Friday, October 19, 2012

Oracle Java For Mac FAIL x10,
Installing Oracle's Version Of Java

[Updated 2012-10-23 @6:30 pm]

I have installed Oracle's Java for Mac. I now hate Oracle, seriously hate Oracle.

What's ahead is a long, nasty soap opera of FAIL. Let me save you time and cut to the quick:

Disabling Oracle's Java:

If you've installed the current version of Oracle's Java for OS X, v1.2 update 9, there is only one way to turn it off in your system: REMOVE IT from your root level Internet Plugins directory. Here's how:

1) Shut down your web browsers.

2) Navigate to:
/Library/Internet Plug-ins/

3) Remove/move these two files:


I have set up a folder where I store them called 'Internet Plug-ins (disabled)'. You have to do the Admin authorization stuff to move these files around.

4) Start your web browser again and surf around, carefree, not worried that another Java sandbox security hole getting your Mac PWNed.

OR: You could turn Java off in all your web browsers.

Now leave Java off all the time unless you desperately need to use it, in which case, reverse the above process.

Here's a good ArsTechnica article about the current state of Java:

And now for:

The Long, Sad, Hatred-Of-Oracle Inspiring Story Of The Java For Mac FAIL:

A Frightening Cautionary Tale, Just In Time For Halloween:

[Please note that all the images in this article can be clicked to expand them to normal readable size.]

I had to visit my ISP's website last night in order to contact them regarding the catastrophic mess they had made of both my cable TV signal and my Internet bandwidth. Horror of horrors, their live online support interface requires Java. Here is what I saw when I tried to use their interface:

See that little button that says 'Get JRE Plugin'? This is the one Apple tells us to expect after we have uninstalled Java from our OS X 10.7 and 10.8 systems. If we wish to proceed and install Java, we click the button and are sent to the Oracle Java website to download the OS X Java installer.

Except THE BUTTON DOESN'T DO ANYTHING. I clicked away in Safari and nothing happened at all, ever. It doesn't work. It's inert. That's FAIL #1.

So I went over to Oracle's Java website all on my own, dug around for the version of Java they offer for OS X, and went into shock when I discovered that it was Java 1.7 update 6, an old crusty entirely UNSAFE, yer gonna get your Mac PWNed version. That's FAIL #2.

[NOTE, October 23rd Addendum: Immediately after I first posted this article, Oracle saw fit to remove the olde Java 1.7 update 6 installer and instead directly provide Java 1.7 update 9. Thank you to reader Franklin for bringing this to my attention. This negates 'FAIL #2'. However, if you scroll down to the Comments, you'll see that Oracle STILL has a bad web page, apparently from 1998 (!), that states Apple is going to provide a Java plug-in. I ran into this page using an ordinary, logical Google search of "oracle java for mac download". This bogus Oracle page was the #1 link result. Read it and weep:
Java Plug-In Mac Download Page
What the?! I cannot comprehend how a company can be so incredibly careless. This ridiculously olde, decrepit page at Oracle constitutes the new FAIL #2. Therefore, I have not changed the title of this article. Hopefully Oracle will respond by pointing victims of this idiocy to the website where Oracle does indeed provide the latest version of Java's plug-in for Mac.]

But I downloaded and installed it anyway, hoping it would upgrade itself. I ran the installer. The first pane of the installer proclaims the following propaganda:

'Java provides safe and secure access to the world of amazing Java content.' blahblahblah.
Right. That's why Apple dumped Java and we had NO 'safe and secure' version of Java for the entirety of the summer of 2012 on into mid-October. Nice try Oracle. That's FAIL #3.

After the Java installation, thankfully it alerted me to download the latest updated version. Kewlness:

After the update installed, I tried to figure out how to set the Java preferences. There is NO 'Java Preferences' app in Utilities any more. Instead, Oracle installs a System Preferences pane in the root Library folder. I'd read about that being the case, so fine. This is what I saw when I opened the Java preferences pane:

'The Java Control Panel opens in a separate window.'
WHAT? Oracle were too lazy to write an actual preference pane? They think Macs still have 'control panels'? That's FAIL #4.

So, I waited around for the 'control panel' to decide to open, tickticktick, yawn, what's on TV, and then it shows up:

Fine, a common tabbed window for Mac. I started searching around for how to turn Java on and off, similar to what Apple's now defunct 'Java Preferences' app used to do. I discover what I wanted is under the ridiculously named 'Java' tab. What? Everything here is Java! Huh? That's FAIL #5.

The 'Java' (duh!) tab comes up and it looks like this:

Oh look, an award worthy user interface that does nothing-at-all but make you dig even deeper to actually get anywhere. That's FAIL #6.

I am forced to hit the 'View...' button in order to get past the bureaucracy. This is what appears:

Hey! A checkbox to uncheck! Yeah!

Except the checkbox is inert. Remember the earlier inert 'Get JRE Plugin' button! Winner programming here! And guess what! The corresponding checkboxes for BOTH 'User' and 'System' don't work! That's FAIL #7 and FAIL #8.

That's 8 Oracle Java FAILs. Eight. Not ready for prime time crapware: That's what this garbage is. That's why I now hate, seriously hate, Oracle. What incredibly lazy, careless, obtuse, inept, dumbass programmers from hell.

-> So what do you do when you want to turn Java OFF?!
See the start of this article for instructions.

To hell with Oracle. To hell with Java.

But we're not finished! Where are the more detailed security settings? Under the 'Security' tab? No! What you'll find there are settings for certificates. You want to go under the 'Advanced' tab, then scroll down to 'Security'. That's FAIL #9.

But first, look just above 'Security' and do this:

* Under 'Application Installation' you must choose 'Never install'.

Why? Because this specific setting stops DEAD the ability of drive-by malware to install itself onto your Mac via sandbox-broken Java. Could this cause a problem? Maybe. You might well find yourself scrambling to change this setting to 'Install if hinted' instead, but only on a website you TRUST. Otherwise, leave this set to 'Never install'. Please.

Now we at last get to the 'Security' settings. I suggest the following, with my added notes in brackets:

√ Allow user to grant permissions to signed content
- Allow user to grant permissions to content from an untrusted authority
√ Use certificates and keys in browser keystone
√ Don't prompt for client certificate selection when no certificates or only one exists
√ Warn if site certificate does not match hostename
- Show site certificate from server even if it is valid [Turning this on is fine]
√ Show sandbox warning banner
√ Allow user to accept JNLP Security requests
√ Check certificates for revocation using Certificate Revocation Lists (CRLs) [Shame on Oracle for not have this turned on by default! Dunderheads!]
√ Enable online certificate validation
√ Enable list of trusted publishers
√ Enable blacklist revocation check [of course!]
- Enable caching password for authentication [risky, not advisable]
√ Use SSL 3.0
√ Use TLS 1.2 [Yes, 1.2, not earlier. Again, shame on Oracle for not making this the default! Dummies!]

And now for our final FAIL. This one's worth a good laugh. Under 'Miscellaneous' it offers the checkbox "Place Java icon in system tray". It doesn't matter if you check in on or check it off. It doesn't do anything. It doesn't put a Java icon in your menu bar or anywhere else. It's total crap. Only Windows has a 'system tray'. So what's a Windows setting doing here on a Mac? It's just an excuse for Oracle to hand us an even 10 FAILs. 10 fingers, 10 toes, 10 FAILs. Whatever. Thanks for being so attentive to the OS X platform Oracle. I hate you.

[NOTE, October 23 Addendum: Reader Franklin kindly pointed out that the 'system tray' checkbox DOES do something. It puts a Java icon at the far right of the menu bar whenever Java is actually running on your Mac. Thus my hatred of, and low opinion of Oracle is slightly abated. However, lazily mis-naming the Mac menu bar, which was established by Apple over 10 years before the Windows 'system tray', still constitutes a remarkable FAIL by Oracle's programmers. Therefore, I continue to call this FAIL #10 and have not changed the title of the article. 

Please get with it and catch up Oracle. It's the "menu bar" and it is as old as the very first Macintosh computer, IOW 1984. Then add to that the fact that the "menu bar" also existed on the Apple LISA (1983)

The menu bar is an Apple innovation and improvement upon the Xerox Star OS, which instead put the menu bar at the top of individual windows, as found in today's Microsoft Windows OS.]


  1. Your fail #2 is absurd. If you go to it will take you to the newest version of Java. You must have really been 'digging' around to find Java 7 update 6.

    Your fail #10 is just wrong. If the 'Place Java icon in system tray' is checked, the Java icon will appear in the upper right corner of the OSX Menu Bar when Java is in use. If you were running a Java applet, you would see the Java icon visible on the Menu Bar.

    1. Thanks for your comment Frank.

      Fail #2 is exactly as I wrote. In fact, I was lucky I found it at all. Check this out. Do a Google search for "oracle java for mac download". The top result is:

      Java Plug-In Mac Download Page

      This is what it says:

      "The Java Plug-in is not currently available for the Mac.
      Apple has announced they will provide a Mac version of the Plug-in:

      ""The Java Plug-in will allow Apple's customers to use our Java Virtual Machine, Mac OS Runtime for Java (MRJ), to run Java applets in Netscape Navigator," said Steve Naroff, director of Java technologies and core tools, Apple Computer Inc. "Our work with Sun on the Java Plug-in is another indication of Apple's commitment to make Mac OS the best platform for authoring and viewing Internet content." (April 20 1998.)

      "As soon as the Mac version is available, we will add a link here."

      Expecting this was just an old page they forgot to take down, I went to Oracle's page of download links for ALL platforms:

      There I found listed a link labeled "The Apple Macintosh". I clicked it and was sent to the first link again, which states, as I posted, "The Java Plug-in is not currently available for the Mac."

      Another FAIL.

      What is a normal Mac user supposed to make of this stupidity at Oracle? Wait for Apple? Unless Apple has changed its mind since yesterday, that's going to be an endless wait. Again, Oracle inspires hatred.

      Thank you for your information about Fail #10. I'm will be altering (have altered) my article with your added information. However, I must point out that the Mac has no 'system tray'. That is only a Microsoft Windows term. The Mac has what's called the menu bar as the closest equivalent. If Oracle cares about Mac, cares about being correct in their Mac terminology, why can't they bother to use Mac terminology? A normal Mac user has no idea what a 'system tray' is. This continues to be a FAIL.

      Oracle don't care.