ndt-users list created

[scarlett <>]

No.  That is not sufficient. The user also has to put the Java slider 
(in Java Control panel) as low as is now allowed (medium security - low 
security has been removed).  That, of course, defeats safe security 
settings for the user.  Java has just been declared to be the source of 
91% of malware on users computers.  Oracle is scheduled to soon phase 
out ANY ability of users to add trusted sites exceptions.

http://www.eweek.com/security/java-primary-cause-of-91-percent-of-attacks-cisco.html

The real problem here is that you guys need to SIGN your Java 
application.  If you would do that then users could have SAFE Java 
settings (slider in java panel set to High) and you would not need to 
worry that Oracle plans to soon remove ANY exceptions like adding sites 
to a trusted list.  Visualware, which has the only other good Java speed 
test, is in the process of changing over all their many servers 
nationwide to a SIGNED applet to avoid all these problems.  I happen to 
use their Hawaii Java speed test and it has not yet been changed over. 
Visualware has an excellent tutorial on how to continue using an 
unsigned Java applet speed test until they get all their servers 
switched over to a signed applet.  It pops up on the users computer when 
one tries to use a Visualware server that still uses an unsigned applet. 
 Mozilla based browsers currently block all unsigned Java applets (and 
give no information on how to fix that to the user - their "click here 
for further information" produces no results).  I tried to add NDT sites 
to the trusted sites but I could only add one! Then I read Visualware's 
tutorial and was able to add the others. It is a bit laborious as 
copy/paste is non-functional.  IE 10 on Windows 8 Pro proved to be the 
easiest browser to add NDT exception but I still had to put the Java 
slider as low as it would go.

But the real issue here is that Google Chrome has announced that it will 
be blocking ANY use of Java by the end of 2014.  (Chromium will be 
completely blocking Java in April with no exceptions ).  I suspect 
Mozilla will follow Chrome sometime this year with full blocking for 
Firefox and SeaMonkey and no exceptions like the current trusted sites. 
 I don't think Mozilla will give the Firefox Enterprise version an 
exception either (even though the Enterprise list serv is currently full 
of complaints about breakage of Java for business applications now in Fx 
24.2.0 Enterprise version).

I am a big fan of NDT speed tests because of the wealth of information 
available. I've used them regularly since around 2000.  Currently, ONLY 
Stanford and Jefferson Lab, of the public NDT servers, are working 
correctly after I added them to the trusted sites Java list.

http://www.klaus-hartnegg.de/gpo/2013-01-13_Java7u51Security.html


On 1/20/2014 1:32 AM, Christoph.Galuschka wrote:
> You might need to add the URL in question to the - apparently new -
> trusted sites feature from the java settings.
> > Morten Guldager 
> > <>
> >  hat am 20. Januar 2014 um
> > 12:29 geschrieben:
> >
> > Mine, and many other public NDT servers seems to have stopped working
> > with the new java 7.51 visitors have installed on their clients.
> > I'm running ndt-3.6.4 on a Red Hat Enterprise Linux Workstation
> > release 6.5 (Santiago)
> > Java pops up a box saying "Application blocked by Security Settings"
> > It seems to be hitting all kinds of java applications...
> > --
> > /Morten %-)
>
> --
> Christoph Galuschka
> CentOS-QA member | IRC: tigalch