Java 7 Update 21 Security and Application Signing

Miscellaneous Topics
#1

Interesting development on the security front:

APPLET and APPLICATION seem to be used somewhat interchangeably in the above. I’m assuming this applies to both, and that it means from now on, an old JRE will only execute applications/applets that are signed with a traceable certificate. Considering the number of updates recently and that JREs now have a built in expiry date (I assume this does something - obviously not checked), maybe it’s time to buy a proper certificate. Can’t really justify the expense though. Probably I’ll just carry on as normal and insist on the latest JRE. Incidentally, there’s now little point in writing code for an older JRE, so as to get a larger user base (unless signing with a traceable cert).

Ho Hum. Lets go install and take a look.

#2

The new update appears to break the keyboard routine I’ve used for this years (and previous) Java4k games (at least on OSX). It looks like I’m not detecting Key Up events any more. Maybe I’ll go for a reboot, just in case my computer is confused.

Incidentally the unsigned applet warning box still comes up and now has red text warning that the applet is a security risk.

Edit: None of my recent Java4k games works on OSX now (Falcon4k, Assassins4k, Mage Wars and Die Z are all broken). I guess I’ll have to upgrade my PC later and check that too. Bother - that was a really minimal key handler. Can I be bothered to update the older programs? Might do Mage Wars and Die Z as they were both built on my current Java4k tool chain. Not sure whether to do the others. Bother Bother and bother.

I haven’t checked my really old entries Frag4k and Speed4k, but they used a different keyboard handler, so might still work.

Edit2: None (that is no ones, not just mine) of the old webstart stuff loads anymore on my Mac, possibly needs an update to the jnlp files. So in summary, none of my stuff on Java4k works anymore, at least on OSX. I think I’ll contain my excitement and check whether it works on the PC this evening.

#3

KEY_RELEASE: It’s a bug. First seen on Firefox. Now also on Safari. I installed a Safari update at the same time as the Java update and that is probably the cause of the lack of KEY_RELEASE events. It isn’t clear how to work around this.

Also look down at comment 13, which fingers the latest version of Safari as similarly bugged.

#4

Oracle seems to be on a poorly communicated security lock down warpath. LiveConnect also has some hammering done on it, as this thread is testimony to:

https://forums.oracle.com/forums/thread.jspa?threadID=2525685

#5

I updated my PC, and java just hangs. Uninstalled it and Java 6 worked Ok. Installed Java 7 SDK including JRE and again nothing works. Admittedly my PC is full of stuff so there’s probably an incompatability somewhere. Overall it’s been a terrible day w.r.t java. It’s enough to make me turn to Flash :persecutioncomplex:

Edit: Reverted to Java 7 Update 17:

#6

Presumably only applets and webstart are affected / hanging?

#7

Sorry, but I didn’t check command line.