Another Java Attack

There’s another attack on Java via a new zero day flaw. This is why I don’t keep Java enabled in web browsers anymore. If you still do, I’d suggest turning it off. There’s a good chance you won’t miss it.

I’ve yet to get there with Flash, but the day is coming. After the previous post a few months ago, I think I like the idea of a blacklist/whitelist for plugins in general that allow a user to enable them only for specific hostnames. That would make it a bit more intuitive to use plugins when still needed, but gain the security of not having them available for any hostname you happen to stumble upon. The options would be something like:

Enable [plugin name] on [hostname.tld] for:
(This session only)     (Forever)       (Never)

For certain things like YouTube, you could enable Flash forever since Google is rather trustworthy. For other sites, perhaps just the session. For others, maybe never.

Disabling Java In Your Browser

For the past 2 years now I’ve been browsing the web with Java disabled. I’ve had less than 5 situations where I needed to turn it on to do something, and all of those were situations with a limited audience (a very old technical tool, intranet applications). I’m of the opinion you really don’t need it enabled to happily browse the web anymore. I can’t disable Flash yet, but Java I seem to be largely fine without. I still have it on my computer in case I need it, but it’s seldom.

Given the past security issues and the fact that Java is outright annoying UI wise and slow to load, I don’t miss it at all. It served a purpose years ago in a webpage when it was difficult to build apps, but those days are long gone. It’s amazing if you remember Java being used for mouseovers way back when.

Getting ant Working In CentOS 6

I was seeing this error after installing ant on CentOS 6.2 via yum:

$ ant
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/tools/ant/launch/Launcher
Caused by: java.lang.ClassNotFoundException: org.apache.tools.ant.launch.Launcher
	at java.net.URLClassLoader$1.run(URLClassLoader.java:217)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
Could not find the main class: org.apache.tools.ant.launch.Launcher. Program will exit.

Odd, generally yum packages work out of the box. The problem ends up being that ant can’t find ant-launcher.jar The solution is to add the following to your .bashrc

export ANT_HOME=/usr/share/ant
export JAVA_HOME=/usr/lib/jvm/java

Once you do that it should find the necessary jar and work just fine.

Hopefully that saves someone else the hassle of figuring this out.

Loren Brichter On Tweetie

Loren Brichter is the author of the popular Twitter application Tweetie, an iPhone only application until the Mac version was released on Monday. MacWorld has a great little interview with Loren. One thing I really admire is that Loren really understands how to build a good application. Performance, ease of use, simplicity are all taken into account. Not just features and toys.

I thought this particular nugget was the highlight though:

..AIR apps are like modern day Java applets… sure, they run on every platform. But they also suck on every platform.

I’ve yet to find an Adobe AIR application I like even though several have great ideas behind them. Even on Windows, where I presume AIR has the biggest market share they all look strange, the UI is garbage and the performance is abysmal. On the Mac it gets even worse. Creating a Mac theme won’t help as my expectations for a Mac UI are different than they are on Windows or Linux. Java apps have the same issues.

I think this is why more and more “applications” are becoming web based. If your going to feel awkward and unnatural to the user anyway, why even bother with the installation barrier? Why not just be web based so you don’t have to download and install. As awkward as they may be, those that add Adobe Flash tend to make the problem worse by adding more strange feeling UI to their application. Adobe Flash does do good video, it’s a big reason YouTube became popular, but it’s really no replacement for user interface. Hopefully in 2017 when HTML5 is wrapping up we’ll have this problem solved.

WWDC 2008 Analysis

iPhone 3G

The Presentation

As usual I keep tabs on all the major Apple events using pretty much all the top tech sites that run “live blogs” and the like. This year none failed completely though I think they all were overcome with traffic at one point resulting in a failed load attempt. Not bad. This year I threw twitter into the mix. That was pretty interesting itself. Kevin Rose pointed out a decent audio feed. I did this in the background while I worked.

One thing I did note is that the parade of iPhone Apps got pretty painful after a while. Just wanted to yell out “we get it… cool apps built quickly… move on!”. For those who were following along at home, my predictions were mostly right (yay me!).

iPhone 3G

To me, this was really what the announcement was all about, and I’ll explain why a little later. The obvious big gain is the performance of 3G. This will win over a lot of people who just couldn’t imagine paying that much and surfing the web with EDGE. Another awesome addition is GPS support. It’s notable since geolocation is the “next big thing” [I should note update GeoLocateFox... I was ahead of my time]. I suspect there may be a few other goodies under the hood of this new iPhone that have yet to be revealed due to the suspected chipset. If Apple doesn’t unleash the full power, hackers will. Rest assured.

The real big thing here is that the phone is now much cheaper with a much more reasonable amount of storage on board. $299 for the 16GB model and $199 for the 8GB model. This is substantial for a few reasons. Besides obviously saving some cash, it makes the phone suddenly a possibility for people who would have never shelled out the original sticker price.

AT&T’s pricing looks to be $30 for unlimited data. The cheapest Voice/Data combo you could do would be $69/mo. That’s $10 more than it was for the first generation. Presumably that will help curb the cost of the massive 3G upgrades they are doing and subsidizing the iPhone’s hardware costs.

iPhone Apps

Pretty impressive demos from the screenshots I’ve seen. I’m really interested in more basic stuff should I get an iPhone. SSH, FTP, Email that doesn’t suck. I’d prefer to read/write office docs, but I guess I can always use something like Google Docs, which I’m sure will support the iPhone at some point if it doesn’t already.

Rather disgusted that I haven’t seen anything really change in terms of Application distribution or licensing. Apple is still very prohibitive of what it will allow. Don’t hold your breath on Firefox or Java anytime soon.

Apple will let you distribute Apps for free (how kind of them), but you still need to pay $99 to provide a free Application:

Standard Program $99
The Standard Program is for developers who are creating free and commercial applications for iPhone and iPod touch.

How about no charge for Applications with an OSI approved license Apple? Seems fair. No charge, and you get more software to make your ecosystem look more attractive.

Strikes me as pretty lame that a developer needs to pay $99 so Apple will let others use software for free.

  1. Disable download/install functionality.
  2. Charge $99 to distribute applications, even if they are free.
  3. Profit!

MobileMe

I was wrong regarding the use of MobileMe. Sadly it still doesn’t seem to fit the bill for something worth $99. Google provides most of the functionality pretty nicely. I suspect Google Calendar will get some iPhone sync love in the near future. In my opinion would have been better to just partner with Google and offer something really awesome and let Google monetize it. I suspect they didn’t do this because of the whole Android thing.

Jailbreak

Jailbreak is far from dead. The SDK isn’t open enough to kill off Jailbreak. Expect it to live on an coincide with Apple’s efforts for some time to come.

Mac OS X 10.6

Damn you NDA… would someone start leaking the goods ;-) . There’s some basic info out there, but nothing really juicy yet.

Photo Courtesy of Apple

New Java Plugin

There are a few goodies in the new java plugin that will be available for Firefox 3.0 and later that I’m really glad to see:

  • Improved reliability. The JVM running the applet is isolated from the web browser at the operating system level. If something should go wrong while running the applet, or if an uncooperative applet refuses to shut down, the new Java Plug-In detects and handles the error condition gracefully; the web browser is unaffected.
  • Improved user experience. The new Java Plug-In starts applets in the background, so the web browser always remains responsive. Applets appear on the web page as they become ready to run.

A major criticism of java applets has always been their impact on browser performance. This should do a lot to remedy the problem. Another great addition is that you can now use an animated loading gif by using a new image param such as:

<applet archive="large_archive.jar"
          code="MyApplet"
          width="300" height="300">
    <!– Use an animated GIF as an indeterminate progress bar
          while the applet is loading –>
    <param name="image" value="animated_gif.gif" />
    <!– Turn off the box border for better blending with the
          surrounding web page –>
    <param name="boxborder" value="false" />
    <!– Center the image in the applet’s area –>
    <param name="centerimage" value="true" />
</applet>

There’s other great stuff, but these are my personal favorites as they resolve long time gripes. You can find the above plus more in the release notes.

[Hat Tip: Henrik Gemal]