Ubuntu automatically removing Java from systems

There have been many changes ever since Oracle purchased Sun Microsystems nearly three years ago. Back in August, Oracle retired the “Operating System Distributor License for Java,” meaning companies are no longer allowed to make the package available for distribution. Now Canonical, the company that runs the Ubuntu Linux project, has disabled the Oracle JDK browser plugin on all Ubuntu machines and will soon remove the packages from the archives.

The company states that disabling the plugin will help improve security because there are many exploits in the wild that will affect the software. While this is true, the real question is whether users want a third party disabling software that is running on their systems. While the removal isn’t exactly automatic, it’s close: “The Sun JDK will be removed from all users machines when they do a software update.” Apple and Google have already used similar functionality to remove questionable software installed on phones and tablets, but most people view a PC, and especially UNIX-based systems, differently.

When the Oracle JDK (previously Sun JDK) was deprecated back in August, it signaled the fact that OpenJDK was the new standard and is in fact installed by default on Ubuntu as well as other operating systems. Overall this will be a good thing for the OSS community; we just question whether Ubuntu is making any friends with its forcible disabling of already-installed versions of the previous software.

Report a problem with article
Previous Story

Microsoft registers SkypeSexFinder.com

Next Story

Survey: Europeans don't show a lot of interest in Lumia

59 Comments

Commenting is disabled on this article.

Sounds like Oracle is intent on getting Java off of as many computers as the can. Finally an Oracle ideal I can get behind.

M_Lyons10 said,
Sounds like Oracle is intent on getting Java off of as many computers as the can. Finally an Oracle ideal I can get behind.

+1

Benda said,
Java sucks, end of story. Primary method of exploiting Windoze boxes.

Experience? Evidence? Have you actually used it? If not you have no ground to say that it sucks.

Anthonyd said,

Latest MS report shows that "one-half of all exploits observed were Java exploits" of Windows attack are from JAVA.
http://blogs.technet.com/b/sec...ll-software-up-to-date.aspx

Its only because Java is very common nowadays and a lot of people use it. Not necessarily because Java itself is insecure. Its no surprise that people use it for the wrong reasons when so many people use it.

Its just like Mac's and Windows. Mac's are not more secure than Windows machines, but less people use them so there is less malicious software for them.

Benda said,
Java sucks, end of story. Primary method of exploiting Windoze boxes.

FUD like this is what is hurting Java.

take ANY software / OS and repeat forever:
{
Exploit Found
Patch Exploit
}

Ryano121 said,

Its only because Java is very common nowadays and a lot of people use it. Not necessarily because Java itself is insecure. Its no surprise that people use it for the wrong reasons when so many people use it.

Its just like Mac's and Windows. Mac's are not more secure than Windows machines, but less people use them so there is less malicious software for them.

Um, NO...

Java usage on Windows PCs is down by massive numbers compared to 10 years ago even.

Java is used on Windows7 as an exploit vector because it is the most insecure accessible piece of software to the web.

When Windows Vista and IE7 then adding Windows 7 and IE8/9 - got a heck of lot more secure, closing even theoretical holes, the malware industry moved in a couple of directions... 1) More User/Social engineering 2) Attack unsecure web accessible code, like JAVA and Flash, and now the insane WebGL 3) Target Linux and non-monitored systems for bots, this why Linux based routers and Linux servers using its own 'open source' code against itself to become key tools used by large hackers like Anonymous and others.

So this is why JAVA malware is on the rise, not because it is used more on desktop PCs.

Java's site boasts "Used in 3Billion Devices" what they don't tell you is PCs are not a dominate portion of this number, as they are including the JAVA based phones and other devices used over the past years.

thenetavenger said,

Um, NO...

Java usage on Windows PCs is down by massive numbers compared to 10 years ago even.

Java is used on Windows7 as an exploit vector because it is the most insecure accessible piece of software to the web.

When Windows Vista and IE7 then adding Windows 7 and IE8/9 - got a heck of lot more secure, closing even theoretical holes, the malware industry moved in a couple of directions... 1) More User/Social engineering 2) Attack unsecure web accessible code, like JAVA and Flash, and now the insane WebGL 3) Target Linux and non-monitored systems for bots, this why Linux based routers and Linux servers using its own 'open source' code against itself to become key tools used by large hackers like Anonymous and others.

So this is why JAVA malware is on the rise, not because it is used more on desktop PCs.

Java's site boasts "Used in 3Billion Devices" what they don't tell you is PCs are not a dominate portion of this number, as they are including the JAVA based phones and other devices used over the past years.


its insecure because people are idiots. for years already, if a website wants to use java... you have to press this little button which says 'YES' to do so.

Java is easy to code and great for cross platform projects however horribly insecure by design... No matter Oracle updates it; it won't change this reality...

sanke1 said,
I would delete java if JDownloader switches from it to something else.

ever tried a non-Java alternative?

dotf said,
Well I uninstalled Java for Windows once Oracle started bundling the Ask.com toolbar.

So, you are admitting to being too stupid or lazy to uncheck a box during installation?

QUAD2500K said,
javas like net framework a resource/cpu hog

And I assume you've developed apps for many years using both to know that, right?

QUAD2500K said,
javas like net framework a resource/cpu hog

Wow... really?

WP7 is faster than Android and iOS because of its .NET OS platform base. Explain how much of a resource hog .NET is again?

As for .NET performance, you realize that even parts of DirectX since 9.0b have been written in managed .NET code.

Maybe back in 2001, when 128mb of RAM was a lot, .NET was resource intensive, today, it is a drop in the bucket and .NET interpretive code is often as fast and sometimes faster than native C++, especially in efficient handling of more modern true object oriented principles unlike object 'based' C++.

As for Java, it can be a bit more efficient than what the world sees; however, the current main JAVA implementations from Sun to Android's Dalvik variation are horrible. The last 'fast' JAVA was Microsoft JVM, adopting Microsoft JIT techniques, which Sun and others when on to incorporate.

However, Sun decided Microsoft was trying to take over JAVA, and killed it to prove a point.

And Oracle-Sun is insane leading crazy insane...

thenetavenger said,

unlike object 'based' C++.

C++ is not object based, but object oriented! JavaScript and Visual Basic are object based.

england_fanboy said,
Java is horrible. C++ and Qt FTW.

Yeah you wait until you get a memory leak in C++ and spend days figuring out where it came from. At least in Java you can spend your time a little more productively - actually making something - instead of fixing something that really shouldn't be a problem in a modern language.

Ryano121 said,

Yeah you wait until you get a memory leak in C++ and spend days figuring out where it came from.


Anyone that produces memory leaks in modern C++ proves that he doesn't understand basic concepts like RAII and deterministic destruction and should therefor be shot right in the face for hurting the reputation of C++!

england_fanboy said,
Java is horrible. C++ and Qt FTW.

C# FTW

(The only thing holding it back that it is mostly Win only)

MFH said,

Anyone that produces memory leaks in modern C++ proves that he doesn't understand basic concepts like RAII and deterministic destruction and should therefor be shot right in the face for hurting the reputation of C++!

I would rather code quickly that pause and think about about manual garbage collection and stuff like pointer casting (In Java essentially everything is a pointer, so you only need to understand some basics to code efficiently).

_Heracles said,

I would rather code quickly that pause and think about about manual garbage collection and stuff like pointer casting (In Java essentially everything is a pointer, so you only need to understand some basics to code efficiently).

See. if you really understand C++ and RAII there is no need to think about memory management, in fact there is no reason to think about resource management - opposed to all those garbage collected languages that only care about memory and need the programmer to manage other resources (e.g. file handles, database connections, handles into native DLLs,…)

I prefer a language where I don't have to manually call "Dispose" to make sure I don't leak something. IMHO stuff like IDisposable is a perfect example why Java and .NET are still to some extend broken by design. Why do I as user of a class have to think about how to release resources? That's the task of the writer of the object!

_Heracles said,
As long as they kill off the pile of poo called OpenJDK.

OpenJDK is meant to replace Sun Java SDK from version 7 upwards.

XerXis said,

OpenJDK is meant to replace Sun Java SDK from version 7 upwards.

What a dumb decision.
It is not even compatible with Oracle JDK 1.7!

To be fair, anything that helps kill off Java is fine by me. There are far better alternatives out there and they don't suffer from the serious raft of security issues that accompanies Java.

theyarecomingforyou said,
To be fair, anything that helps kill off Java is fine by me. There are far better alternatives out there and they don't suffer from the serious raft of security issues that accompanies Java.

That not going to happing anytime soon in fact it most like never happing.
This all about Java Development Kit "JDK" which reg user don't need install we reg user only need the Java Runtime Environment "JRE".
One of biggest reason why linux is a failer is becuases in order to install some apps you have to re-compile some apps which means you have to install all development crap in order get some apps to works.

SHS said,

That not going to happing anytime soon in fact it most like never happing.
This all about Java Development Kit "JDK" which reg user don't need install we reg user only need the Java Runtime Environment "JRE".
One of biggest reason why linux is a failer is becuases in order to install some apps you have to re-compile some apps which means you have to install all development crap in order get some apps to works.

Java essentially lost any possibility of being a true solution and did die the day Sun won against Microsoft...

Cut off your nose to spite your face was achieved.

KomaWeiss said,
People still use Java?

Why not? There may not be many client applications written in Java or Applet (one of the BitTorrent clients is written in Java, but I cannot think of another app now), but I am quite sure that many people are still writing server-side systems in Java (or languages that run on JVM).

KomaWeiss said,
People still use Java?

Are you really asking this question? Just because not many consumer apps are visibly written in Java doesn't mean it's not being used. In my industry (web and server applications development) Java is quite healthy, strong and not really going anywhere in the near future.

KomaWeiss said,
People still use Java?

Uh... Yea... Heard about Minecraft? Done in Java...
Java is an easy way to have your application support multiple platforms.

KomaWeiss said,
People still use Java?

People still use Ubuntu? (based on unstable branch, fugly UI, and so).
There are many Linux alternative, Ubuntu has become one of the worst of all time.

Leonick said,

Uh... Yea... Heard about Minecraft? Done in Java...

Which was one of the worst choices ever made.

htcz said,

Which was one of the worst choices ever made.

Hardly. It likely wouldn't exist otherwise and the time between updates would be trippled but yeah.

All languages have their pros and cons - people find it fun to bash things they don't understand.

htcz said,

Which was one of the worst choices ever made.

You joking right?
SAME EXACT CODE works on Linux, Mac, and Windows.
How is that a bad?!

KomaWeiss said,
People still use Java?

Yep, in fact the last year it has been the #1 entry point for malware on Windows 7.

It is wonderful stuff, *cough*...

Java's the language most universities teach in early Computer Science courses. It's (unfortunately) not going anywhere any time soon.

Simon said,
Java's the language most universities teach in early Computer Science courses. It's (unfortunately) not going anywhere any time soon.

It's often the only language they teach, which is quite bad considering how backwards Java is…

And to add, it won't matter anyway because IcedTea has been on ubuntu for years, is fully open-source and can basically directly replace java with not much difference.
You don't get java installed by default on windows, so why does this even matter so much?

It's not 'removed automatically' in the same way a phone removes software at all, this article is a load of crap.
They're removing java from the repos, so it won't be hosted on any default ubuntu repos anymore, and when the software detects that, it thinks 'oh, this isn`t supported anymore and has been replaced with something else, so remove this old package' and it'll remove the package IF it was installed from the default ubuntu repos using the gui or cli install tools.

If you've downloaded it from a different repo or not using ubuntu's default tools - nothing will change. This happens regularly with sabayon, packages get renamed or moved to unstable repos and suddenly get removed.

Help improve security because there are many exploits in the wild that will affect the software? I thought the almighty Linux was supposed to be virus-free and like a wonderland full of candy and rainbows.

fsX said,
Help improve security because there are many exploits in the wild that will affect the software? I thought the almighty Linux was supposed to be virus-free and like a wonderland full of candy and rainbows.

Well part of the reason why Linux is so secure is because the vendor takes proactive steps like this to prevent security holes from opening up. Canonical did the right thing here, Oracle (Sun) won't let them bundle Java anymore, so instead of allowing it to stay on the systems without any method of fixing any security holes that may be found in the future, they are taking it off completely to avoid leaving potentially vulnerable software dormant with no recourse of applying security updates if an issue is found.

Canonical have taken a page from a classic lesson from history. Microsoft made Microsoft Java VM while Sun made Sun Java VM. Sun sued Microsoft to stop making their own Java and was won. Microsoft stopped making Java but still allowed it to be installed. Security holes were found in Microsoft Java VM. Sun sued Microsoft again because Microsoft Java VM had security holes (which they are not allowed to fix because of previous court ruling), Microsoft was forced to stop allowing Microsoft Java VM to be installed due to the security holes.

KomaWeiss said,

Security issues of an application such as exploits, etc doesn't have anything to do with a virus. Go away failtroll.

that doesn't mean linux can't have viruses.

An exploit in a web browser (or web browser plugin) could be used to infect a user profile, and then add the malicious payload to every executable or package write-accessible to the user. Even if the user is not root, a virus can infect packages downloaded by the user before he installs them (as root or not) or shares them with another user, or better, infect directly the source files of a developer project, or source files contained within a non bin package.

Stop thinking that browser exploits are not dangerous on linux, or that there can't be any malware/virus. Malwares can do as much damage as they do on a windows limited user accound. If someone thinks it is actually interesting to write a malware to target <1% of the user base, there is no magical protection in unix/linux that will prevent him from doing so.

fsX said,
Help improve security because there are many exploits in the wild that will affect the software? I thought the almighty Linux was supposed to be virus-free and like a wonderland full of candy and rainbows.

I'd say it's more like a crippled hipster. Different just because but ultimately ****ing useless.

KomaWeiss said,

Security issues of an application such as exploits, etc doesn't have anything to do with a virus. Go away failtroll.


android is a linux distro, yet its litterd with virusses =)

see what happends when a linux distro gets popular enough -> Android =D