GPSFileDepot.com
 

News:

Welcome to GPSFileDepot!

Main Menu

I cannot upload

Started by jbensman, July 16, 2013, 05:37:22 PM

Previous topic - Next topic

jbensman

I went to upload a new version of My Trails and I got a pop up message about Java (did not pay close attention) and selected don't warn me again.  Now the upload is not working.  The java thing that you use to upload does not start up and I don't get that warning message anymore.  It just goes to the upload page without the java application starting.

dbperry

what broswer / OS are you using? There is probably a java prompt setting that we can figure out to change to fix your broswer behavior
My custom KMZ map collection:
http://www.gpsfiledepot.com/maps/byuser/13384/

jbensman

Internet Explorer.  I've uploaded numerous times previous to this with no problem. 

Seldom

#3
My last upload (this morning) had a Java warning that the page might not be safe.  I ignored it and put my faith in -Oz-.  You might want to check your anti-virus settings.

dbperry

go to Control Panel then Java. There are a bunch of settings in there you could try changing (such as moving the security slider to medium). I can't see a setting that resets your previous answers to 'do you trust' types of questions.
My custom KMZ map collection:
http://www.gpsfiledepot.com/maps/byuser/13384/

jbensman

I tried lowering my Java security setting and it did not help.  The last time I uploaded was may 14.  Did something get changed?  Like I said, the first time it asked a question and I don't remember what I chose.  Now it does not answer the question any more.

jbensman

I decided to check it out on my laptop.  I got warnings telling me it was unsafe and could allow someone to access my computer.  It was even requiring me to check a box accepting responsibility for any breach of security.  After the previous problems with this site, I do not feel confortable allowing the access, particularly without some vefification the site has not been hacked again.  Is there a new version?  If so, can we go back to the old version.  Any other way I can get my new versions of My Trails on the site?

Seldom

Be nice if -Oz- or Indrid could comment on those safety warnings.  I checked the box and ignored the warnings because I thought I remembered a similar warning when I uploaded last year. 

dbperry

I'm not a moderator or author on this site, but here is what is going on. The Java applet that is used to upload our maps to the server is "jumploader" - a Java applet that is not written by Oz. It is available for free here: http://jumploader.com/

The code for the applet is on this website (gpsfiledepot.com) - that's how it can run here. However, Java has a security feature built into it (which the jumploader applet is forced to encounter, since it is running on Java). The security feature is designed to warn us, the end users, if a Java applet is running on a site and Java can't verify that the applet is from that site.

The process of verification of the applet is 'certificate signing.' A website owner (i.e. Oz) purchases a trusted certificate key from a "Certificate Authority (CA)" and then uses that certificate to 'sign' the Java applet. Then, when we run the applet, Java can verify that the applet belongs to this website. Essentially the process of certificate signing adds a layer of security that makes tampering or hacking of the Java applet easier to detect.

Apparently Oz has not purchased a certificate. So we are getting a warning from the Java program that tells us that Java can't verify that the applet (jumploader) is signed by the website we're on (gpsfiledepot.com). Therefore, Java is trying to warn us that there is some risk that the applet isn't what we are expecting (it could have been hacked) - Java can't guarantee that what we're going to run (after clicking the 'accept the risk" button) is the absolute same applet that is associated with this website.

The security warning is NOT a warning that the applet has been hacked or that anything bad is going on. It is simply a warning that Java (the program) can't verify that the applet (jumploader) has been signed by the website we are on (gpsfiledepot.com).

Certificates are REALLY expensive.
http://www.digicert.com/code-signing/oracle-java.htm
http://www.godaddy.com/ssl/code-signing-certificate.aspx
https://www.thawte.com/code-signing/content-signing-certificates/sun-java/index.html

Recent updates to Java have increased the 'scariness' of the warnings that come when Java is 'asked' to run an unsigned applet. See here:
http://www.oracle.com/technetwork/java/javase/tech/java-code-signing-1915323.html

So, the bottom line is:
1) Oz could buy a certificate and make the scary warning go away.
2) I think it is unrealistic for Oz to buy a certificate. Too expensive, and the problem isn't worth the price of the cure (for me).
3) The worst case scenario would be:
a) Someone creates a Java applet that is bad
b) That person hacks into this website and uploads their bad applet in place of 'jumploader'
c) We run what we think is jumploader, but it is actually the bad applet, and it does something bad to our computer.

To me, the risk is minimal because: the chances that someone hacks into the website to upload a bogus applet is minimal, but even if that were to happen, the chance that the applet can do something bad to my computer is minimal. Applets run in a 'sandbox' - which is a protected place which does not have access to the rest of your computer's operating system. There have been holes in the Java sandbox, which viruses can exploit, but the holes are typically plugged very rapidly by browser or Java updates. So the risk is minimal <to me> because I:
1) run my computer with a firewall
2) run good antivirus software which is up-to-date
3) frequently update my operating system ("windows update") (once a month)
4) frequently update Java (once a month)
5) frequently back up my data (at least once a week) to an external drive that is physically disconnected from my computer when not actually getting backup data (because I unplug it after running the backup ;)

Dave
The non-IT professional, who can't be sued when you do what I suggest and things go bad for you. If you're uncomfortable with something, don't do it. Also note that I don't say the risk is ZERO. So there is a risk you could blow up your computer, your TV, your refrigerator, and perhaps your garage door opener if something bad happens. Your move.
My custom KMZ map collection:
http://www.gpsfiledepot.com/maps/byuser/13384/

dbperry

jbensman (and everyone):

my previous ranting reminded me to remind you to make sure you are running the latest version of Java:

http://java.com/en/download/index.jsp

My custom KMZ map collection:
http://www.gpsfiledepot.com/maps/byuser/13384/

jbensman

Thanks that makes sense.  Any ideal how I get the message to warn me again so I can accept the risk?  I don't get the message anymore (just the first time when I checked the wrong button).

dbperry

That is odd.

See this page:
http://www.java.com/en/download/help/jcp_security.xml

The middle setting might be preventing you from running the applet, if your Java is old. But lowering it to the "Medium" setting should allow the applet to run - which you said doesn't work.

Is it possible that you disabled Java within Internet Explorer? Assuming you are using IE 9, see this page:
http://help.proctorcam.com/entries/22175352-How-to-Enable-Java-in-Internet-Explorer-9
and also see this:
http://www.chasms.com/chasms1/howdoi/disablejs/ie9jsW7.htm

My only other idea is to uninstall all versions of Java from your machine and reinstall the latest version only. See this page:
http://www.java.com/en/download/faq/remove_olderversions.xml

My custom KMZ map collection:
http://www.gpsfiledepot.com/maps/byuser/13384/

jbensman

I uninstalled Java and reinstalled it.  Now it works with no warnings.  Very strange.

-Oz-

#13
This is sadly very common with Java.  Ever since the massive viruses that got in via Java they tried to prevent it by requiring the user to approve everything  The applet needs to access your computer because that is where the files come from.  As mentioned, the certificates are extremely (prohibitively) expensive so that is why GPSFileDepot doesn't have one.  Depending on the version of Java sometimes you get one prompt asking you to allow an unverified publisher and sometimes you get that one plus one asking you if it can access your computer.

The applet hasn't changed in a very very long time.

UPDATE 20 FEB 2014: This limitation has been overcome as the uploader no longer uses java. Announcement
Dan Blomberg
Administrator - GPSFileDepot
GPS Units: Garmin Dakota 20, Garmin GPSMap 60csx, Nuvi 255W, Nuvi 250W, ForeRunner 110, Fenix 2, Tactix Bravo, Foretrex 401
See/Download My Maps!