Excellent. Will this also be true for the applet version?
In one year from now we’ll see if Java's still required, and, if the renewal
requires a payment, find sources for that.
Jaim
__
Dr Jaime Prilusky
Head Bioinformatics
R&D Bioinformatics and Data Management
Department of Biological Services
Weizmann Institute of Science
76100 Rehovot - Israel
mail: jaime.prilu...@weizmann.ac.il<mailto:jaime.prilu...@weizmann.ac.il>
tel: 972-8-9344959
fax: 972-8-9344113
OCA, http://oca.weizmann.ac.il (the protein structure/function database)
Proteopedia, http://proteopedia.org (because life has more than 2D)
------------------------------------------------------------------------
On Nov 3, 2013, at 10:57 AM, Nicolas Vervelle
<nverve...@gmail.com<mailto:nverve...@gmail.com>> wrote:
Hi Bob,
I know I have a full certificate, valid for one year, but it's unclear what I
will have to do in one year : I'm not sure if renewal is still free or requires
some money.
It's the only option I found that allowed me to have a free code signing
certificate for the moment, so I decided to try it.
Users with recent Java version have now again the ability to trust my
application once and for all, which is a lot better than what they were allowed
with the self-signed certificate.
Nico
On Sun, Nov 3, 2013 at 12:51 AM, Robert Hanson
<hans...@stolaf.edu<mailto:hans...@stolaf.edu>> wrote:
hang in there. I think we will be ok. But, Nico, are you sure you don't have a
'trial version'
On Sat, Nov 2, 2013 at 2:20 PM, Nicolas Vervelle
<nverve...@gmail.com<mailto:nverve...@gmail.com>> wrote:
Hi Jonathan,
I think we can try using free certificates, I've got one 2 weeks ago from
certum as they give them for free to open source developers.
I'm using it for a Java application, and it seems to work a lot better than
with the self signed one.
If need be, I can sign a Jmol version with it to see if it works correctly with
Jmol
Nico
On Sat, Nov 2, 2013 at 7:49 PM, Jonathan Gutow
<gu...@uwosh.edu<mailto:gu...@uwosh.edu>> wrote:
Ouch!
I've been out of the loop for a while trying to get caught up on local work
issues. This does not sound good. As I read the description from Oracle the
only way to use Java in browsers that does not require a commercial certificate
and a codebase compiled for each server (possibly you don't have to specify
your codebase location in the jar, but I think you do) is to have each local
user/intranet whitelist the particular jar from a particular source. This may
be OK within a large company infrastructure, but is not going to work for
general users.
Have I misread this?
The most amusing thing about this is that the alternative (javascript and
things like opengl) are no more secure for the same capabilities and so far
much slower.
We still need the java application, but I guess we pretty much need to get
everything converted to JSmol for web stuff.
Jonathan
On Nov 2, 2013, at 1:11 PM,
jmol-users-requ...@lists.sourceforge.net<mailto:jmol-users-requ...@lists.sourceforge.net>
wrote:
Assuming the $500 certificate ensures that the signed Jmol java applet
will not be blocked (?), I suspect there are a number of organizations that
would be prepared to become sponsors...
Quoting Robert Hanson <hans...@stolaf.edu<mailto:hans...@stolaf.edu>>:
I direct the discussion to
https://blogs.oracle.com/java-platform-group/entry/new_security_requirements_for_rias
I believe this is the end of the unsigned Jmol Java applet along with
JSpecView and JME.
In addition, I'm pretty sure our free-be signing will not pass muster as a
"trusted authority":
RIAs must contain two things:
1. Code signatures from a trusted authority. All code for Applets and
Web Start applications must be signed, regardless of its Permissions
attributes.
2. Manifest Attributes
1. Permissions ? Introduced in 7u25, and required as of 7u51. Indicates
if the RIA should run within the sandbox or require full-permissions.
2. Codebase ? Introduced in 7u25 and optional/encouraged as of 7u51.
Points to the known location of the hosted code (e.g.
intranet.example.com<http://intranet.example.com/>)
<http://intranet.example.com<http://intranet.example.com/>>.
The latest upload of Jmol takes care of (2a). However, unless (2b) allows
Codebase: *
that's pretty much it for the signed applet as well. [Or maybe someone goes
into the business of making custom signed Jmol applets for people!]
Suggestions? Comments?
If deployment of the signed Jmol applet is of interest, we will need a
sponsor, because a certificate costs US$500/year. Let me know if you are
interested in being that sponsor.
At least we have a two-month lead on this (and I am headed for a visit with
RCSB on Sunday).
Bob
Dr. Jonathan H. Gutow
Chemistry Department
gu...@uwosh.edu<mailto:gu...@uwosh.edu>
UW-Oshkosh Office:
920-424-1326<tel:920-424-1326>
800 Algoma Boulevard
FAX:920-424-2042<tel:920-424-2042>
Oshkosh, WI 54901
http://www.uwosh.edu/facstaff/gutow
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Jmol-users mailing list
Jmol-users@lists.sourceforge.net<mailto:Jmol-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/jmol-users
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Jmol-users mailing list
Jmol-users@lists.sourceforge.net<mailto:Jmol-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/jmol-users
--
Robert M. Hanson
Larson-Anderson Professor of Chemistry
St. Olaf College
Northfield, MN
http://www.stolaf.edu/people/hansonr
If nature does not answer first what we want,
it is better to take what answer we get.
-- Josiah Willard Gibbs, Lecture XXX, Monday, February 5, 1900
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Jmol-users mailing list
Jmol-users@lists.sourceforge.net<mailto:Jmol-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/jmol-users
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk_______________________________________________
Jmol-users mailing list
Jmol-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jmol-users
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Jmol-users mailing list
Jmol-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jmol-users
