I've never seen the necessity to use Java (Javascript is another matter). I don't think I've ever installed it. I think getting rid of it is a wise move.

Kit

Site deployment is becoming more of a minefield everyday. Several corporate entities, probably some of which you will deal with, have had some real trouble revitalizing and redeploying orginal websites.

An example is ecommerce security and shopping carts. Without certain structure implementations, and this could possibly include Java, your site experience will become a disaster if you have decidely chosen to not deploy what the site expects.

Thanks John. It found one needing update and one for security.

Now, do you have a piece of software, that I could run, that could tell me what GPU and Driver I need to run VP12 with GPU activated? That would be great indeed.

G

We made a corporate decision about 6 months ago to rid all Java from all use enterprise-wide. The security issues with Java have been severe and snowballing for many years. But, that wasn't what prompted our decision. There are several different and incompatible Java run-time environments and we got ourselves into several corners where some software required one version while other software required another, and they all looked for it in the default install location so we couldn't even run multiple environments simultaneously. Checking various fora of the Java development community turned up thunderstorms of controversy and despair with no solutions.

Well, we found a solution : replace anything that runs or requires Java with other open-source applications that don't. There's a whole world of support ready to help in that endeavor!

Unfortunately there's still one commercial enterprise-grade back-end application we use that is 100% Java. We moved that one over to it's own isolated, firewalled, secure server and are still searching for a replacement. Web-browser front-end based Java though? I don't think anyone in the company or at home has used it in several years.

I don't install anything that requires Java. I got burned with it several years ago and it has always been a security risk.

Dave T2

A good friend and collaborator held employee #26 (iirc) at Sun. He was fired, rehired, and stayed until the Oracle takeover. Walked and never looked back. Nothing is forever.

The ironic thing about all this is that back in 1995, Java started out as the only safe environment that was sandboxed so that there was no way it could physically affect a computer. The file system wasn't even available to browser applet container!. Had there been a strong leader at the helm of Java development, I'm sure it would still be the safest environment to run, but once you start "designing by committee" you are bound to achieve mediocrity pretty quickly. It's really sad how something that was designed with security in mind has lost it's way.

~jr

I have two sites that need java, but only two. I've been told by some web programmers it's the only true multi-os & browser way to do things.

Let's not forget something here: we knew about this right away and for some reason DHS said to disable Java. I don't see that as their job, but either way, FBI didn't say don't buy Sony CD's when a rootkit was included on their disks (and that would of been a bigger issue then this). DHS doesn't say not use Windows because IE is one of the most popular things for a hacker to use. DHS doesn't say don't use your CC on line or at stores because 99.9% of all CC thefts occur when you use it, not id theft. DHS doesn't say

IMHO this was a panic initiated by DHS for some reason and it's not their job to handle stuff like this. It was taken care of a couple days after it was found (Sony rootkit CD's are still out there in circulation). Oracle specifically says it only affects Java 7 (I'm using 6.29) and only on the user end, everything else is fine (DHS wouldn't want people panicking with their portable devices or BD players, eh). This is no bigger deal then when a potential issue is found with IE, FireFox, Mac OS, Windows, etc. It's just that a POTENTIAL loophole has been told to every 'net sleezebag in existence and instead of the 1% that would know, DHS lets 100% of them know. A two day wait would of patched the bug.

Strange how DHS considers this important enough to warn people about something specific, but if warning people that a bomb is thought to be in a very specific part of a country (like a city) they issue a general warning about something might be wrong in some place unspecific because they don't want a panic.

Many STATE websites for things like tax filing REQUIRE Java script to be enabled. And in New York state (for example) they have been systematically eliminating a paper filing option and forcing you to enable JAVA or risk penalty for tax avoidance.

Solution: Enable it when you file then disable or uninstall it afterwards.

John

Java, or JavaScript? They are two completely different things with no relation at all.

Pardon late return and reply to this thread I initiated -- and thanks to all of your input.

From your responses, I'm going to keep Java disabled. I'm not going to uninstall it for as Craftech pointed out, government sites can tend to use it. Example:

The last time I had jury duty, I had the option to do the jury orientation online -- a roughly 45 min. click-through videos, etc. process. Social Security may or may not use Java too. So in that sense its understandable that DHS would step in. Was/is their reaction overkill? Dunno. But it never hurts to err on the side of caution.

But as stated earlier, I have as of yet not run into any site I use on a regular basis that has given me any problems since I've disabled it.

And, indeed, Javascript is a totally different animal. I have to use it at my own tiny site, such as JW video players and fixed site background image script.

~ Philip