Re: Another Java Thread

[Tim Doty <tdoty () MST EDU>]

On 04/23/2013 10:37 PM, Steve Bohrer wrote:
> On Apr 23, 2013, at 8:47 PM, "Shettler, David"
> <dshettle () HOLYCROSS EDU> wrote:
>
> > We go a bit further and request that they move off of client
> > dependencies altogether.  No java, no flash,
> […]
>
> Sorry if this is a naive question, but when you ask vendors to
> eliminate       "client dependencies", are you just asking for specific
> binaries for each platform and OS, or is there some other scheme I'm
> missing?

The most obvious alternative is to use a web front end. And not a web 
front end that delivers a java applet.

Symantec's SIM is a good example of how to do clients completely wrong: 
the client is written in java, but is compiled in a way such that it 
requires windows to launch it. Using wine doesn't help. So despite the 
use of Java you are limited to Windows platform for clients and keeping 
a vulnerable version of Java. Supposedly they are moving toward a web 
client.

I don't necessarily have anything against a Java client per se (other 
than the recent aggressive abuse of vulnerabilities in the runtime), but 
it is amazing how vendors find ways to tie you to specific versions of 
Java. Having used complex and capable Java apps that worked no matter 
what version of Java you had installed or what platform it was running 
on, I really have to wonder about the Java developers at the vendors.

Web clients have their own set of issues (and Java does address some of 
these), including security problems, and just having a web client by no 
means assures it is platform independent (cue the IE dependent web 
clients). But at the moment I can certainly see how it would look much 
better. And, in general, a platform agnostic web client is my preference 
as well.

Tim Doty

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature