[conspire] Tidbit about the state of Java on Linux

Rick Moen rick at linuxmafia.com
Tue Aug 9 19:40:38 PDT 2011

As I mentioned in my notes to Eddie (forwarded here), I don't have an
oversupply of warm fuzzies about Java, generally speaking.  However,
thanks to a number of developers' efforts, many of them at Red Hat,
Linux users have a fully credible, open source Java stack, and should
need to get stampeded into installing Sun's proprietary Java (or IBM's),
any more -- except in special cases, perhaps.

And yet: The lion's share of what you read online starts you out with:
Step one:  Go to http://www.java.com/en/download/ .  Step two:  Install
and run (as the root user) the jre-6blahblah-linux-i586.run binary , or
pull down and install (as the root user) the proprietary RPM for your
distro.  Step three:  Restart your Web browser, and visit
https://www.java.com/en/download/installed.jsp to verify that Java

The _major_ work, done mostly around 2008 or so, involved beefing up the
95% or so of OpenJDK that Sun Microsystems released under GPLv2 in
2006/2007.  As with OpenSolaris, Sun granted genuine open source
licensing terms to all the parts of Sun Java SE 6 (aka J2EE v. 1.6) over
which they had copyright ownership, so don't blame them for the other
5%.  Red Hat and others borrowed code from GNU Classpath to supply the
missing pieces, worked on it a bit, and called the project 'IcedTea6'.

Why a separate project?  Because the upstream OpenJDK6 from Sun (now
Oracle), open source though it is, still had and has dependencies on 
various proprietary pieces including the build environment, browser
plugin, and JIT (just-in-time) compiler.

It's been several years since Red Hat lead that pioneering work, and so
the code has made it out into the field and into released distros. 

Which brings me to today:  I was suddenly informed that I had to run a
Cisco AnyConnect VPN applet (a Java applet) in order to get access to a
new network where I'll be done time-critical work.  I went to a
Cisco-logoed 'SSL VPN Service' page, attempted login:  It said it was
attempting to start up Sun Java, to do login.  It failed.  

Why is the Cisco software looking for, and talking about, _Sun's_ Java?
Because all these twinkies out in the corporate world _still_ cannot
conceive of using anything but the proprietary Java stack.  

I spent a few minutes Web-searching.  Also, I did

  apt-cache search openjdk
  dpkg -l | egrep 'java|openjdk'

On my Debian testing/unstable (well, 'aptosid' distro, basically)
workstation, the key packages already installed seemed to be:

java-common         0.40   Base of all Java packages
openjdk-6-jre       6b18-1.8.9-0.1   OpenJDK Java runtime, using Hotspot JIT
openjdk-6-jre-headless 6b18-1.8.9-0.1 OpenJDK Java runtime, using Hotspot JIT (headless)
openjdk-6-jre-lib   6b18-1.8.9-0.1   OpenJDK Java runtime (architecture independent libraries)

Ah, wait, I know!  There's no browser _plugin_ package installed, hence
no /usr/bin/javaws (Java WebStart) ability.  Web-searching quickly
revealed the package name:  icedtea-plugin  

That makes sense for distros to omit the damned thing (the browser
extension) by default.  Although Java is far less of a security menace
than the similarly named 'Javascript', it's a security exposure and
shouldn't be installed & enabled in browsers without the user's OK.  As
it happens, on my workstation, the invaluable NoScript extension (highly
recommended) ensures that no Java applets will ever run without my
specific OK, so the threat is already contained.

Install icedtea-plugin, restart Firefox (Iceweasel), visit your choice
of 'Go here to make sure Java is working' pages.  E.g.:


And, hey!  That's amusing:  The Oracle (Sun) Java pages _themselves_ 
claim that I'm running _Sun_ Java.  (Well, I sort of am, just as
modified with the IcedTea fixes.)  The former says:

   Your Java configuration is as follows:
   Vendor:  Sun Microsystems
   Version:  Java SE 6 Update 18
   Operating System: Linux 2.6.37-0.slh.18.aptosid-686
   Architecture:  i386

The latter page says:

   Verifying Java Version
   A newer version of Java is available

   Please click the download button to get the recommended Java for your
   Your Java version: Version 6 Update 18 

   NOTE: If you recently completed your Java software installation, you
   may need to restart your browser (close all browser windows and re-open)
   before verifying your installation.

   Download Free Java Software
   Version 6 Update 26

...which advice I'll follow about when Hades turns gelid.  ;->

Anyway, point is:  If you have a modern Linux distro, you almost
certainly either (1) already have a fully Java Test Compatibility Kit
(TCK)-compliant implementation of J2EE v. 1.6 without any _proprietary_
Sun Microsystem code (just the repackaged open-source Sun code + fixes
from Red Hat and the GNU Project), or (2) can have one with one quick
package fetch.  When I say compliant with TCK, that basically means full
Java, with support for AWT widgets and everything else that's part of
the standard.

If Java applets (off the Web) don't seem to work, make sure you've
installed the icedtea-plugin browser package (whose exact name, of
course, may depend on your distribution).

And yes, Cisco's rather moronic and Sun Java-obsessed AnyConnect VPN
client worked fine.

The version of the openjdk packages reported above parses out to
'OpenJDK 6 version 1.8.9', which the Sun Java applet pages, in turn,
interpreted as 'Java SE 6 Update 18'.  IcedTea's OpenJDK6 packages
have now progressed to version 1.10, as shown on the download pages off
http://icedtea.classpath.org/ -- but I'd rather use packaged software
for Debian unstable, thanks!

[1] For the fully open source packages making up the stack, you might
have to look under either the names 'IcedTea6'/'IcedTea' _or_
'OpenJDK6'/'OpenJDK', depending on your distribution.  IcedTea6 was the
temporary project name on account of Sun's trademark restrictions.
That name should now be vanishing in favour of OpenJDK6 -- though, if in
doubt, look for the 'icedtea' ones in preference.
Details:  https://secure.wikimedia.org/wikipedia/en/wiki/IcedTea

More information about the conspire mailing list