Skip to Content.
Sympa Menu

ndt-users - Re: NDT seems to refuse to run with client side java 7.51

Subject: ndt-users list created

List archive

Re: NDT seems to refuse to run with client side java 7.51


Chronological Thread 
  • From: Clarke Morledge <>
  • To:
  • Subject: Re: NDT seems to refuse to run with client side java 7.51
  • Date: Tue, 21 Jan 2014 10:08:50 -0500 (EST)

I brought this up last spring, but it did not seem to go anywhere as Jason Zurawski left I2 at about that time. Is there further progress being made to pull out of the Java business for NDT and port the functionality to HTML5, or something in that neighborhood?

As noted, the cut and paste ability on the Java applet for the test results has been dead for years for most of my users and the deathknell for Java applets in browsers appears to be sounding.

The M-Lab and Android stuff have been steps in the right direction, but that still does not get us out of the Java mess. NDT has been a great tool for novice users, but at this point its usefulness is in doubt unless it can be extricated from the jaws of Java.

What say ye, I2 wizards?

Clarke Morledge
College of William and Mary
Information Technology - Network Engineering

On Mon, 20 Jan 2014, scarlett wrote:

No. That is not sufficient. The user also has to put the Java slider (in Java Control panel) as low as is now allowed (medium security - low security has been removed). That, of course, defeats safe security settings for the user. Java has just been declared to be the source of 91% of malware on users computers. Oracle is scheduled to soon phase out ANY ability of users to add trusted sites exceptions.

http://www.eweek.com/security/java-primary-cause-of-91-percent-of-attacks-cisco.html

The real problem here is that you guys need to SIGN your Java application. If you would do that then users could have SAFE Java settings (slider in java panel set to High) and you would not need to worry that Oracle plans to soon remove ANY exceptions like adding sites to a trusted list. Visualware, which has the only other good Java speed test, is in the process of changing over all their many servers nationwide to a SIGNED applet to avoid all these problems. I happen to use their Hawaii Java speed test and it has not yet been changed over. Visualware has an excellent tutorial on how to continue using an unsigned Java applet speed test until they get all their servers switched over to a signed applet. It pops up on the users computer when one tries to use a Visualware server that still uses an unsigned applet. Mozilla based browsers currently block all unsigned Java applets (and give no information on how to fix that to the user - their "click here for further information" produces no results). I tried to add NDT sites to the trusted sites but I could only add one! Then I read Visualware's tutorial and was able to add the others. It is a bit laborious as copy/paste is non-functional. IE 10 on Windows 8 Pro proved to be the easiest browser to add NDT exception but I still had to put the Java slider as low as it would go.

But the real issue here is that Google Chrome has announced that it will be blocking ANY use of Java by the end of 2014. (Chromium will be completely blocking Java in April with no exceptions ). I suspect Mozilla will follow Chrome sometime this year with full blocking for Firefox and SeaMonkey and no exceptions like the current trusted sites. I don't think Mozilla will give the Firefox Enterprise version an exception either (even though the Enterprise list serv is currently full of complaints about breakage of Java for business applications now in Fx 24.2.0 Enterprise version).

I am a big fan of NDT speed tests because of the wealth of information available. I've used them regularly since around 2000. Currently, ONLY Stanford and Jefferson Lab, of the public NDT servers, are working correctly after I added them to the trusted sites Java list.

http://www.klaus-hartnegg.de/gpo/2013-01-13_Java7u51Security.html


On 1/20/2014 1:32 AM, Christoph.Galuschka wrote:
You might need to add the URL in question to the - apparently new -
trusted sites feature from the java settings.
Morten Guldager
<>
hat am 20. Januar 2014 um
12:29 geschrieben:

Mine, and many other public NDT servers seems to have stopped working
with the new java 7.51 visitors have installed on their clients.
I'm running ndt-3.6.4 on a Red Hat Enterprise Linux Workstation
release 6.5 (Santiago)
Java pops up a box saying "Application blocked by Security Settings"
It seems to be hitting all kinds of java applications...
--
/Morten %-)

--
Christoph Galuschka
CentOS-QA member | IRC: tigalch




Archive powered by MHonArc 2.6.16.

Top of Page