Blogging Roller: Dave Johnson on blogging, open source and Java

apache apachecon app apple asf atom atomprotocol atompub barcamprdu blogapps blogging businessblogging conferences family feeds foss general glassfish google humor ibm java javaone links linux mac microsoft movies music netbeans opensocial opensource photos politics rest roller rome rss socialnetworking socialsite socialsoftware sun triangle trianglebloggers vacation webdev webservices wiki

Main | Next day (Sep 23, 2002) »

Sunday Sep 22, 2002

Would this work?

Comments[0] 09:03AM Sep 22, 2002 by Dave in Roller

Maybe us bloggers should band together and buy Howard a certificate for Ekit? I wonder if that would solve the Ekit copy-and-paste problem?

Applet security redux

Comments[0] 08:07AM Sep 22, 2002 by Dave in Roller

OK, so I was wrong about about applet security. When I first tried Ekit, I found, as Russell did, that you cannot copy-and-paste into a Java applet from another application. I found that if you drop the applet jar, ekitapplet.jar in this case, into the trusted extensions directory of your Java Plugin JRE then copy-and-paste works fine. But then, I found that you cannot access the applet via JavaScript if the JavaScript is loaded from one place (rollerweblogger.org) and the applet is loaded from another place (my PC).

I have finally come upon a solution that is less expensive than paying the $200 plus $100/year to Thwaite for a digital certificate. I just put the following into my Java Plugin JRE's java.security file:

   grant codeBase "http://rollerweblogger.org/ekitapplet.jar" {
   permission java.security.AllPermission;
   }

Now, this is fine for me because I trust myself. But, for example, what if Anthony Eden was to ask his users to do this, substituting roller.anthonyeden.com for rollerweblogger.org in the above snippet? Anthony would be asking his users to trust in the following things:

Neither Howard Kistler, Dave Johnson, nor Anthony Eden have put malicious code in Ekit
An evil hacker will not break in to Anthony's site and replace ekitapplet.jar with malicious code

Is that too much to ask of Anthony's Roller users? If it is, then we need to buy a certificate for Ekit and hope that this one certificate would be good for all Roller users.

BTW, this is my first Ekit post using Mozilla.

J2EE Container Shootout

Comments[0] 06:49AM Sep 22, 2002 by Dave in Java

Here's an anecdote from the hallway, between sessions at InfoWorld's Web services conference. I was chatting with a CTO and a VC. Both told me they've never seen a buyer's market like this one. Vendors are being expected to trot out their wares and perform in bakeoffs. Buyers have the time and inclination to shop slowly and carefully. When the upturn comes, the CTO and VC told me, IT consumers will be a lot smarter and better-informed than they were during the tulip craze. If they're right, marketing bluster alone won't drive many sales in the current climate. [ John Udell, The 39 Steps]

The Triangle JUG is having one of these bakeoffs tomorrow night, the J2EE Container Shootout, September 23, 2000 at 6:30PM at the MCNC. BEA, JBoss, IBM, and Oracle will be there and if you are a Java developer in the Raleigh-Durham area, you should be there too.

This work is licensed under a Creative Commons License.
Copyright 2002-2007, David M Johnson (dave.johnson at rollerweblogger.org)

This is a personal weblog, I do not speak for my employer.