I went to upload a new version of My Trails and I got a pop up message about Java (did not pay close attention) and selected don't warn me again. Now the upload is not working. The java thing that you use to upload does not start up and I don't get that warning message anymore. It just goes to the upload page without the java application starting.
what broswer / OS are you using? There is probably a java prompt setting that we can figure out to change to fix your broswer behavior
Internet Explorer. I've uploaded numerous times previous to this with no problem.
My last upload (this morning) had a Java warning that the page might not be safe. I ignored it and put my faith in -Oz-. You might want to check your anti-virus settings.
go to Control Panel then Java. There are a bunch of settings in there you could try changing (such as moving the security slider to medium). I can't see a setting that resets your previous answers to 'do you trust' types of questions.
I tried lowering my Java security setting and it did not help. The last time I uploaded was may 14. Did something get changed? Like I said, the first time it asked a question and I don't remember what I chose. Now it does not answer the question any more.
I decided to check it out on my laptop. I got warnings telling me it was unsafe and could allow someone to access my computer. It was even requiring me to check a box accepting responsibility for any breach of security. After the previous problems with this site, I do not feel confortable allowing the access, particularly without some vefification the site has not been hacked again. Is there a new version? If so, can we go back to the old version. Any other way I can get my new versions of My Trails on the site?
Be nice if -Oz- or Indrid could comment on those safety warnings. I checked the box and ignored the warnings because I thought I remembered a similar warning when I uploaded last year.
I'm not a moderator or author on this site, but here is what is going on. The Java applet that is used to upload our maps to the server is "jumploader" - a Java applet that is not written by Oz. It is available for free here: http://jumploader.com/
The code for the applet is on this website (gpsfiledepot.com) - that's how it can run here. However, Java has a security feature built into it (which the jumploader applet is forced to encounter, since it is running on Java). The security feature is designed to warn us, the end users, if a Java applet is running on a site and Java can't verify that the applet is from that site.
The process of verification of the applet is 'certificate signing.' A website owner (i.e. Oz) purchases a trusted certificate key from a "Certificate Authority (CA)" and then uses that certificate to 'sign' the Java applet. Then, when we run the applet, Java can verify that the applet belongs to this website. Essentially the process of certificate signing adds a layer of security that makes tampering or hacking of the Java applet easier to detect.
Apparently Oz has not purchased a certificate. So we are getting a warning from the Java program that tells us that Java can't verify that the applet (jumploader) is signed by the website we're on (gpsfiledepot.com). Therefore, Java is trying to warn us that there is some risk that the applet isn't what we are expecting (it could have been hacked) - Java can't guarantee that what we're going to run (after clicking the 'accept the risk" button) is the absolute same applet that is associated with this website.
The security warning is NOT a warning that the applet has been hacked or that anything bad is going on. It is simply a warning that Java (the program) can't verify that the applet (jumploader) has been signed by the website we are on (gpsfiledepot.com).
Certificates are REALLY expensive.
http://www.digicert.com/code-signing/oracle-java.htm
http://www.godaddy.com/ssl/code-signing-certificate.aspx
https://www.thawte.com/code-signing/content-signing-certificates/sun-java/index.html
Recent updates to Java have increased the 'scariness' of the warnings that come when Java is 'asked' to run an unsigned applet. See here:
http://www.oracle.com/technetwork/java/javase/tech/java-code-signing-1915323.html
So, the bottom line is:
1) Oz could buy a certificate and make the scary warning go away.
2) I think it is unrealistic for Oz to buy a certificate. Too expensive, and the problem isn't worth the price of the cure (for me).
3) The worst case scenario would be:
a) Someone creates a Java applet that is bad
b) That person hacks into this website and uploads their bad applet in place of 'jumploader'
c) We run what we think is jumploader, but it is actually the bad applet, and it does something bad to our computer.
To me, the risk is minimal because: the chances that someone hacks into the website to upload a bogus applet is minimal, but even if that were to happen, the chance that the applet can do something bad to my computer is minimal. Applets run in a 'sandbox' - which is a protected place which does not have access to the rest of your computer's operating system. There have been holes in the Java sandbox, which viruses can exploit, but the holes are typically plugged very rapidly by browser or Java updates. So the risk is minimal <to me> because I:
1) run my computer with a firewall
2) run good antivirus software which is up-to-date
3) frequently update my operating system ("windows update") (once a month)
4) frequently update Java (once a month)
5) frequently back up my data (at least once a week) to an external drive that is physically disconnected from my computer when not actually getting backup data (because I unplug it after running the backup ;)
Dave
The non-IT professional, who can't be sued when you do what I suggest and things go bad for you. If you're uncomfortable with something, don't do it. Also note that I don't say the risk is ZERO. So there is a risk you could blow up your computer, your TV, your refrigerator, and perhaps your garage door opener if something bad happens. Your move.
jbensman (and everyone):
my previous ranting reminded me to remind you to make sure you are running the latest version of Java:
http://java.com/en/download/index.jsp
Thanks that makes sense. Any ideal how I get the message to warn me again so I can accept the risk? I don't get the message anymore (just the first time when I checked the wrong button).
That is odd.
See this page:
http://www.java.com/en/download/help/jcp_security.xml
The middle setting might be preventing you from running the applet, if your Java is old. But lowering it to the "Medium" setting should allow the applet to run - which you said doesn't work.
Is it possible that you disabled Java within Internet Explorer? Assuming you are using IE 9, see this page:
http://help.proctorcam.com/entries/22175352-How-to-Enable-Java-in-Internet-Explorer-9
and also see this:
http://www.chasms.com/chasms1/howdoi/disablejs/ie9jsW7.htm
My only other idea is to uninstall all versions of Java from your machine and reinstall the latest version only. See this page:
http://www.java.com/en/download/faq/remove_olderversions.xml
I uninstalled Java and reinstalled it. Now it works with no warnings. Very strange.
This is sadly very common with Java. Ever since the massive viruses that got in via Java they tried to prevent it by requiring the user to approve everything The applet needs to access your computer because that is where the files come from. As mentioned, the certificates are extremely (prohibitively) expensive so that is why GPSFileDepot doesn't have one. Depending on the version of Java sometimes you get one prompt asking you to allow an unverified publisher and sometimes you get that one plus one asking you if it can access your computer.
The applet hasn't changed in a very very long time.
UPDATE 20 FEB 2014: This limitation has been overcome as the uploader no longer uses java. Announcement (http://forums.gpsfiledepot.com/index.php/topic,3642.0.html)