Too much badgering
Mozilla performs about turn on Java block after angry user revolt
A lot can happen in a week. Legolas is now single, Obama irritated Merkel, oh, and after an avalanche of criticism from irate users, Mozilla has performed an about turn on a controversial Java block in its non-profit Firefox browser - although they’ve explicitly stated that, like the Terminator, it will be back, albeit in a different form.
Mozilla’s reasoning for the initial block was grounded in benign - if poorly reasoned - logic. By blocking the plugin and making it strictly Click-to-Play, Firefox users would be protected from the security issues that have dominated Java coverage in the past year.
Unfortunately the execution of this move left a lot to be desired. Mozilla did very little to advertise to users why their Java powered sites had suddenly stopped working. As one poster put it, “things we used every day simply stopped working, and we had to dig around to find out what was going on. THAT is why everyone is upset. Not because of the attempt to add security, but because of the moronic way it was done.”
Ultimately, what Mozilla failed to realise it that, when you’re dealing with an entity as prolific as Java, you can’t just suddenly shut it down and expect people to carry on as normal. It would be like closing the metro system of a huge city down to cut crime on the rationale that everyone could get about just as well by walking or relying on cabs. And instead of manning a mass campaign to let users know about it, disseminating teeny tiny fliers that most people wouldn’t see.
Even Oracle waded into the melee, with Software Engineering Manager Roger Lewis pointing out that, in response to Firefox’s message that Java 7u45 was vulnerable, many were simply resorting to using Internet Explorer. He added: “Many are saying that their solution is to use IE. Searches for related terms are [through] the roof,” and the confusion about the messaging and how to allow Java to run “appears to be a usability issue.”
As we reported on JAXenter, the decision to prevent any version of Java from auto-running was made last week in the wake of a fiendish SSL-decrypting exploit. By the end of the weekend, the bug ticket was flooded with complaints.
On Wednesday 23rd at 8:40am PDT, Mozilla updated the ticket to notify users that “the blocks have been reverted. It'll take roughly a day or two for most systems to update their blocklists and have Java working again.”
But although users are happy to have their Java freely flowing through Firefox again, with comments such as, “Nice to see sanity restored at #Mozilla” trickling through the Twittersphere, Mozilla’s anxiety of the security of Java as a platform remains.
However, as one commenter pointed out, one positive upshot of this incident might be that the issue may have created a dialogue between Oracle and Mozilla “so this problem can be solved in the correct way.”
This is only a temporary reprieve though. Mozilla developer Benjamin Smedberg was quick to add that in the future, Firefox “certainly will” be making Java Click-to-Play by default - as soon as the UI and other plugins are fixed.
He said that, “Whether or not we want to use the scarier UI is still an open question,” ominously adding that, “When we decide to re-block,” he’d file a new bug and link it to the sprawling original ticket.
It remains to be seen whether this issue will have a big impact on the popularity of Firefox. With many countries dependant on Java applets for everyday tasks such as online banking, less tech savvy users may simple switch to other browsers such as Chrome, which at least makes enabling Java relatively idiot proof.
Rogers noted that Oracle was “in the process of putting messaging together to instruct users on how to allow Java to run” in Firefox, but, “Unfortunately such messaging is often too little too late”.