Hi Andreas. > Hello, server operators, > > as you know, there are presently severe Java security problems. This could be > a > legitimate request for help, but this could also be a trap. > > I warn people to run any Java applets (including this one), unless they > understand the current thread and have taken proper precautions. I did not run > it myself.
I am aware of the Java recent problems, but there are as well severe security problems with windows, IE, firefox, chrome, (name your favority OS or program)... So, I am not convinced that we should stop using Java, because it offers resources not available in other tools... > I am also not so sure how a Java applet could possibly check whether NTPD is > installed on the local computer (where the browser runs). I have written a few > Java applets myself. It's been a while, but as far as I remember, Java applets > are /not/ normally allowed to contact network sockets on the browser's local > computer. Yes, they are allowed to open sockets, TCP or UDP, but the applet must be digitally signed to be able to do that. It's because of this capacity that some "speed test" websites use java applets (search, for example, for the US FCC broadband speed test). The ntp.br applet don't use sockets. It runs a local command, and yes, signed Java applets can also do that. > I could think of several easy ways to verify NTPD installation, e.g., a simple > ntpdq call or checking logs. > > Maybe Antonio can briefly describe what the applet does and how it works? Yes I can. Basically, the applet runs "ntpq -np" and if it suceed it pass the result to a javascript on the page, that analyses the result and give the messages explaining them for the end user. It is very easy for us, that have tech background, to run "ntpq", or check logs. But it isn't so easy for the generic Internet user, that is who we are trying to reach with this tool. Someone already pointed me the alternative to ask the user to run manually the command, copy and paste the result in a website that could analyse it. It is a good idea and maybe I will try that for those that don't want to use Java applets. But the one click option (applet) seems easier and for now we are trying that. Regards, Moreiras. > > Regards and watch out > > Andreas > _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
