WebSDR problem with the latest Java update
On January 14, 2014, Oracle released Java 7 update 51, and with that update
using WebSDR receivers has become more difficult.
[Note: this text does not apply if you use the HTML5 audio feature supported
by many WebSDR servers and many browsers. See below under "Long-term solution".]
Cause and background
The WebSDR project has, since its beginning, used Java applets to play
sound and show the waterfall display.
These are so-called "unsigned" applets, which
run in a restricted environment (called "sandbox"),
where they cannot do any harm to your computer and thus are totally safe, in principle.
Java and this sandbox are made by Oracle, and apparently Oracle has trouble making
this sandbox totally safe.
These bugs can be exploited by malicious applets to harm your computer.
In the latest Java release, they apparently gave up the hope of fixing all
sandbox bugs; instead, they now make it as difficult as possible to run unsigned applets at all,
both the malicious and the good ones.
Fortunately, it still is possible to run unsigned applets, but only if
you explicitly tell your computer from which websites applets should
So in order to use a WebSDR, you first have to add its URL to a list
of acceptable Java sites.
(Applets from other sites, including malicious ones, will still be blocked.)
you can find this list by going
to the system control panel or System Preferences and choosing Java (you may want to use the control panel's search function);
then choose the Security tab, and click on "Manage Site List".
Then there's an "Add" button to add a URL to the list.
Put the complete URL there, like http://websdr.ewi.utwente.nl:8901/ , so including the http part.
open a terminal and type jcontrol there;
then choose the Security tab, and the rest of the instructions
are as for Windows/Mac.
More detailed instructions can be found here:
And DK2RV wrote detailed instructions in German for Firefox here.
Alternatively, you can edit the file %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites by hand.
Of course, the above situation is pretty inconvenient.
For the future, there are two options, assuming Oracle's policy does not change:
- Signing the applets.
Oracle now wants every applet to be "signed".
This means that the applet gets a cryptographic "signature" by which it can
be verified that the applet was written by a specific person (e.g., me), so if you trust that
person, you can trust the applet.
Unfortunately, this signature apparently would cost me several hundred dollars/euros
Switching to HTML5 WebAudio.
After extensive testing at my own WebSDR site at http://websdr.ewi.utwente.nl:8901,
in July 2014 I distributed an update of the WebSDR software to all WebSDR operators
which no longer needs Java,
but uses recent HTML5 features instead.
However, this is not a total solution: it doesn't work on Internet Explorer,
and generally not on older versions of browsers.
If you have more questions about this, e-mail me at firstname.lastname@example.org.