I ran around the house this morning making sure the Java plugin was turned off in all our web browsers on all our computers.
Why was I so panicked? Because the Department of Homeland Security issued a warning late this week about Java. And I knew that like most normal people, my family and I ignore warnings from the DHS. I know we should pay more attention to terrorism and whatnot but the constant alerts from our government on vigilance and seeing something and saying something have become background noise.
But Java? It's become a clear and present danger.
Ideally, you should not have to worry about what programming environment your phone, pad, or laptop software is written in. So before you read the rest of this post read at at least three reliable sources on why you need to disable Java: US-CERT, CBS News, and C-NET. You should be suspicious of anyone telling you to do anything with your computer's settings, even me!
Once you are satisfied that I'm not trolling you, go to Sophos's Naked Security website and follow their excellent description on disabling the Java plugin on all your web browsers on your personal computer. (Hopefully your IT department is handling this kind of thing for your work computer.)
Back already? You really did disable Java?
So how did this happen? Java is one of the greatest programming environments ever invented and powers much of our Internet software and services. Why is it so easily abused by blackhats and malware authors? Part of the reason is it's widely utilized and yet obscure. You use Java every minute of the day: It's built into Android and Blackberry phones and added to all major computers operating systems. It's one of the programming environments that millions of Internet servers and clients use to for banking, shopping, and socializing.
The real problem is that important parts of Java are controlled by Oracle. Larry Ellison thinks he owns it! And for reasons, that probably make good business sense to Oracle, the owned and operated parts of Java have not been maintained very well.
A programming environment is like the water in a fish tank: It's a closed world that information and transactions swim around inside your computer like little fish. If someone is taking care of the water, making sure algae isn't getting out of control, then the little fish will be happy and thrive. But if the aquarium's owner is negligent then water turns foul and fish turn into evil zombies stealing your private data and credit cards.
It's time for Oracle to invest much more into maintaining and protecting Java. Google, Apple, and Microsoft, and Adobe, are all paying attention to their programming languages and runtime environments. Oracle inherited Java from Sun Microsystems, one of the greatest tech companies that ever was, and since then Oracle has had a really hard time figuring out what to do with Java. Sun also failed at making a profit on Java, but even so, Sun invested in Java with a mother's tender loving care.
Java and all it's bits and pieces, doesn't really fit with Oracle's business and it's not a core part of Oracle's DNA. I doubt Oracle will ever invest enough into Java to keep up with all the algae that constantly slimes the Internet. Given the grim reality of a public utility sitting inside a sales-driven, shareholder beholden mega-corporation the best action Oracle could do is to stop fighting for control of Java and let the commons take over the care of the fish tank.
Until then sign up for US-CERT email alerts and don't eat fish from fouled fish tanks!