From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id CDDA413800E for ; Sat, 1 Feb 2014 19:15:38 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9D18EE0A52; Sat, 1 Feb 2014 19:15:34 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8324EE09D5 for ; Sat, 1 Feb 2014 19:15:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id D6A5E33F7C3 for ; Sat, 1 Feb 2014 19:15:32 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: 3.611 X-Spam-Level: *** X-Spam-Status: No, score=3.611 tagged_above=-999 required=5.5 tests=[AWL=0.347, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, FSL_HELO_BARE_IP_2=1.767, NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_NUMERIC_HELO=0.865, RP_MATCHES_RCVD=-0.568, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PuhTuSfpAKlS for ; Sat, 1 Feb 2014 19:15:27 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id DBE2633F8AA for ; Sat, 1 Feb 2014 19:15:25 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1W9g2D-0000Lr-1s for gentoo-user@gentoo.org; Sat, 01 Feb 2014 20:15:21 +0100 Received: from 216.240.130.119 ([216.240.130.119]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 01 Feb 2014 20:15:21 +0100 Received: from w41ter by 216.240.130.119 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 01 Feb 2014 20:15:21 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: walt Subject: [gentoo-user] Re: The latest java plugin is a giant PITA Date: Sat, 01 Feb 2014 11:15:13 -0800 Message-ID: References: <5ca20c6cdee2fdad5733a645cd34cb1a.squirrel@www.antarean.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 216.240.130.119 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 In-Reply-To: <5ca20c6cdee2fdad5733a645cd34cb1a.squirrel@www.antarean.org> X-Archives-Salt: 82c949be-c14d-4fd0-9902-3b930de8a8a6 X-Archives-Hash: 2511f6642d8d464e9c9f04c3ee55acfc On 02/01/2014 10:30 AM, J. Roeleveld wrote: > On Sat, February 1, 2014 16:59, walt wrote: >> I admit that Oracle finally did something right by requiring a white-list >> of all java websites you want to use, but it's taken me all morning to >> understand how to do it. >> >> AFAICT, the only way to white-list a website is to use the Java Control >> Panel (jcontrol) and type the full URL including the http:// or preferably >> the https:// if you don't want a nag screen. >> >> For example, here's a site I visit every morning: >> >> http://www.goes.noaa.gov/goes-w.html which lets me watch a java-powered >> image loop of the weather over the Pacific Ocean. >> >> Now I click on the button to animate the image, and I get a pop-up saying >> that this untrusted website wants to do something awful and refuses to let >> it run java, period. No explanation of how I can 'trust' the website. >> >> How many people are going to figure out they need to run the Java Control >> Panel and manually add this site to the list of trusted sites? >> >> And, now that I've added "http://www.goes.noaa.gov" manually, I try the >> site again. >> >> Nope. The jar file I need is on a "different domain" (www.sdd.noaa.gov) >> so now I need to add that URL to the white list including http:// >> >> Now, I agree that they did it right from a security point of view, but >> jeez, they could have done the user interface a bit better. >> >> Or maybe they did it better and I haven't found it yet? > > If there is a better way, please let me know. > > The IPMI of my servers use a Java application to allow me to see the console. > The errors I got have included: > - You are using an old version, please upgrade > - This site is untrusted / certificate is wrong > - This java application is blocked > > The last one led me to a page actually showing me how to "fix" this. > > An easier way then to use the silly jconsole might be found in the > following location: > > ~/.java/deployment/security/ WTF? No XML? ;) > > HTH, Very much, thanks. > PS. If anyone knows how to get an SSL-certificate that is accepted by > this, please let me know. I don't think I understand the question. jconsole has a button marked "Manage Certificates", that's not what you want?