Cgoban being blocked in a future Java security update?

[RBerenguel]

This deserves a new topic. Seems urgent to me.

Great job on the windows solution, snorri. Can somebody post a similar, step-by-step guide for osX?

Sadly, not all of us are tech wizards who already know about flags, exceptions, etc., so the solution needs to be written for computer DDK.

I hope my mac doesn't auto-upgrade java, though I wouldn't feel safe supressing updates for long.

Come to the rescue, WMS!

Open preferences (Apple menu on top left, for instance) select the Java icon, go to the security settings and follow add files.gokgs.com and/or goserver.gokgs.com (first one if you use Java Web Start and the second if you use the browser version) to the exception list. Save options, and you are ready to go.

[UnclMartin]

• WMS repackaged the client for Java Web Start, so this fix should no longer be necessary for users of that client. However, at the time I post this, the applet has not yet been repackaged. This fix is still needed for users of the applet.
• Following the instructions earlier in this thread, in order to run the applet, I entered the following two exceptions:
  • http://www.gokgs.com
  • http://goserver.gokgs.com
• Users who found they could run the web start client or the applet by lowering Java security should undo that change. Applet users should enter exceptions, as described in this thread.

The admins would like to know if there is a set of exceptions that works for everybody. If you find a set of exceptions mentioned in this thread does not work for you, but another does, please post that information if no one else has. Thank you.

Edit: I had not noticed that earlier messages in this thread did say that http://files.gokgs.com was needed for the Web Start client, while http://goserver.gokgs.com was needed for the applet. I edited this message. But, I still had to enter two exceptions just to run the applet.

[wineandgolover]

Open preferences (Apple menu on top left, for instance) select the Java icon, go to the security settings and follow add files.gokgs.com and/or goserver.gokgs.com (first one if you use Java Web Start and the second if you use the browser version) to the exception list. Save options, and you are ready to go.

Sigh, this is what I mean when I say instructions need to be idiot proof. In this case, I am the idiot. I followed the instructions and have the security tab open, but it isn't showing me a place to enter exceptions, at least not that my DDK computer skills can see. It is different than snorri's example. See the hidden pic below. How do I add the exceptions discussed? I am on the most recent OS X (10.9.1) and the java 7 update 45. Thanks.

Screen Shot 2014-01-20 at 1.07.42 PM.png (101.54 KiB) Viewed 38093 times

[UnclMartin]

The most recent version of Java 7 is update 51. As far as I know, the ability to add exceptions is not available with older versions.

[hyperpape]

Wms may have fixed the problem: https://plus.google.com/108736506961432085848. He also says he hopes to return to working on the HTML client soon.

[wineandgolover]

The most recent version of Java 7 is update 51. As far as I know, the ability to add exceptions is not available with older versions.

My Mac update is 45, and claims to be the current version and won't let me update it. Hidden pic follows. Any ideas? There is a chance I told it to skip an update, because I didn't want KGS to fail, but you'd think it would let me update manually.

Anyway, hopefully whatever WMS has done makes it a non-issue. Thanks.

Screen Shot 2014-01-21 at 9.58.32 AM.png (88.94 KiB) Viewed 17104 times

[UnclMartin]

It still is an issue for applet users with the most recent version of Java (7, update 51). In order to run the applet, they have to enter some exceptions as described earlier in this thread.

There is a web page that tests which version of Java someone has. It is at http://www.java.com/en/download/install ... =jre&try=1 . This tests the version used by the Java plug in. Another way to test which version is in use is to open a command window, and enter the command java -version

I once communicated with a user that got different results from those tests. Oracle recommends users have only one version of Java on their machines, and it should be a recent version of Java 7.


http://www.java.com/en/download/faq/rem ... rsions.xml

[Nyanjilla]

My Mac update is 45, and claims to be the current version and won't let me update it. Hidden pic follows. Any ideas? There is a chance I told it to skip an update, because I didn't want KGS to fail, but you'd think it would let me update manually.

So far as I know, that's the latest version for the Mac. But I can't check for myself because I haven't updated to Mavericks (still using AppleWorks--don't laugh).

[rottenhat]

None of this is working for me, I'm afraid - I've added every exception mentioned in this thread but both the client and the applet just hang while loading. Has anyone managed to get this working on OS X Mavericks with Java 7.51?

[xed_over]

None of this is working for me, I'm afraid - I've added every exception mentioned in this thread but both the client and the applet just hang while loading. Has anyone managed to get this working on OS X Mavericks with Java 7.51?

I using Mavericks, and java 1.7.0_45 and don't have any problems (except the usual problems, sound, font kerning, etc). Apple no longer provides Java out of the box -- I had to install it myself. (unless you did an upgrade to Mavericks, instead of new install -- then the OS installer probably tweaked some settings for you that disabled things)

And they don't seem to have a browser plugin for applets, so I had to downgrade to Java 6 for both running the applet and using Java Webstart (I had to find where the OS tweaked the java webstart settings and re-enable them)

Otherwise, I can run the cgoban jar just fine with either version of java on my new Mac. (except when I'm at work, I have to setup an ssh tunnel to my ISP because the corporate firewall has the port blocked)

[xed_over]

Oracle recommends users have only one version of Java on their machines, and it should be a recent version of Java 7.

That's just dumb. As a java developer, I have multiple versions of Java on my machine and use whichever one I need to use to get what ever job done that I'm working on at the time. You properly define JAVA_HOME and your PATH in which ever shell environment you're working in, and away you go.

[UnclMartin]

In this discussion, I am assuming "versions of Java" means "versions of Java Standard Edition."

In making that recommendation, Oracle realizes some developers might need to use older versions in order to debug software using older versions of Java. That is why they offer older versions for download. However, they warn that these older versions should not be used in production, since older versions have security issues.

About a year ago, there was a lot of publicity about serious security issues in Java. In fact, security experts, including some at the United States Department of Homeland Security, recommended disabling the Java plugin or removing Java from computers.

Although some developers might need to have more than one version, I think most users will not need to have more than one version. And having only a recent version is more secure.

[Bantari]

I wonder if most people who sit there and busily download all the newest versions for all the newest stuff they use even know what "security issues" really mean. And what exact security issues is the new versions of the new stuff fixing. Or if they even need it....

Just sayin'...

[uPWarrior]

I wonder if most people who sit there and busily download all the newest versions for all the newest stuff they use even know what "security issues" really mean. And what exact security issues is the new versions of the new stuff fixing. Or if they even need it....

Just sayin'...

1. Users do not need to know exactly what exploit was fixed on what version. Users should not need such technical expertise and, moreover, users might not even be able to know that as the source code is often proprietary.

2. That why these package should automatically update themselves, or at least ask you to. Recent versions of chrome and firefox already update some plugins to the latest version without asking the user (e.g. flash, probably java as well).

In case you are wondering what these security patches fix and the risks of running not up-to-date versions, the most severe usually allow remote code execution, which basically means "full" access to your machine. Others allow privilege escalation which might be even worse in some OS.

[UnclMartin]

None of this is working for me, I'm afraid - I've added every exception mentioned in this thread but both the client and the applet just hang while loading. Has anyone managed to get this working on OS X Mavericks with Java 7.51?

If it hangs while loading, without a dialog appearing (such as giving you a warning and asking if you want to continue), it is likely an unrelated problem.