Not for the attention span-challenged...
Since last summer many news outlets (including papers and tv) have recommended uninstalling Java completely, not just updating it. This escalated this year with even US Department of Homeland Security going as far as to recommend uninstalling, instead of updating.
I can't find anything from the DHS saying that Java should be installed completely, just disabled in the browser
. Even if they did say it, assertions backed by references would be cool, since I really shouldn't have to go digging.
I'll admit that IE not providing adequate security is more of a concern, although that's really up to Microsoft to fix. If nothing else, we could tell people to disable Java in the browser
. Yes, many wouldn't read or follow it, but it's better than nothing. I'd be interested in trying not mentioning the Java dependency at all when it's released and finding out how many people actually don't have Java installed.
Well, SANS is one of the highly respected security organisations in the world - you can read the following (without being a member) for their take on it:
Hm, interesting. Good to see people being pragmatic. Although I doubt disabling the Java plug-in would cause much pain for people, especially given how often it's automatically done.
Riiiiight. Because news and TV are sooooooo trustworthy, especially when it comes to technology stuff. Same for the government.
I'm sorry, but that's stupid. Governments and news outlets were only repeating what experts (real experts that is, white hat and black hat infosec people alike) were saying for years. Java plugins for browsers are a giant security risk, that's a fact.
Sure, the Java plug-in is a huge security risk, although I'd bet that not many in the mainstream media know the difference between the JRE, which is what the installer uses, and the Java browser plug-in, which uses the JRE but is separate from it.
Now, this might be easy and lazy way out of Java and results may not be top quality, but there is Java to Python converter tool. https://github.com/natural/java2python
I might fiddle with this later, but $10 says that this source-to-source compiler either won't run to completion, won't produce anything resembling working code, or will produce working but unreadable/unmaintainable code. Like any other Java program, the installer doesn't just consist of the program text, but also all of the Java libraries it uses, whether standard (like Swing for the GUI and eventually crypto for computing hashes) or third-party (like 7-Zip functionality).
Also remember that with software, maintaining and updating the software is the really hard part. We'd need the installer to be maintained for years. It's great if people can write it in Python now, but who's going to keep it going and add features when we need them? Is there anyone able and willing to commit to that?
If not, would this whole installer issue be better resolved by an easier-to-use file hosting site tailored specifically for our use?
I don't understand how that would look, please explain.
I don't believe it's to provide retail files (IMO if it could get us in trouble if we tried it). AFAIK the installer is just to give a simple interface for installing mods. i.e. automate the process and there's less chance of users making mistakes.
Yup. Installing mods manually is, quite honestly, a pain, and I'm not sure there's a good way to make it painless. A few months ago, I helped someone manually install FS2 and the MVPs, and we
both thought it was a pain. And this was a guy who's plenty tech-savvy (codes for his day job) working one-on-one with the guy who wrote the current install instructions
I don't care one way or the other what the installer is written in, only that we have a working installer. THANKS GOOBER!
We do? Where.
I suppose a more nuanced description would be "we have been told that we should have a working installer Soon (TM)".
Python. Definitely leaps and bounds better choice than Java. Not only it is more secure than Java, there are working tools to compile executables that do not require Python to be installed on computer.
- Windows: http://www.py2exe.org/
- Linux: http://wiki.python.org/moin/Freeze
- OS X: http://svn.pythonmac.org/py2app/py2app/trunk/doc/index.html
Not only that, but Python comes preinstalled on OSX and most major Linux distros; so generating a native binary is only really needed for Windows.
Hm, I'd forgotten that it comes pre-installed on those. I guess depending on just one random piece of third-party software is moderately more feasible then depending on three, even if py2exe hasn't had an official release in over 4 years
(how reassuring!). I hope everyone would agree that asking all players to install Python is a non-starter.
The big question would be: Python 2.x or Python 3?
I'd go with the latest version that's widely available on the versions of OS X we can actually support (i.e., not Tiger, maybe not Leopard), which would likely set the bar low enough for reasonably recent Linux distros. That'd likely rule out Python 3.
The latest version of py2exe supposedly supports Python 2.7, so we'd be stuck with that. Freeze
(at least I think this is the project Fury was talking about, since the wiki page he linked to didn't seem to go anywhere) is supposedly cross-platform and supports more recent versions of Python.