html

Native Client is the next hope for Python, Ruby, etc. in the browser. Much better than trying to compile an existing language to JavaScript.


Hmm... I just can't imagine either Ms or Apple being friendly towards NaCl as it would basically be a way of drilling more wholes into their boats (like competing with Silverlght or the broader "issue" that webifying desktop and mobile apps would risk making iOS or Windows irrelevant and welcome in even more low-cost Android and Linux solutions... every Desktop/iOS app to browser app transition basically makes these guys loose money one way or another...)

As long as you're willing to tie your compiled code to particular hardware, sure.

The benefit of compiling to JS is that it will Just Work for users as long as they have a web browser, without you having to put up "Oh, get a different hardware device" message.

Microsoft and Apple have to bear some of the responsibility for this as well.

Microsoft, yes, it really made sense for them to be as hostile as possible to Java on all fronts. But Apple? Weren't their Java related decisions too late in the Game to change anyth?...

I don't expect to see much difference in my day-to-day browsing, I can barely remember the last time I encountered a Java applet - most of the time I see them they are some sort of unimportant and old technology demo.

However, I'm of the understanding that in Europe, a lot of bank websites use Java applets as their primary way to do online banking, in which case I can see this decision affecting a lot of people.

Maybe after enough thousands of WebExes get delayed another 15 minutes each, Cisco will take this as a sign.

(WebEx has a totally pointless Java applet that only serves to launch the native client app.)

On the IE side they do this with ActiveX. I always wondered why they did not come up with a simple webex:// uri.

I can barely remember the last time I encountered a Java applet

The very-popular SmartSource coupon website uses Java to enable users to print coupons. That's the only thing my household has needed Java for in the last year, but it's high priority for my wife.

I recommend downloading and installing the Java plugin yourself then :-)

I haven't seen any Java applets among Deutsche Bank, Sparkasse, Raiffeisenbank.

And I haven't seen a Java applet for months. A concert ticket seller had one for seat placement.

I also did not install Flash for Safari, it's a little annoying when you encounter videos, but for that I change into Chrome. A little Safari extention helps to activate html5 videos from youtube and they run smoother than the Flash versions.

There just is an infinite list of things wrong with bank websites aren't there.

Interestingly time.gov/ still requires an applet to run. I often find schools and test centers using them because of its accuracy. Wonder why they still haven't switched to javascript yet, maybe "if it ain't broke, don't fix" mindset.

Timing in javascript is pretty poor. The best accuracy you can get is around 0.5 seconds. Given that many tests and testing sites (and psychological instruments, which is why I know) require millisecond (+-10) accuracy, Java is the best tool for this job. Its a sad day for me, this change, even though we fall back to JS the timing simply is not as accurate. This may change with localstorage and access to system API's, but its not there yet.

http://time.is/ claims to get ±0.011 second accuracy for me, and it appears to use JavaScript.

Yes, but it does this by synchronising with an atomic clock from a server. I would want (do want, actually) to be able to run a js file on the browser of a participant and get accurate timing down to perhaps 50 milliseconds. The joy of java is the applet downloads, makes the timings on the local computer and then sends the results back over the server. Involving the network during the process makes it somewhat unreliable.

I wasn't too worried about this when i read it, but it appears the latest oracle java plugin is not supported on chrome. I get this message from the download page:

"Chrome does not support Java 7. Java 7 runs only on 64-bit browsers and Chrome is a 32-bit browser.

If you download Java 7, you will not be able to run Java content in Chrome and will need to use a 64-bit browser (such as Safari or Firefox) to run Java content within a browser. Additionally, installing Java 7 will disable the ability to use Apple Java 6 on your system."

So now it looks like I'll have to flip over to firefox if I want to use a site that requires the java plugin - kind of a nuisance.

Chrome is only 32-bit? Apparently, yes, at least on the Mac. The issue has been open for 3 years:


"Snow Leopard will be released in less than 2 months. I believe we should start testing a 64bit version of Chrome so it can be ready when SL ships."

Chrome and Dropbox are the last non-64bit process on my machine.

Their argument is YAGNI.

On that issue, don't even get me started with Firefox not having a 64bit version in Linux (not built by the distros)

YAGNI is that kind of dismissive argument that it's not even funny

So then if Apple/MS/a linux distro or somebody else shuts down 32-bit binaries they'll be coming with millions of excuses for their incompetence

Firefox does have an official 64 bit release for Linux since a while:


Great! But why this doesn't appear here? http://www.mozilla.org/en-US/firefox/all.html

Will try this later, as I had to install several 32-bit libs to use the 32-bit version on Fedora 64-bit

Not the worst argument, given that each Chrome tab is its own process.

> Not the worst argument

It is when it's the only process requiring and loading up a slew of 32-bit dylibs.

That's only true if you have a small number of tabs open.

And if none of them were opened using window.open.

And a bunch of other restrictions.

Sensational; Apple planned on passing off Java to Oracle for a while. Oracle now distributes a Java 7 JRE for OS X directly.

The built-in Java was optimized for Retina display and all texts were crisp and sharp. After the update and a manual installation of Oracle's Java Runtime, everything is blurry again.

Completely stupid headline; removing words 2 through 6 (and the comma) would fix it.

I rather appreciated its snarky nature.

I love Apple and their little "surprise, all your users will have to do something to get your app to work today, hope you help desk is staffed!"

And Oracle is no better, making changes as "security updates" that have no pre-release, which is fine in theory but in practice has tended to break our app.

Some online photo printing service sites use funky Java Applets to let you upload image files by picking from thumbnails generated on the client side.

Other than that I can only see this move as a plus for internet security.

I can't remember the last time I used Java on the client side but I'm sure it was hellish.

At the risk of sounding a bit ridiculous, good for them. The less Java, the better.

> The less Java, the better.

That's a pretty broad generalization. As Java+Scala programmer I personally seldom use, see or write Java applets. Advocating against the use of Java in general is just silly however. Java (+other JVM languages) is very well suited to backend systems, and with the addition of modern web frameworks like Play it's pretty good choice for frontend work too. Java (+other JVM languages) is used heavily by companies like Google, Amazon, Twitter etc.

> At the risk of sounding a bit ridiculous

You do indeed sound ridiculous, especially since it's just Apple no longer maintaining their own Java plugin, but letting customers install the official plugin from Oracle, just like customers do for every other major operating system.

Java is a perfectly accpetable language, as long as i can't tell when an app is using it. Server-side java is great, android is great, but as long as shitty programmers keep writing java apps that make use of some awful GUI toolkit and require the user to install a JRE, people are going to keep hating java. In many cases, the fact that an app is java based can be directly blamed for a poor user experience. sure, it's not the language's fault, but it is what it is.

Unlike the previously built-in Java, Oracle's Java plugin doesn't seem to work with Chrome on the Mac due to Chrome being 32 bit. Anyone know a workaround?

There doesn't appear to be one other than "Use Safari"

Doesn't change much, since the earlier change to the OS meant you don't even have Java by default.

I keep Java disabled in Chrome anyway, so no complaints here.

Pretty soon, this URL won't be a 404 - http://www.apple.com/hotnews/thoughts-on-java/

How to enable Java browser plugin again: http://news.ycombinator.com/item?id=4672511.

Consider the sun sanked in the west, they should remove java long time ago.

Java is dead in the browser dear Google/Mozilla please remove it from chrome and firefox also forbid it

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact