Cgoban being blocked in a future Java security update?

[wineandgolover]

The most recent version of Java 7 is update 51. As far as I know, the ability to add exceptions is not available with older versions.

My Mac update is 45, and claims to be the current version and won't let me update it. Hidden pic follows. Any ideas? There is a chance I told it to skip an update, because I didn't want KGS to fail, but you'd think it would let me update manually.

Anyway, hopefully whatever WMS has done makes it a non-issue. Thanks.

Screen Shot 2014-01-21 at 9.58.32 AM.png (88.94 KiB) Viewed 17415 times

[UnclMartin]

It still is an issue for applet users with the most recent version of Java (7, update 51). In order to run the applet, they have to enter some exceptions as described earlier in this thread.

There is a web page that tests which version of Java someone has. It is at http://www.java.com/en/download/install ... =jre&try=1 . This tests the version used by the Java plug in. Another way to test which version is in use is to open a command window, and enter the command java -version

I once communicated with a user that got different results from those tests. Oracle recommends users have only one version of Java on their machines, and it should be a recent version of Java 7.


http://www.java.com/en/download/faq/rem ... rsions.xml

[Nyanjilla]

My Mac update is 45, and claims to be the current version and won't let me update it. Hidden pic follows. Any ideas? There is a chance I told it to skip an update, because I didn't want KGS to fail, but you'd think it would let me update manually.

So far as I know, that's the latest version for the Mac. But I can't check for myself because I haven't updated to Mavericks (still using AppleWorks--don't laugh).

[rottenhat]

None of this is working for me, I'm afraid - I've added every exception mentioned in this thread but both the client and the applet just hang while loading. Has anyone managed to get this working on OS X Mavericks with Java 7.51?

[xed_over]

None of this is working for me, I'm afraid - I've added every exception mentioned in this thread but both the client and the applet just hang while loading. Has anyone managed to get this working on OS X Mavericks with Java 7.51?

I using Mavericks, and java 1.7.0_45 and don't have any problems (except the usual problems, sound, font kerning, etc). Apple no longer provides Java out of the box -- I had to install it myself. (unless you did an upgrade to Mavericks, instead of new install -- then the OS installer probably tweaked some settings for you that disabled things)

And they don't seem to have a browser plugin for applets, so I had to downgrade to Java 6 for both running the applet and using Java Webstart (I had to find where the OS tweaked the java webstart settings and re-enable them)

Otherwise, I can run the cgoban jar just fine with either version of java on my new Mac. (except when I'm at work, I have to setup an ssh tunnel to my ISP because the corporate firewall has the port blocked)

[xed_over]

Oracle recommends users have only one version of Java on their machines, and it should be a recent version of Java 7.

That's just dumb. As a java developer, I have multiple versions of Java on my machine and use whichever one I need to use to get what ever job done that I'm working on at the time. You properly define JAVA_HOME and your PATH in which ever shell environment you're working in, and away you go.

[UnclMartin]

In this discussion, I am assuming "versions of Java" means "versions of Java Standard Edition."

In making that recommendation, Oracle realizes some developers might need to use older versions in order to debug software using older versions of Java. That is why they offer older versions for download. However, they warn that these older versions should not be used in production, since older versions have security issues.

About a year ago, there was a lot of publicity about serious security issues in Java. In fact, security experts, including some at the United States Department of Homeland Security, recommended disabling the Java plugin or removing Java from computers.

Although some developers might need to have more than one version, I think most users will not need to have more than one version. And having only a recent version is more secure.

[Bantari]

I wonder if most people who sit there and busily download all the newest versions for all the newest stuff they use even know what "security issues" really mean. And what exact security issues is the new versions of the new stuff fixing. Or if they even need it....

Just sayin'...

[uPWarrior]

I wonder if most people who sit there and busily download all the newest versions for all the newest stuff they use even know what "security issues" really mean. And what exact security issues is the new versions of the new stuff fixing. Or if they even need it....

Just sayin'...

1. Users do not need to know exactly what exploit was fixed on what version. Users should not need such technical expertise and, moreover, users might not even be able to know that as the source code is often proprietary.

2. That why these package should automatically update themselves, or at least ask you to. Recent versions of chrome and firefox already update some plugins to the latest version without asking the user (e.g. flash, probably java as well).

In case you are wondering what these security patches fix and the risks of running not up-to-date versions, the most severe usually allow remote code execution, which basically means "full" access to your machine. Others allow privilege escalation which might be even worse in some OS.

[UnclMartin]

None of this is working for me, I'm afraid - I've added every exception mentioned in this thread but both the client and the applet just hang while loading. Has anyone managed to get this working on OS X Mavericks with Java 7.51?

If it hangs while loading, without a dialog appearing (such as giving you a warning and asking if you want to continue), it is likely an unrelated problem.

[rottenhat]

Yes, I get the pop-up window to say that the application is downloading, but the progress bar never advances. Similarly, the applet just sits there allegedly loading (with the spiralling graphic around the Java logo) but never gets anywhere. Any notion what might be the issue? I tried disabling browser extensions to see if that would make any difference but no luck.

[Bantari]

I wonder if most people who sit there and busily download all the newest versions for all the newest stuff they use even know what "security issues" really mean. And what exact security issues is the new versions of the new stuff fixing. Or if they even need it....

Just sayin'...

1. Users do not need to know exactly what exploit was fixed on what version. Users should not need such technical expertise

You are right, of course. Users are just that - users, consumers. They don't need to know nothing, just blindly follow the updates and trust... no, not "trust" - *know!*... that the big corporations releasing the new and improved versions of the stuff they use are always up to par and on the level.

Silly me.
Sorry for suggesting that users should actually benefit from knowing anything. What was I thinking?!?...

[RobertJasiek]

There are different scopes of trust. It is very deep trust to allow a software to autoupdate using administrative or even system privileges. Such an update service can, in principle, spy everything. (Many other softwares actually do it.)

[Javaness2]

Sad to see what is happening to Java these days

To be honest, I just downloaded Java SDK 1.6 and command line from that "java -jar cgoban.jar"
http://stackoverflow.com/questions/6749 ... on-windows

[uPWarrior]

You are right, of course. Users are just that - users, consumers. They don't need to know nothing, just blindly follow the updates and trust... no, not "trust" - *know!*... that the big corporations releasing the new and improved versions of the stuff they use are always up to par and on the level.

Silly me.
Sorry for suggesting that users should actually benefit from knowing anything. What was I thinking?!?...

That's childish. You should know as must as you can. However, you should also know that nobody knows everything and therefore trust is part of living in society. Do you know every ingredient of everything you eat? Do you know what goes into the fuel that the car passing by is using? Do you know if the building you are in is going to come to pieces in a second? You don't. You trust and that is fine because you have the opposite option: if you suspect the java update might do something unintended, then simply don't install it and move on, exactly the same way you wouldn't go into a building you don't trust.