Lemma Soft Forums

EDIT: SECURITY FIX UPDATE AVAILABLE.
http://news.cnet.com/8301-1009_3-575637 ... erability/
You can also simply download it from the main site.

Java screwed up.

Short version: As RenPy kinda needs Java for some people, uninstalling it may be a bit extreme so disable it in your browsers. All of them. Now. SERIOUSLY.

Long version: Java screwed up and now it has a massive security flaw. Just typing Java into Google will pull up the full story, but basically? The GOVERNMENT is telling users to disable or uninstall Java. Like right now. Not only on PCs but on Macs too.

Why?

Hackers know about this flaw and they are having a field day extravaganza.

Now if you have an older version of Java (why tho?) you might be safe. But just to be on the safe side, either go directly into Java or your browser settings and just disable it right now for your computer's safety.

I've disallowed temp internet files directly through my Java and I disabled the plug in through Chrome (chrome://plugins). Just in case.
Cause I am paranoid.

https://krebsonsecurity.com/how-to-unpl ... e-browser/
You might want to follow these instructions. Just to be careful.

_________________

I just went ahead and uninstalled it on one of my computers. It was always bugging me to update and then failing to update anyway. Very annoying.

Of course, I forgot I was using jEdit... ^_^; So now I'm using Editra or whatever that new thing Ren'Py is hooked up to now is.

_________________
“Among those who dislike oppression are many who like to oppress.”
- Napoleon Bonaparte

I've retired from forum administration. Please direct admin/mod issues to PyTom or the other mods : )

I am leaving mine installed (I don't have the NEWEST update, but I am up to date to this point and afraid to try now), but only because disabling it in your browser will apparently make most of the danger diminish.

I also also turned my (previously disabled) ad blocker onto max and disabled JavaScript for anything but YouTube for now because... paranoid. Again. (I know JavaScript is not the same as Java the program, paranoia does not use logic.)

_________________

On the downside, you're now running a crippled brower. Sad to say, much of the internet is dependent on Java, from the looks of things.

_________________

MESI Games/Personal Twitter/Death Rule: lost code Demo

@Hijiri: If I'm not mistaken, most of the uses of Java are on the server side, not client side. I remember when Java first came out and there was all that hype about Java OSes and applets running in browsers. Those didn't really pan out, though.

Does anyone know of anything major you'd reach by browser that relies on Java (not JavaScript)?

_________________
“Among those who dislike oppression are many who like to oppress.”
- Napoleon Bonaparte

I've retired from forum administration. Please direct admin/mod issues to PyTom or the other mods : )

Yeah, I may have overreacted. JavaScript itself apparently has nothing to do with this. That's back on (mostly because, you know, I actually need to access Google Reader and other stuff).

Java the Program itself is what has been hit, and most stuff (that I use and know of) on the net doesn't need it (except weather websites apparently, and porn sites of course. I know there are games that require Java but I doubt they'll get hit that hard, and there are also some chat clients that require it). Nothing I normally use requires it, it seems. I can literally go about my life without Java for a while until they fix this.

Basically, if you disable it in your browser and check a site that needs it (for example, the official Java test page) and it says you need it? You're safe. At least, the probably 15 articles I have read say you are.

_________________

You can read the US Government warning on the issue here: http://www.us-cert.gov/cas/techalerts/TA13-010A.html

This seems to be the main method of "attack" according to the source. I know next to nothing about the actual code behind Java so I'm not sure if someone would be able to hack your system from existing java applets/applications. Better safe than sorry I guess?

And don't forget to back up your games!

_________________
tumblr | twitter | I believe in you!

I don't know why I still have Java 6... I think it's because every time that annoying thing pops up like "Update me, update me!" I'm like "Grahh, you're annoying, close now!" Anyway, I disabled it, just to be safe. Thanks for the heads-up!

_________________
"It is [the writer's] privilege to help man endure by lifting his heart,
by reminding him of the courage and honor and hope and pride
and compassion and pity and sacrifice which have been the glory of his past."
— William Faulkner

The risk of something like this is why I've been trying to get people on Editra. Too late.

(Everyone, disable java applets.)

_________________
"It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face in marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming" - Theodore Roosevelt

Luckily I do not use Java.

This might be answering my own question too, but if I do not see anything Java related as an extension or plugin for Firefox, I'm safe. Correct?

I once installed Java to use jEdit but after jEdit STILL didnt work after installing Java, I uninstalled it. That said, I am safe since the installer EXE is the only trace of Java I can visibly find on my computer, yes?

_________________

https://twitter.com/Lishy93

But... but... I can't get Editra or any of the Text editor to work on Ren'py 6.14

I'm practically stuck on 6.13 (and will be for a very long time) and heavily dependent on JEdit to get anything done because it's the only thing that works on my Ren'py machine...

Guess I'll just work on a computer that is not connected to the internet...

"POOF" (Disappears)

_________________

You can also just turn off java applets.

_________________
"It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face in marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming" - Theodore Roosevelt

@mugen: I had errors with Editra from Ren'Py at first too. I just tried it a couple more times and it suddenly worked :p

I liked jEdit, though... It's ironic because one of the whole selling points of Java originally was that it was supposed to be more secure!

_________________
“Among those who dislike oppression are many who like to oppress.”
- Napoleon Bonaparte

I've retired from forum administration. Please direct admin/mod issues to PyTom or the other mods : )

Well, fortunately I almost never update things unless it's absolutely necessary (my Java is version 6.0) and always disable it since there was a warning about Java security holes even before this.

_________________
"Double the princesses, quadruple the fun!" - Haken Browning (SRW-OG Endless Frontier)

DeviantArt Account
MoeToMecha Blog (under construction)
Lolicondria Blog (under construction) <- NSFW

@PyTom That seems to be the way to go about it, PyTom. Everything I can find seems to say that it is only when used online that it becomes dangerous. Using Java for things offline, or when your net is disconnected, should (in theory) prove no issue.

Disabling it in the program itself is a more sure fire way of preventing this, but if you only use one browser (like me) just disabling it in the browser itself should work. But I know other people might use Chrome, FF, and IE simultaneously so that's a good thing to note here.

If you have 7.10, PLEASE follow the instructions PyTom posted.

@Mugen I hope you don't have to resort to that...
I'd miss your Twitter updates too much! D8
(But no, seriously, I REALLY hope you don't have to go that far and that you can work on your games, this has to be exceedingly annoying for anyone who relies on Java here... I prefer jEdit actually, but only because I used it for so long.)

_________________