Too much badgering

Mozilla performs about turn on Java block after angry user revolt

Lucy Carey
foxie2

Following ill-judged block that annoyed everyone from SMEs to the nation of Denmark, Firefox has reinstated Java.

A lot can happen in a week. Legolas is now
single
, Obama irritated
Merkel
, oh, and after an avalanche of
criticism from irate users, Mozilla has performed an about turn on
a
controversial Java block
in its non-profit Firefox
browser – although they’ve explicitly stated that, like the
Terminator, it will be
back
, albeit in a different form.

Mozilla’s reasoning for the initial block was grounded in
benign – if poorly reasoned – logic. By blocking the plugin and
making it strictly
Click-to-Play
, Firefox users would be protected from
the
security issues
that have dominated Java coverage in the
past year.

Unfortunately the execution of this move left a
lot to be desired. Mozilla did very little to advertise to users
why their Java powered sites had suddenly stopped working. As one
poster put it, “things we used every day simply stopped working,
and we had to dig around to find out what was going on. THAT is why
everyone is upset.  Not because of the attempt to add
security, but because of the moronic way it was done.”

Ultimately, what Mozilla failed to realise it
that, when you’re dealing with an entity as prolific as Java, you
can’t just suddenly shut it down and expect people to carry on as
normal. It would be like closing the metro system of a huge city
down to cut crime on the rationale that everyone could get about
just as well by walking or relying on cabs. And instead of manning
a mass campaign to let users know about it, disseminating teeny
tiny fliers that most people wouldn’t see.

Even Oracle
waded into the melee
, with Software Engineering
Manager Roger Lewis pointing out that, in response to Firefox’s
message that Java 7u45 was vulnerable, many were simply resorting
to using Internet Explorer. He added:
“Many are saying that their solution is to use IE. Searches
for related terms are [through] the
roof,” and the confusion about the
messaging and how to allow Java to run “appears to be a usability
issue.”

As we
reported on
JAXenter
, the decision
to prevent any version of Java from auto-running was made
last week in the wake of a fiendish
SSL-decrypting exploit. By the end of the weekend, the
bug
ticket
was flooded with complaints.

On Wednesday 23rd at 8:40am PDT, Mozilla
updated
the ticket
to notify users that
“the blocks have been reverted.
It’ll take roughly a day or two for most systems to update their
blocklists and have Java working again.”

But although users are happy to have their Java
freely flowing through Firefox again, with comments such as, “Nice
to see sanity restored at  #Mozilla” trickling through the
Twittersphere, Mozilla’s anxiety of the security of Java as a
platform remains.

However, as one commenter pointed out, one
positive upshot of this incident might be that the issue may have
created a dialogue between Oracle and Mozilla “so this problem can
be solved in the correct way.”

This is only a temporary reprieve though.
Mozilla developer Benjamin Smedberg was quick to add that in the
future, Firefox “certainly
will
” be making Java Click-to-Play by default – as
soon as the UI and other plugins are fixed.

He said that, “Whether or not we want to use the
scarier UI is still an open question,” ominously adding that, “When
we decide to re-block,” he’d file a new bug and link it to the
sprawling original ticket.

It remains to be seen whether this issue will
have a big impact on the popularity of Firefox. With many
countries dependant
on Java applets
for
everyday tasks such as online banking, less tech savvy users may
simple switch to other browsers such as Chrome, which at least
makes enabling Java relatively idiot proof.

Rogers noted that Oracle was “in the process of
putting messaging together to instruct users on how to allow Java
to run” in Firefox, but, “Unfortunately such messaging is often too
little too late”.

Author
Comments
comments powered by Disqus