java
Latest
First Impressions of RuneScape 3 from a returning player
Over a decade ago, two brothers working out of their parents' house in Nottingham set themselves the impossible task of building their own graphical multi-user dungeon, a genre that later evolved into the MMOs we know today. RuneScape launched to the public in 2001 as a low-res browser game with only a few hundred players and 2-D sprites for monsters, but several years later it boasted over a million paying monthly subscribers. The 2007 Sunday Times Rich List even estimated the Gower brothers' business empire to be worth over £113,000,000, due almost entirely to RuneScape. The secret behind RuneScape's success is that it's been continually updated throughout its lifetime, not just with regular infusions of new content but also with several major graphical and gameplay overhauls. The game was recently reincarnated as RuneScape 3, which is as far as it gets from the primitive game many of us grew up with. It now boasts a visually improved HTML 5 client with graphics acceleration, orchestral music, some voice-acted quests with cutscenes, and a fully customisable UI. This combines with last year's Evolution of Combat update and over a decade of new quests and zones to produce an MMO with more depth and character than many other AAA titles. In this hands-on opinion piece, I put RuneScape's three major versions side by side and look at how far RuneScape 3 has come since those early days of punching 2-D goblins and mining for fish.
MMObility: RuneScape, HTML5, and plenty of bacon
RuneScape, as always, is moving forward with killer new content and additions to the game. I was so excited this week to get a chance to play through the Bringing Home the Bacon questline and scout out the open beta of the HTML5 version. I was initially eager to see just how much better the HTML5 version looked and played, but I didn't want to dive in until any issues had been worked out. Boy, does it impress. Sure, it might not seem like much to someone who is used to the graphics from games like Guild Wars 2, but this browser game that is over a decade old looks great not only for a browser game but for any type of game. It's still a bit of an acquired taste, but once you try it, you'll be smitten. I also had fun playing through the bacon-flavored quest line that is featured this month. I'll tell you about both... how's that?
Slew of updates include Java, Safari, iPhoto and Aperture
Apple decided to push a lot of updates this afternoon, most of them related to a Java update that disables the Java SE 6 applet plug-in. By disabling the plug-in, Apple is allowing consumers to re-enable it on a case-by-case basis. Apple has provided a full guide to the new plug-in options. We have the full rundown of updates below: Java for OS X 2013-002 Java for OS X 2013-002 delivers improved security, reliability and compatibility by updating Java SE 6 to 1.6.0_43. On systems that have not already installed Java for OS X 2012-006, this update disables the Java SE 6 applet plug-in. To use applets on a web page, click on the region labeled "Missing plug-in" to download the latest version of the Java applet plug-in from Oracle. Safari 6.0.4 and 5.1.9 Safari 6.0.4 and 5.1.9 (for those on Snow Leopard) allow you to enable the Java web plug-in on a website-by-website basis. Aperture 3.4.4 The Aperture update largely centers around a bug that could cause the program to quit during image importing and spamming users with warning dialog boxes after their Macs have been asleep. The full list of changes include: Addresses an issue that could cause Aperture to quit unexpectedly during image import. Nikon P7700 RAW images are now displayed correctly in the Import window. Thumbnails with version names longer than 250 characters are now displayed correctly. Fixes an issue that could cause multiple warning dialogs to appear when web albums are synced after waking from sleep. Addresses an issue that could cause Aperture to quit unexpectedly when uploading photos to Photo Stream. Shared Photo Stream invitation lists now scroll correctly. Includes stability and performance improvements. iPhoto 9.4.3 A hefty iPhoto update, clocking in at 730.91 MB, focuses on OS X Mountain Lion compatibility. The full list of changes include: Photos can now be deleted from My Photo Stream by dragging to the Trash. Photos can now be exported from Photo Stream using the Export command in the File menu. RAW images manually imported from My Photo Stream are now editable. Fixes a bug that could cause manually rotated photos to appear unrotated when shared to Photo Stream. Addresses an issue that could cause iPhoto to quit unexpectedly while syncing to Facebook. Resolves an issue that could cause calendar text to appear at the wrong font size, resulting in order cancellation. Fixes an issue that could cause books to have an incorrect number of pages after rearranging two-page spreads. Includes stability improvements. Then, there are the usual plethora of printer software updates, including Canon laser printers, Epson printers and HP printer drivers. All of these updates are available through Software Update or via the Mac support page.
iPhoneDevSDK responds to attack
Yesterday, Apple disclosed it had been targeted by a malware attack. Apparently, related to a recent Facebook breach, Apple issued a statement regarding the situation: "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware." By the end of the day, Apple had released a security update addressing the breach. An AllThingsD write-up discovered the software developer website in question. It turned out to be the iPhoneDevSDK community. Today, iPhoneDevSDK responded: "What we've learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers...We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013." The site, which only became aware of the situation after seeing the AllThingsD post, is now working with Facebook, the Vanilla forums host and law enforcement.
Apple issues Java security update and malware removal too, iTunes 11.0.2
Following today's widely reported breach of security affecting Apple's employees, 1 Infinite Loop has issued Java for OS X 2013-001, an update intended to address the issues leading to the hack. Aimed at Macs running OS X 10.7 and later, the download -- available now through Software Update/MAS -- updates Java SE 6 to version 1.6.0_41. It also includes a new malware removal tool. In addition to the Java update, Apple has rolled out version 11.0.2 of iTunes via Software Update. This release lets users sort songs and other content by composer, improves app performance when syncing large playlists and fixes a bug that was preventing some purchases from appearing in users' libraries. It also brings with it the usual "stability and performance improvements" -- we love those things!
Daily Update for February 19, 2013
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for daily listening through iTunes, click here. No Flash? Click here to listen. Subscribe via RSS
Apple targeted by hackers
Reuters is reporting that Apple has been targeted in a cyber-attack. Apple announced the breach this morning, noting that malware had targeted a "limited number" of Mac systems. Reuters notes that the same hacker group is suspected of an attack on Facebook machines last week. In a statement the company made to The Loop, Apple said that the malware infected the systems through a vulnerability in the Java browser plug-in. "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware." Macs with OS X Lion and Mountain Lion installed ship without Java, and OS X currently disables Java if it is unused for 35 days. Apple will release an updated Java malware removal tool today that will check Mac systems and remove this particular malware if it is found.
Facebook says it was target of 'sophisticated attack,' no user data said to be compromised
It looks like you can add another big name to the recent string of high-profile hacking attempts. Facebook announced in a blog post today that it discovered last month that it had been targeted in what's being described as a "sophisticated attack," which it says "occurred when a handful of employees visited a mobile developer website that was compromised." Facebook further pinpoints the attack to a previously unseen zero-day exploit that bypassed the Java sandbox and installed malware on the computers in question. The company goes on to note that it immediately notified Oracle of the exploit, which issued a patch on February 1st. Facebook is also quick to point out that it has "found no evidence that Facebook user data was compromised," and adds that it was not alone in the attack, noting that it began to share information about the hack with other companies and entities as soon as it discovered it, and that it continues to work with law enforcement and others affected by the attack. You can find its full explanation of the matter at the source link.
Java patched again, Snow Leopard users blocked from older version (Updated)
Update: Apple's Java team has quickly responded to the patch with a revised JVM for Snow Leopard, OS X 10.6. The Java for Mac OS 10.6 Update version 12 (APPLE-SA-2013-02-01-1) is available in Software Update, according to an Apple security email. It updates Java to 1.6.0_39. Another week, another Java exploit: Computerworld notes that Oracle has once again updated the Java VM for all platforms to fend off a prospective exploit. The update is technically the scheduled February critical updates release, but the delivery was pushed up. Unfortunately, while Mac users on OS X 10.7 Lion and 10.8 Mountain Lion can upgrade their JVMs using Oracle's installer for Java 7, Snow Leopard (10.6.8) machines are out of luck. Oracle's Java 7 installer won't run, and as of yesterday Apple's supplied Java 6 is blocked by Apple's own XProtect malware shield -- it won't do applets in Safari or Firefox until it's patched. There are some hacky workarounds for either disabling/modifying the XProtect manifest (not recommended) or getting Java 7 to install on 10.6.8 (also not recommended) -- but if you need to run Java in the browser on 10.6.8, there aren't many better options. Speaking of recommendations, TJ's Reasonable Guide to Java security is a good resource for managing your risks with Oracle's runtime Thanks, Charles!
Java, Silverlight left in cold as Firefox disables all plugins by default -- except Flash
In an effort to prevent "drive-by exploitations," upcoming versions of Firefox will have Java, Adobe Reader and Silverlight disabled by default, according to a recent Mozilla Security blog. All other third-party plugins except Flash will also be disabled, requiring users to enable them using the so-called click to play feature introduced last year. All that is to prevent "poorly designed" Firefox plugins from crashing or recent headline-grabbing exploits involving the likes of Java, with Adobe's Flash player being the one exception that works out of the box -- though versions longer of tooth than 10.3 won't see daylight without your say-so.
Oracle releases v11 fix for zero-day Java security flaw
Oracle has released an official fix for the Java security flaw that was reported by CERT (the Computer Emergency Readiness Team) on January 11. Shortly after the flagging by CERT, Apple took steps to disable the Java plug-in on all Macs running OS X 10.6 or later by amending the XProtect malware/minimum versions file. Users who want to re-enable a secure, working version of Java can download the update here. The update is recommended for users on all operating systems including Windows and Linux. Of course, if you don't need to be running a Java VM for a specific reason, your most secure path is to not have it installed. At a minimum, you might consider TJ's reasonable advice and reserve your browser-centric Java activities to a single-site browser like Fluid.app, or simply leave Java disabled for browser access most of the time and only turn it on when specifically required. From the release notes, Oracle states: "Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2013-0422 'in the wild,' Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible." Apple no longer distributes its own version of Java for Macs running OS X 10.7 or higher. Oracle is now directly responsible for producing and updating the Mac JRE package, as it does for other mainstream operating systems.
Oracle patches Java exploits, toughens its default security levels (update: Apple does too)
Oracle hasn't had a great start to 2013. It's barely into the new year, and Apple and Mozilla are already putting up roadblocks to some Java versions after discoveries of significant browser-based exploits. The company has been quick to respond, however, and already has a patched-up version ready to go. The Java update goes one step further to minimize repeat incidents, as well -- it makes the "high" setting the default and asks permission before it launches any applet that wasn't officially signed. If you've been skittish about running a Java plugin ever since the latest exploits became public, hit the source to (potentially) calm your nerves. Update: Apple has released its flavor of Java built for Macs with the appropriate patch as well. [Thanks, Trevor]
US-CERT warns users to disable Java in web browsers, Apple and Mozilla move to block it
It's far from the first time that computer users have been warned to disable Java, but this latest security issue has risen to some high levels at a particularly rapid pace. After first being reported by security researchers on Thursday, the United States Computer Emergency Readiness Team (or US-CERT, a part of the Homeland Security department) stepped in with a warning of its own on Friday, which bluntly suggested that all computer users should disable Java in their web browsers (for its part, Oracle says that a fix is coming "shortly"). The flaw itself is a vulnerability in the Java Security Manager, which an attacker could exploit to run code on a user's computer. Not content to wait for a fix, some companies have already taken steps to block possible exploits. That includes Apple, which has added recent versions of Java to its blacklist covering all OS X users, and Mozilla, which has enabled its "Click To Play" functionality in Firefox for all recent versions of Java across all platforms (it was previously only enabled by default for older versions of Java). Apple's move follows an earlier decision to remove the Java plug-in from browsers in OS X 10.7 and up last fall. You can find the full alert issued by US-CERT and additional details on the vulnerability at the links below.
A reasonable response to Java security problems (Updated)
Update: According to The Mac Observer, Apple has acted proactively to block the Java browser plug-in on Mac machines with OS X 10.6 Snow Leopard or higher. If you are running an earlier version of OS X, then you should disable Java as noted below. Update 2: In a remarkably speedy turnaround, Oracle has released a patched Java VM (release 11, listed as b21 internally) that closes this particular hole. Users who need Java installed are urged to update ASAP. You may have to update manually; Mike Rose reports that the auto-update feature on his machine ended up crashing the Java control panel. A Java security flaw has been reported by CERT (the Computer Emergency Readiness Team). TheNextWeb has a good write-up of the background of the exploit's discovery. Here's the bad news: there is no "fix" for the bug yet. Here's the worse news: it is believed that malicious sites on the web are already aware of this security hole, and are trying to exploit it. Is your Mac at risk? Maybe. It is possible that your Mac does not even have Java installed. Apple stopped including Java by default with Lion. However, if you have run into any websites or software that needs Java, it may have prompted you to install it. So what should you do? Well, here are some options: Stop using the Internet and go live in a yurt. Disable Java Uninstall Java Ignore it and hope that everything will be OK. Hopefully you guessed that options 1 & 4 are the "Not Good" options, so that leaves us with two choices: Disable or Uninstall? Here's my suggestion: if you are on Mac OS X 10.7 or 10.8 (Lion or Mountain Lion) have Java installed and you're not just one of those people who goes around installing things willy-nilly, my guess is that you have (or had) some software program that relies on Java. If you uninstall it, something might break and you might not be able to figure out why. However, if you disable Java in whichever browser(s) you use regularly, you can continue to use your web browser without worrying about this exploit. If you find a website that uses Java, you can turn it on, do what you need to do, and then turn it off again. Safari Users: you can easily disable Java by going to Safari's Preferences, then choose the Security tab, and uncheck the appropriate box: Google Chrome users need to go to chrome://plugins Firefox users: Go to the "Tools" menu, then "Add-ons" (or ⌘ + Shift + A) and choose the "Plugins" tab. Then click the 'disable' button next to Java Applet Plug-in. "But I need Java for these sites I use every day!" OK, so that's the reasonable response that I think will work for most people, but if you happen to be one of the people who needs to use Java every day for a specific set of websites all is not lost. In fact, there's a very easy solution called Fluid.app. This one might seem a little nerdy, but once you set it up, it's quite easy. We've mentioned Fluid.app on TUAW in the past and it's one of my favorite tools. With Fluid.app you can make a "standalone" web browser with its own set of preferences, including Java. You can find these settings in your Fluid.app browser under 'Settings': But wait! he said in his best made-for-TV voice There's more! Fluid.app will also let you say exactly which websites (domains, URLs, etc) that you want to use with that browser. Go to the "Whitelist" preferences and enter the domains, like this: Now that the rule that I have will allow me to visit any URL that includes www.google.com. You can add more sites using the + at the bottom of the window. Add all of your known and trusted sites which use Java. If you come across a link to a different site, it will automatically send you over to your regular browser (where you have disabled Java). Using this system you can have the security of having Java disabled, but still have the convenience of being able to use it on sites that you trust.
Java 7 and Chrome don't play well together
In the immortal words of Lando Calrissian, "This deal keeps getting worse all the time." Apple's recent Java update removes the Java 6-compatible web plugins from OS X, forcing users that need Java in the browser to move to Oracle's Java runtime, which is at version 7. From a security and supportability standpoint, it's a sensible move. There's a couple of flies in the ointment, however, starting with the supported browser list. While Safari, Firefox and (I believe) Opera all behave well with the new v7 plugin, one popular browser does not: Google's Chrome. The current Chrome build for Mac is 32-bit (as are the available beta/development builds), but Oracle's Java is 64-bit. You can't run a 64-bit plugin in a 32-bit browser, full stop. On OS X 10.8.2 with the Java patch, the v6 32-bit browser plugins won't work either. There's no workaround for the moment, other than to use a browser other than Chrome for your Java needs. As Michael Horowitz (maintainer of the handy Java Tester website) points out on Computerworld's Defensive Computing blog, Chrome incompatibility isn't the only hassle with the new arrangement. If you have Apple's Java (v6) installed, adding Oracle's v7 doesn't remove the older version. In fact, there are some applications, including Talkshoe's Mac client, that won't install or run unless the Apple v6 Java framework is present. So now you've got one Java for browsers and another for... well, everything else, mostly. The core advice for Java, at this point, is don't enable it unless you actually need it for a specific reason (such as the backup tool CrashPlan). Apple's Java Preferences applet that formerly lived in the Utilities folder is gone, replaced by a quasi-preference pane for Oracle's Java, so if you want to disable or uninstall the v6 version you're either going to have to grab a copy of the deleted utility or do some minor spelunking in the Terminal.
Java plugin users on Mountain Lion nudged firmly toward Oracle
We made mention of this last Tuesday night when the relevant software update hit, but apparently that level of attention wasn't adequate: scores of stories across the tech and conventional media are now trumpeting the fact that Apple has removed its homegrown browser plugin for Java from OS X with the Java 2012-006 1.0 update, and is encouraging users who need Java in web browsers to download the Oracle runtime directly. This is a notable change, but not surprising: Apple deprecated its own Java exactly two years ago ("deprecated" = developer jargon meaning "We don't plan to work on this any more, and you should not count on it being around for all that much longer"). Oracle is now offering a v7 OS X build [link corrected] that's comparable with the Java packages for other operating systems. Of course, just because it's Oracle doesn't mean it's safe; a recent zero-day exploit in Java targeted the v7 runtime exclusively, which (at the time) few Mac users were running as Apple's version hadn't advanced past v6. That's bound to change pretty quickly now that the browser plugin switch has been thrown, although it's also going to make users who don't need Java somewhat more secure.
Apple says no Java for you, removes plugin from browsers on OS X 10.7 and up
Apple has recently released a Mac update for OS X Lion and Mountain Lion that removes its Java plugin from all OS X browsers. If you install the update, you'll find a region labeled "Missing plug-in" in place of a Java applet; of course, Apple can't stop you from clicking on it to download a Java plug-in directly from Oracle. The Cupertino-based company had previously halted pre-installing Java in OS X partially due to the exploitable factors of the platform, so this update signifies further distancing from Larry Ellison's pride and joy.
Software updates: HP Printer Software 2.12, Java 2012-006
There are some goodies in Software Update/the Mac App Store tonight: Apple has released the HP Printer Software Update 2.12, adding support for additional HP printers, and the Java for OS X 2012-006 1.0 update. The Java update implements a fairly important change in the ongoing transition from Apple's homegrown JVM to the Oracle-provided version: it uninstalls Apple's browser plugin for Java from all browsers. After the update, you'll see "missing plug-in" alerts if you surf to a page with an embedded Java applet. Clicking the alert will take you to Oracle's site to download the replacement plugin. The Java Preferences application is also removed by the update, as it is apparently no longer needed.
Oracle begins appeal process in its Java patent case against Google, Android (Update: Google too)
You should know by now that it's never truly over when tech giants resort to legal warfare over their technology, and just as it said it would, Oracle has filed an appeal of the US District Court ruling in its case against Google. In case you'd forgotten, back in May Judge William Alsup found that the structure of its Java APIs were not copyrightable so Oracle had to settle for $0 in damages over its claims that Android infringed on its patents and copyrights. FOSS Patent's Florian Mueller has a full breakdown of what he sees in the case, meanwhile we'll be preparing our fallout shelters for potential Android Armageddon... again. Update: Haven't had enough of paperwork flying back and forth? Good, because according to Bloomberg, Google has also filed an appeal in the case over the judge's decision not to set aside the jury's copyright verdict or order a new trial.
New Java zero-day covers all versions, could affect Macs
First the bad news: a rather serious zero-day exploit has been discovered in all currently-supported versions of Java. And yes, this sort of exploit can be used to hijack a machine. Now the good news: Apple stopped bundling Java back in 10.6, and this exploit is a proof-of-concept and has been submitted to Oracle, who should be working on a fix as we speak. If you don't need Java, we don't recommend installing it on Lion or Mountain Lion machines. If you do use Java, always be sure to install the latest patches. Oracle is due to issue more patches in mid-October. Bottom line: this exploit is NOT in the wild, has not been seen active on any machines, but exists as a flaw in Java. Unless someone independently discovers it and decides to actually exploit the flaw, you'll be fine -- and a patch should be coming soon.
