Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Java applets are largely dead at this point but they do still exist in small corners of the IE world. Signing those jars is paramount and the signature is validated by the browser.


"Java Web Start" still exists and there are at least two programs I use from time to time based on that technology. One being a custom thing, the other openstreetmap editor jOSM.


> "Java Web Start" still exists

I'm afraid it's been dead for a while now.

> Java Web Start (JWS) was deprecated in Java 9, and starting with Java 11, Oracle removed JWS from their JDK distributions.

https://openwebstart.com/


In large portion of "real world", Java 8 is the latest. Sometimes because of JWS deprecation, even.


And Java Webstart jars had to be signed correctly or else the browser would reject the application. As I recall META-INF also had to have the correct security meta data or else the browser would complain.


Just because its depricated doesn't mean it is unused.

People still use Python 2.7.


It's not deprecated - it was deprecated and now it's completely gone.

Like Python 2.7, you can now only get support for JWS if you pay or if you go through a third-party.

If you're still using it I recommend you get off fast.


> now it's completely gone.

...From newer versions. Old JDK versions have been kept the same, and Java 7 & 8 are still in heavy use.

> you can now only get support for JWS if you pay or if you go through a third-party.

Not everyone needs enterprise support.


> Old JDK versions have been kept the same, and Java 7 & 8 are still in heavy use.

But they aren't getting free security updates.

> Not everyone needs enterprise support.

Run it without security patches? That's suicidal for a system like JWS.

Or do you think there's some option that is still support but not specifically enterprise and doesn't cost anything? I would take a look at who historically contributes security patches to OpenJDK and think about if you free vendor really has the expertise you think they do to keep up with security attacks.


> Or do you think there's some option that is still support but not specifically enterprise and doesn't cost anything?

Yes, Amazon backports security updates to Amazon Corretto (fork of OpenJDK 8 and 11)


> Amazon backports security updates to Amazon Corretto

There's a flaw in your logic there...

JWS is gone in new versions, so there aren't any security updates for it in the newer versions either.

You can't backport a patch which hasn't been written.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: