What OS is not business critical ready?

http://news.msn.com/science-technology/apple-blocks-java-on-macs-due-to-vulnerabilities?ocid=ansnews11

I cannot believe this. What a pack of amateurs.

Anyone care to explain how this is ok with anything? How many businesses are out of business today from this flippant unprofessionalism?

Seriously. Apple blocks Java on all devices.

Insane.

"earlier this month the U.S. Department of Homeland Security recommended disabling Java in Web browsers to avoid potential hacking attacks. Oracle Corp., which owns Java, has issued updates that fix known vulnerabilities, but the DHS expects that there are more flaws in Java's coding."

So is Microsoft going to block all Java?     It would be very stupid I believe.

18 minutes ago, JohnAskew wrote

So is Microsoft going to block all Java?     It would be very stupid I believe.

No. Java is made by another company (Oracle), and if Microsoft started playing Shenanigans to disable Oracles' software for clients that depend on it, they might get sued for unfair business practices by both Oracle (because Microsoft is unfairly depriving them of customers) and by the customers (because Microsoft is unfairly disabling their business critical apps).

That said, I'm pretty sure everyone at Microsoft would strongly advise companies to consider alternatives, but that's an entirely different ball game.

Normally when we hear about a security flaw we read the initial write-up that doesn't give anything away and we note who or how it was discovered.  It seems most are discovered by researchers who do this for a living.  So generally it takes a while before the exploitation has been used in the wild and has grown in usage.  Usually a security patch is released before or shortly after any significant pickup in usage occurs.

Over the last couple of years, with Java it seems like it has shown a pattern of repeated early stage wide spread exploitation.  Something about that seems very different from the past.

@evildictaitor: How can MS and apple be so different in terms of reaction? One is responsible and the other not? I just learned of all of this mess today. Apple apparently blocked Java 1.7 earlier then Oracle patched it and they turned it back on, then they found only one of two issues were patched and then turned it back off... workaround includes reverting to Java 1.6, but really... wow.

I say good for them. Java on the client is a scourge and the sooner people reconsider their reliance on it the better.

For all the businesses using and developing java based applications, it just seems shocking to block it without any warning. Just think about how much time it would take to drop everything and develop in a different language in a business world full of already tight schedules... it's just insane.

@JohnAskew: because Windows has 90% of desktop market share and Apple does not.

Honestly, as much as I abhor Java, I am rather stunned by Apple's decision.  If I were a business using an Apple product, this would make me think twice.  Some of the more ignorant home-users or Apple apologists might cheer them on for the decision, but for a company whose infrastructure might rely (depressingly) on Apple + Java, you just slammed the door in their faces.

Yeah, Apple could have warned people they were going to do this. But, apparently the block can be disabled. Or one can use a different browser that doesn't use Mac OS's XProtect list mechanism.

57 minutes ago, magicalclick wrote

@JohnAskew: because Windows has 90% of desktop market share and Apple does not.

And 99.99% of the business desktop share.

And for those that don't like it, this type of reaction is one of the reasons why it has 99.99% of the business desktop share.

15 minutes ago, evildictait​or wrote

*snip*

And 99.99% of the business desktop share.

And for those that don't like it, this type of reaction is one of the reasons why it has 99.99% of the business desktop share.

QFT

2 hours ago, gcorcoran wrote

For all the businesses using and developing java based applications, it just seems shocking to block it without any warning. Just think about how much time it would take to drop everything and develop in a different language in a business world full of already tight schedules... it's just insane.

Hardly without warning: the way I read it, Apple just reverted a previous decision to re-enable Java after finding out that Oracle's patch was only partially effective.

I'm not an apologist of Apple's tactics, but this time they are kind of justified by Oracle's incompetence.

1 minute ago, Blue Ink wrote

I'm not an apologist of Apple's tactics, but this time they are kind of justified by Oracle's incompetence.

I'm not sure a bank who can't make any money today because all of their trader's java application just stopped working on all of their Macs will see it the same way.

Disabling people's software should only be done by consent of the user. Remotely crippling someone's machine under the guise of a security patch makes people less likely to install security patches in future (putting them at more risk), and means that your platform isn't suitable for running in an environment where being able to use your company's application today is important.

@evildictaitor: Presumably there must at least be some way for the end user to override this behaviour?

If I were an Apple user right now I'd be worried that anyone (Apple included) can remotely mess with my machine without my express consent. That's scary as anything.

Hell, Firefox is doing "trust" as well. Because it blocks Java and Silverlight while allow Flash to be used which is top 10 worst software with tons of security holes.

28 minutes ago, magicalclick wrote

Hell, Firefox is doing "trust" as well. Because it blocks Java and Silverlight while allow Flash to be used which is top 10 worst software with tons of security holes.

Click-to-Play is not really the same.