Java has been in the news a lot lately, and not for good reasons. Critical security flaws have allowed hackers to take complete control of PCs, and in-the-wild attacks exposed a problem Oracle went months without fixing.
The latest Java patches to fix critical security flaws came out this week—but that wasn’t enough to persuade everyone that using Java is safe. On Wednesday Apple took the unusual step of using an OS X update to remove a Java plugin from all Mac-compatible Web browsers.
The ongoing problems had already led some security researchers to recommend that users disable Java, at least until specific flaws were patched. We’ve seen in comment threads that many Ars readers have disabled or uninstalled Java on their own computers, or at least disabled Java plugins for browsers.
The question “what is Java still good for?” is sometimes asked in mocking tones, but it shouldn’t be. Despite its flaws, Java has been a success for nearly two decades for good reasons, and all sorts of important applications and infrastructure still run on it. On desktops, applications like WebEx and Minecraft require Java.
Enterprise hardware and software vendors often write their administration tools in Java, so that they work consistently across different platforms. Conversely, IT departments mandate specific Java versions on users' desktops so that everyone can work with the required tools. Changing the version of Java on everyone's desktops requires extensive testing of Java-dependent applications before the company will upgrade to a new Java version—leaving users stuck for long periods of time with on an out-of-date, less-secure version of Java.
A company might end up with a confusing mess of different versions. One Ars reader who works for a 350,000-person company reported having “80 different versions of Java in our environment with over 135 security vulnerabilities among them… In a corporate environment, you have to test each new release of Java with your entire Java dependent application ecosystem.”
What we want to know
The Java question is thus both dependent on your needs at home and on your needs at work—which in this bring-your-own-device world are very much intertwined. With that in mind, here’s what we want to know. Do you run Java at home and/or at work? If you’ve considered disabling Java but decided against it, what were your reasons? What Java-based functionality are you not willing to give up? For those of you who have disabled Java, what made you take the plunge—and have you ever regretted your decision when encountering software that won't run without Java?
Our question is for desktops and laptops only—Java remains an integral part of various network appliances, server-based application infrastructure, and open source big data engines, as well as millions of feature phones running mobile Java apps. That isn’t going to change anytime soon, but the issue of whether to use Java on the desktop is very much in play.
We’re going to monitor the thread and return Monday with a recap of your most interesting comments. Have at it!
reader comments
231