If you care about good journalism, follow the source. This is Engadget aggregating an Ars Technica story. That's fine -- there are good reasons for aggregation -- but if you are going to share on social networks, take the time to click to the original and reward the real reporting -- in this case from Dan Goodin.
They are uninstalling the Apple-provided Java browsing plugin and letting Oracle handle the browser plugin from now on. Sounds good: why keep Java around by default as a potential security hole now that very few sites use it?
They still provide Java for applications like CrashPlan, Minecraft, or JungleDisk which need it.
I was surprised too when they decided to switch, I'm a ten year veteran since RSC, so Java has always been the way I have thought of that game. Even the company name, JaGex, is an abbreviation of 'Java Game Experts.'
I should however clarify, the back end will still be a mixture of Java, with C++ strapped on top where needed.
It was really big for a while, had in excess of 200,000 players on at a time, then poor decisions on part of the company who runs them and being bought out by another company caused the game to be less popular than it was.
Currently it stands at about 110,000-140,000 people on at once per night, which while being no mean number itself, consists of a large number of bots, or computerized players, programmed to perform tasks which generate in game money to be sold to legitimate players on external websites.
The % of bots was said at the last RuneFest to be around the 30% mark, but since most players have used some form of botting program in the past, it is more likely to be around 50%.
Over the years, there has been a lot of turmoil in game, from free trade and the wilderness being removed, to it being reinstated, to the release of pay-for-perks via the squeal of fortune, a relatively new money making venture by JaGex, instigated by the new owners (Possibly named MMG, I can't remember off the top of my head) whereby players can buy spins on a virtual wheel of fortune, with prizes ranging from experience lamps, to 50 coins, to rare items and weapons (in a form which may not be sold) all the way up to 200,000,000 coins (which admittedly is extremely rare.)
The culmination of these changes has resulted in a player backlash, whereby the forums (and not just the 'rant' forum) are constantly filled with topics and players complaining, wishing the game was how it used to be.
Adding to this, several staff who felt strongly about the future of the game, also being players themselves, quit their positions at the company, including the CEO. (There is a much longer story and this is very watered down.)
But to give a proper response: The game is still very much existential, though internally, it is filled with anger and cheating.
I am in no way affiliated with JaGex, I know some of the staff use HN and I don't want to get any of them in trouble, the new owners tend to act first and think later.
OS X is indeed a rather nasty Unix platform right now because Apple in the midst of a long drawn out transition away from GCC. They are shipping a completely outdated GCC and an obsolete libstdc++, yet most libraries are still compiled with that ancient libstdc++.
I tried to use LLVM's libc++ instead but I had to recompile so many libraries and make sure the dynamic linker actually picks them up that it was just too big of a hassle. I don't see light at the end of that tunnel right now.
I'm thinking of giving Linux another try as a development platform.
Apple really follows the tradition of commercial UNIX: An ugly thrown together pile of shit as userland and third party libraries. It's worse now with their fear of GPLv3. But even before GPLv3 there were issues. Sometimes you had to wonder where Apple even got the source for such ancient tools. There were security bugs that had been fixed in *BSD or GNU 10 years earlier.
They are shipping a heavily modified GCC that originally was forked in 2008. The version of GCC they ship is entirely based on LLVM via Clang and is intended to be a hold-over for everything to transition to Clang over LLVM.
I didn't know Microsoft had a stand-alone compiler, but I'm not even sure what such a thing would be used for other than to be embedded in some other software.
How is cygwin any better than a package manager like MacPorts or Homebrew?
If you're having this much trouble with shared libraries, you're doing something quite odd. They're usually less obnoxious than their equivalent .DLL files.
Apple has gone to great lengths to get fully POSIX certified. As far as the libraries go, they're nearly identical to their Linux or BSD counterparts. The number of platform-specific issues you'll have to deal with when using standard versions of the libraries are usually small.
In looking through open source, I always see a lot more of `#ifdef WINDOWS` than I do for anything OS X specific, especially in the networking and threading departments.
A thousand times this. I used OSX at one job where everyone else was too and was appalled at how bad it is for getting work done. It's pretty and shiny but broken by design in terms of usability. Switching windows is a pain in the ass (different shortcuts to 'alt-tab' between windows of the same application), maximizing a window doesn't work properly, no way to change the window manager. Those are just my gripes with the GUI. As parent pointed out, the best way to do *nix-based work on OSX is to run linux on a VM. This throws the 'is unix-like' argument out the window.
So a crap GUI, crippled CLI, very questionable company policies and politics and to top it off it costs twice as much as everything else. You have to be out of your mind to buy into this.
> Switching windows is a pain in the ass (different shortcuts to 'alt-tab' between windows of the same application)
This has been standard for many years: Command-Tab switches applications, Command-` switches windows within an app. If that doesn't work, it's because an application vendor has taken specific measures to break it - something which is possible on any platform and should be reported as a bug.
As for doing Unix work, again, this is just griping: you're blaming OS X for things which you either didn't learn or where the upstream vendor has hard-coded Linux-isms, which is increasingly rare. The combination of the command-line developer tools and homebrew means that for most people running linux in a VM useful only for final validation testing.
Mostly the window switching is weird for people as the metaphor nearly everyone is used to is 'command + tab switches window' whereas OS X is 'command + tab switches application'. I actually prefer it that way, but it's not for everyone.
You won't find Java/Applets on your usual flyby website hoping to capture you in your procrastination time, nor in one the usual tech sites.
However, it's used in many more specialized areas.
Here's a few areas I've used it recently:
* HP integrated Lights Out (i.e. your server appears dead, you fire up a browser, gets a java applet with direct access to the server/bios)
* My bank. Seems most online banking here in Europe use java applets. This is a common case. There's millions of people, non-tech people, that wants online access to their bank.
* Provisioning a point to point radio link (the management app was a Java webapp - started with java web start, not an applet though)
Really? If you want these plugins, just do the one-time install when you first encounter the Missing Plug-In message, and then everything will "just work" again. (Well, perhaps you'll have worse battery life and maybe a less secure system.) There's a reason why that error message has a button next to it that makes it really easy to install the missing piece, as opposed to hunting for the right software on the Internet.
Can you be more specific about needing to "manually futz around with flash every two weeks"? I'm guessing you mean software updates, but I have a hard time believing that Flash stops working unless you update it. If you don't value the added security of having Flash updates decoupled from OS X releases, then you can just tell Flash to stop prompting you to update (or better, just tell it to do so automatically).
Predominately the ones that won't play in HTML5 are the ones with advertising support on, seems YouTube hasn't gotten the ad overlays working properly (or something) and they've not gone full HTML5 yet.
They'll happily serve h264 versions of those to mobile devices, however, so if you enable debugging in safari you can switch the user agent to 'iPad' from the 'develop' menu and the page will reload and work just fine. You don't get the high def options though.
The biggest users nowadays are probably porn websites, but you still find it every where on little things. Our national weather observatory, for example, uses a Flash based map to show animated forecasts.
> But now I need to manually futz around with flash every two weeks to keep it working ... and now java as well ?
Just disable Flash in Safari until Adobe has a Chrome-level automatic update mechanism. I use Chrome for precisely that reason - I haven't had to think about Flash since they started packaging it. I've had Flash disabled in Safari for a long time and almost everything works without it - the only thing I notice regularly missing are the copy/paste convenience helpers on sites like bit.ly.
As for Java, I have exactly one site where I need to run it - the Web100 NDT testers - and that's both a niche case and hardly compelling versus the security considerations of using a product from a recklessly inattentive maintainer.
Neither Flash nor Java has the best security track record. Java lately has been embarrassingly bad
People say this sort of thing a lot, and obviously with some justification.
However, it's not as if the browsers themselves have a great track record on security either. Firefox had to yank their last update shortly after making it available because of a severe problem, and the update was itself intended to fix quite a few serious security vulnerabilities. Every month we get around to update day for Windows and there are typically a handful of security fixes for IE pushed out. And so on.
It seems fairly clear by now that no-one actually makes a really secure browser yet, with or without plug-ins. It's just a problem that we haven't yet learned to solve, at least not without sacrificing some other benefit that the teams making mainstream browsers value more and choose to prioritise.
If we need independent security tools to keep browsing safe anyway, is avoiding plug-ins any more than a modest improvement?
(And I write this as someone who did once get hit by an undisclosed and unpatched exploit in Java, resulting in a complete reinstall. It wasn't fun. But I don't suppose it would have been any more fun if it had been a zero-day vulnerability in the browser itself.)
Even so, if Java's currently being exploited on a wide scale and Oracle's not having the greatest luck fixing the problems letting malware in, it seems prudent to direct people away from it unless they really, really need it.
Any well may be poisoned, but if you know this one is you'd avoid it and warn others, wouldn't you?
For me, the odd thing here is that they were already disabling running Java by default, which does a lot to defeat the drive-by download problem. Given that such a mechanism is in place, we already seem to have achieved the main goal you mentioned before: exploits don't "just work".
At that point, making Java "just work as long as you click somewhere to confirm you want it to" seems a reasonable policy to me. As many here have pointed out, reports of the death of Java applets serving useful purposes have been greatly exaggerated.
How dump could Sun and Oracle (I know, the browser Java fight was maybe already lost when Oracle came in...) be not to realize the potential ecosystem that could grow around this? Sigh...
Hmm... I just can't imagine either Ms or Apple being friendly towards NaCl as it would basically be a way of drilling more wholes into their boats (like competing with Silverlght or the broader "issue" that webifying desktop and mobile apps would risk making iOS or Windows irrelevant and welcome in even more low-cost Android and Linux solutions... every Desktop/iOS app to browser app transition basically makes these guys loose money one way or another...)
I don't expect to see much difference in my day-to-day browsing, I can barely remember the last time I encountered a Java applet - most of the time I see them they are some sort of unimportant and old technology demo.
However, I'm of the understanding that in Europe, a lot of bank websites use Java applets as their primary way to do online banking, in which case I can see this decision affecting a lot of people.
I haven't seen any Java applets among Deutsche Bank, Sparkasse, Raiffeisenbank.
And I haven't seen a Java applet for months. A concert ticket seller had one for seat placement.
I also did not install Flash for Safari, it's a little annoying when you encounter videos, but for that I change into Chrome. A little Safari extention helps to activate html5 videos from youtube and they run smoother than the Flash versions.
This may change with localstorage and access to system API's, but its not there yet.
Yes, but it does this by synchronising with an atomic clock from a server. I would want (do want, actually) to be able to run a js file on the browser of a participant and get accurate timing down to perhaps 50 milliseconds. The joy of java is the applet downloads, makes the timings on the local computer and then sends the results back over the server. Involving the network during the process makes it somewhat unreliable.
I wasn't too worried about this when i read it, but it appears the latest oracle java plugin is not supported on chrome. I get this message from the download page:
"Chrome does not support Java 7. Java 7 runs only on 64-bit browsers and Chrome is a 32-bit browser.
If you download Java 7, you will not be able to run Java content in Chrome and will need to use a 64-bit browser (such as Safari or Firefox) to run Java content within a browser. Additionally, installing Java 7 will disable the ability to use Apple Java 6 on your system."
So now it looks like I'll have to flip over to firefox if I want to use a site that requires the java plugin - kind of a nuisance.
That's a pretty broad generalization. As Java+Scala programmer I personally seldom use, see or write Java applets. Advocating against the use of Java in general is just silly however. Java (+other JVM languages) is very well suited to backend systems, and with the addition of modern web frameworks like Play it's pretty good choice for frontend work too. Java (+other JVM languages) is used heavily by companies like Google, Amazon, Twitter etc.
> At the risk of sounding a bit ridiculous
You do indeed sound ridiculous, especially since it's just Apple no longer maintaining their own Java plugin, but letting customers install the official plugin from Oracle, just like customers do for every other major operating system.
Java is a perfectly accpetable language, as long as i can't tell when an app is using it. Server-side java is great, android is great, but as long as shitty programmers keep writing java apps that make use of some awful GUI toolkit and require the user to install a JRE, people are going to keep hating java. In many cases, the fact that an app is java based can be directly blamed for a poor user experience. sure, it's not the language's fault, but it is what it is.