Java Timer, swing

[Andrew Thompson]

When I absolutely HAVE to use an applet
then I code to the 1.1 standard.

Given you are very much geared toward providing
server side functionality Sudsy, makes me wonder
if your applets are primarily aimed to be the UI
that calls the servlet..?

It becomes more difficult when you *have*
to replace String.split(), XMLEncoder,..
as opposed to simply 'get a servlet to do
it and throw the results in an applet'

..So crucify me!

And this time, hopefully, nobody is gonna'
have to nail anybody to anything.. ;-)

 

[Thomas Weidenfeller]

They *can't* update their Java implementation. The decision Sun got in court
decided that. As a result, Microsoft is unable to provide a Java
2-compatible JVM because *Sun won't let them*.

That sounds very much like rewriting history. Sun first asked Microsoft
to remove the incompatible changes. MS didn't comply. So Sun went to
court. What else should Sun have done? Let MS get away with it?

And I bet for the money MS finally had to pay to Sun, Sun would have
been more than happy to grant Microsoft the right to distribute a
*compliant* VM.

All it would have taken by MS would have to be compliant with the
license. MS refused to honor what they signed. I would hardly call that
"Sun won't let them". Sun let them, they sold MS a license. MS didn't
play by the rules.

Microsoft's interest in Java and in their customers using Java is zero.
Their attempt to to embrace and extend Java failed, and they shifted
their attention to C# and .NET. The current situation suits MS very
much. It gives them another argument to tie users and developers in to
their own technology.

They were ordered not to change their JVM (except for bug fixes and security
patches) by the courts at *Sun's request*.

No, they were first asked to fulfill their obligation according to the
license they signed. They didn't do that, so Sun stopped them.

Now you're advocating that they
should violate the court order to produce a Java 2-compatible JVM?

I am advocating that

a) Microsoft buys a new Java licenses from Sun

b) Microsoft produces a VM legally compliant to the license, and

c) technically compatible with Sun's reference implementation.

d) Microsoft ships that VM

e) Microsoft gives up their silly games to push their own stuff,
neglecting their users

 

[Sudsy]

Given you are very much geared toward providing
server side functionality Sudsy, makes me wonder
if your applets are primarily aimed to be the UI
that calls the servlet..?

Very astute! Yes, I do focus on the server side. I try to utilize
basic HTML functionality on the browser side; the ultimate thin
client, if you will. But even my Java applications tend to use
the AWT rather than Swing. I fail to see the need to duplicate the
Windoze look-and-feel, what with combo boxes and all. I remain
unconvinced that the extra bells and whistles contribute to
increased efficiency. I believe that you can create an attractive
and functional GUI with relatively few component classes.
But that's just the coffee talking... ;-)

 

[Thomas G. Marshall]

Verisign is $400 US a year. Certum is $147 which in most domains
would be considered relatively cheap.

/All/ of this pricing seems insane.

 

[Roedy Green]

/All/ of this pricing seems insane.

In theory capitalism should have taken care of the problem. Anyone
could set up a certificate issuing company in his garage and sell the
on the net.


Yet, I could give them away free, but few would use them, why?

1. my root cert is not built into cacerts. I don't have the clout or
bribe funds to get it there.

2. I have no reputation greater than my customers for trust.

3. Verisign does not want me competing. You would need 26 companies
before you got true competition according to Axelrod in The Evolution
of Co-Operation. If I started to succeed they would buy me out or do
something to put me out of business.

The problem is the standard failure of capitalism -- monopoly. Even
Baltimore was buying out the competition before it disappeared.
Verisign bought out Thawte.

Busting this monopoly could be done three ways:

1. get rid of the monopoly-friendly Bush administration.

2. Let the technology loose into the public domain so that _anyone_
could set up a company to compete. For a simple code signing cert,
this is far from rocket science.

3. Make it simpler to buy a cert than from Verisign. Be just as
rigid.


The problem with doing this is you could, Sampson-like, destroy the
entire system in the process, since without the reputation of the
vendor, the cert really means nothing. If you muddy things so that
people don't understand that, you dilute all certs. However, Verisign
could be counted on to deal with that education.

 

[Grant Wagner]

All it would have taken by MS would have to be compliant with the
license. MS refused to honor what they signed. I would hardly call that
"Sun won't let them". Sun let them, they sold MS a license. MS didn't
play by the rules.

Sun let them, they violated the license agreement, they went to court.

The court decided that Microsoft can not update their JVM.

Now you advocate that Microsoft produce a Java 2-compatible VM. They can not do
that because the sequence of events laid out above resulted in Sun (okay, the
court, at Sun's bequest) not letting them produce a Java 2-compatible VM.

No, they were first asked to fulfill their obligation according to the
license they signed. They didn't do that, so Sun stopped them.

Sun stopped them by going to court and obtaining a decision that says Microsoft
can no longer update their VM. If Microsoft attempted to produce a Java
2-compatible VM at this point in time, they would be in violation of that court
decision.

I am advocating that

a) Microsoft buys a new Java licenses from Sun

Sun won't license Java to Microsoft.

b) Microsoft produces a VM legally compliant to the license, and

If Sun won't license Java to Microsoft, Microsoft can't do anything compliant to
the non-existent licensing.

c) technically compatible with Sun's reference implementation.

If Microsoft doesn't produce a VM because they can't obtain a license to do so, it
can't be technically compatible with anything.

d) Microsoft ships that VM

I'm sure if Microsoft were actually able to license Java from Sun, produce a VM
compliant with the license that is technically compatible with Sun's reference
implementation, they would ship it. After going to that much expense and effort I
doubt they'd sit on it.

Of course, Sun won't license Java to Microsoft, so the entire argument is moot and
it's Sun's fault that at this point in time Microsoft has no Java 2-compatible VM.

e) Microsoft gives up their silly games to push their own stuff,
neglecting their users

Why should they have to give up pushing their own stuff?

Why doesn't Sun give up Java and embrace Flash in place of applets and ColdFusion
in place of Servlets? According to Macromedia "With ColdFusion MX, you can build
and deploy powerful web applications and web services with far less training time
and fewer lines of code than ASP, PHP, and JSP."

So by playing silly games to push Java, Sun is neglecting their users who could be
more productive with ColdFusion.

 

[Roedy Green]

2. Let the technology loose into the public domain so that _anyone_
could set up a company to compete. For a simple code signing cert,
this is far from rocket science.

see http://mindprod.com/projects/rootcertinstaller.html
for how you would get root certs from the little guys installed in
cacerts. This is the crucial piece.

To start, you might just work to help Certum compete by getting its
roots in cacerts universally.

 

[Steven J Sobol]

The problem with Centrum is they don't have the political clout with
Sun to get their roots installed automatically in cacerts.

That is what you pay for really, possibly some sort of bribe. It is to
Verisign's advantage to keep that list as short as possible.

I sell certificates chained with Valicert's CA - wwww.valicert.com -
does anyone know off the top of their head whether the Valicert CA is
included?

 

[Roedy Green]

I sell certificates chained with Valicert's CA - wwww.valicert.com -
does anyone know off the top of their head whether the Valicert CA is
included?

no.

 

[Liz]

see http://mindprod.com/projects/rootcertinstaller.html
for how you would get root certs from the little guys installed in
cacerts. This is the crucial piece.

To start, you might just work to help Certum compete by getting its
roots in cacerts universally.

A cert for someone you never heard of from a company you never heard
of seems like it has little value (at least to me.) I am even
suspicious of certs issued by Microsoft for Microsoft ever since
all those spams a few months back that pretended to be from Microsoft
but weren't. I really dislike it when some web page tries to force
something down my throat, but if it says to go to xyz to get your
own copy then it is more tolerable.

 

[Steven J Sobol]

no.

Here's another option. I have a program which downloads a keystore via
HTTP. The keystore contains the SSL certificate for a site that the program
needs to connect to (it communicates using XMLRPC over HTTPS). I can post
my code somewhere and put it in the public domain if anyone would like to
use it.