I wonder if there’s any possibility we could have a programme where by Sun endorse specific libraries with a certificate that would allow said libraries to be used without having to sign code?
What I’m getting at is, it would be a great boon to LWJGL and JOGL developers to not have to sign their applets and therefore not introduce the (still-scary) security warning before running an applet that relies on such libraries.
Cas 
Yes I agree!
(sidenote: you don’t have to sign JOGL applets, JOGL is available as an already signed extension)
Yes, that would be a improvement for java casual gaming. Nice loading screen and it would be leveled playing field with flash ;). Sun don’t care too much about web games, but that is a great idea and won’t cost sun any money, so it should be really easy to make a great improvement. I would say that slick2d would be nice to include as well.
@bienator
Correct me if I’m wrong but if you use a correctly signed native DLL such as LWJGL or JOGL, you will get a security dialog anyway, saying “Are you sure?”
Cas
sun signes the JOGL distribution with a certificate which is AFAIK on the whitelist of trusted certificates by default (I am not 100% sure but I can’t remember that i added sun to the list).
Just start one of the jogl demos or the gears applet (https://jogl-demos.dev.java.net/) you shouldn’t get a certificate warning dialog.
I’m getting a dialogue, guess at some point you decided to trust sun.
Version 3
Serial 15702595680581883913778518093312549937
Signature Algorithm SHA1withRSA
Issuer CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Validity Validity: [From: Thu Mar 30 02:00:00 CEST 2006,
To: Fri May 01 01:59:59 CEST 2009]
Subject CN="sun microsystems, inc", OU=javasoft, OU=Digital ID Class 3 - Netscape Object Signing, O="sun microsystems, inc", L=cupertino, ST=california, C=US
Signature 0000: 91 09 EF 93 B9 EF 42 C5 3B 31 3C 45 D8 95 4D 81 ......B.;1<E..M.
Java is open source try adding a whitelist mechanism + default entries to webstart and have ppl accept it during install. T’is implementation specific after all.
Anything within the JRE is automatically OK. JOGL is not part of JRE.
Despite JOGL being signed by Sun, it is still just a 3rd party application in the view of the JRE - and rightly so.
If Sun did have a certificate to sign jre-external applications with, that gets automatically signed, then that same certificate should be available to other providers than Sun - otherwise Sun gains an unfair advantage.
This however implies that Sun guarantees that this 3rd party application does not contain malicious code. Something I don’t think that Sun ever will unless they handle the entire code base.
So, in conclusion, I don’t see this happening.
Am I the only one who things this security warning is a good idea and boosts the trust in applets and the java platform as a whole? Actually I start to shiver thinking about what the various other browser plugins are allowed to without even asking for…
Well the security thing’s a great idea but there’s some rather common APIs that really don’t need it. Like JOGL and LWJGL for example. They just do 3D rendering. Sun could take a release, pore of the source a little, and slap a cert over it to make it effectively another optional part of the JRE like Swing etc. in Update 10.
Cas
Well, I certainly don’t agree - in fact, seeing a certificate that is signed by “sun microsystems, inc.” (yes, in freaking lowercase!!!) makes me all but certain that the thing is untrustworthy, because if Sun made Java, and Sun made this plugin, why the hell would it need to ask my permission to do something? Add to that the fact that the simple use of my graphics card is not the type of high risk operation that should require any sort of manual permission to be given. Which, of course, is irrelevant, since the security model in Java is such that there’s no way to fine-grain any sort of permissions to services (compare to, say, the Flash plug-in, which lets you allocate an applet a customizable amount of disk space, and decide specifically whether you want to give it microphone and camera access; and which, btw, in version 10, adds accelerated 3d graphics support to the player with - you guessed it - no warning at all, which is totally 100% reasonable and right).
Nobody should trust applets, ever, unless they specifically trust the people that made them, which for games is not generally going to be the case. To me, the idea that people should need to give 100% pwnage access to their computer in order for the game to get access to accelerated graphics is ridiculous, and goes against the entire idea of computer security; even if they’re just giving the OpenGL plugin access, they still should not be trained to click “Trust” whenever they play some random game. And as we know from what’s happened with Vista, people do get into the habit of just allowing everything when they’re forced to do it too often, to the point where if there’s an option, they’ll turn off the checks altogether.
In other words, I am fiercely in favor of Cas’ suggestion, I think it would significantly improve the user experience of Java games, and would leave trust dialogues to what should be their original purpose - pop up something when an application needs some unusual level of access to your computer, not when it just needs to draw some polygons.
Java has never crashed my windows system with a BSOD.
Jogl has, on several occasions. Not due to malicious intent by the program using it, just buggy code that did something i’m sure JOGL wasn’t expecting.
If it werent for that, i’d be strongly in favor of some of the more standard add-ons to be automtically accepted.
ah, I see this is possible but I really can’t remember that I did it.
Remember doing 3d still involves graphics drivers and it is still possible to get a blue screen on some OSes under certain conditions. This has nothing to do with the quality of the 3d lib which does the native binding and even can change over time. Putting signed 3d libs on the whitelist is like trusting all current and future driver implementations.
@LWJGL guys and others
why not doing a little bit lobby work and sign all graphics libraries with the same certificate? (aka signed by 3d Graphics Community) This would reduce the number of certificates the user would have to sign in his lifespan but would also increase the probability that he has to sign two certificates in the first app he launches.
… just an idea
a) it doesn’t solve the issue - it just decreases the issue, but it will happen at least once for a user
b) the signing entity would have to guarantee the validity of all code bases ? - at least thats whats implied by a cert.
c) a company needs to be the signing entity
yes, thats what i said + there is no perfect solution. Trusting foreign implementations by default is no option (the 3d libs on whitelist proposal).
yes the community would maintain the code bases
by law? I often sign self signed-stuff with my name. Nothing prevents you to sign with ‘3d Community’ or similar.
but yes it was just an idea…
IMO, this is a risk you’re signing on for any time you open a game. And if Flash is doing it anyways, Java can easily get away with it, since everyone will be assailed by sites and Flash ads that use their 3d drivers on a daily basis anyhow. Might as well follow along in Flash’s wake is what I’m thinking… The upshot is that if people have drivers that are really so bad that they are BSOD-ing their computers, they’ll need to be fixed ASAP or these people won’t even be able to go to Youtube without a crash. But again, this is going to happen with or without Java deciding to do it, so we might as well reap some of the benefits, no?
Unless maybe there’s something different about the way Flash is doing accelerated graphics that somehow makes it more safe? I don’t see how that’s possible, but…
I would like to also point out that this is not specifically in the realm of 3D drivers, which, btw, almost never ever bluescreen (in fact I haven’t seen a BSOD for several years now). It’s a way for Sun to extend Java’s functionality with endorsed 3rd party extensions and allow developers to access these extensions to Java without having to grant all privileges just do to it.
In the time it takes Sun to come up with a great big new API for this and that, trundling as it does through the preposterous tedium of a JSR, companies like Adobe just say, hm, this is what we need to make Flash loads better, let’s put it in the next release. Which is why Flash now dominates video delivery and shortly, 3D in the browser.
Cas
I have to admit I haven’t yet took a look flash but something tells me that you won’t have direct access to apis like OpenGL - if yes sorry but than Flash is the next ActiveX which was almost a synonym for maleware.
BUT I never said hardware acceleration is not possible or risky in general (see Direct3d/OpenGL java2d pipeline or JavaFX with hw accel backend). If its an implementation detail everything is ok but libraries which bind-java-to-native-code-outside-the-control-of-the-java-community break still the sandbox and the user should be notified.
my 2c…
And don’t forget, Sun is still a server && enterprise company possible security exploits in java would harm sun far more than security problems in adobe’s flash.
I think the fact that some APIs are really absolutely benign - such as OpenGL for example - means they are quite capable of living within the sandbox and being entirely safe.
Cas