Page 1 of 1

Oracle bashes Java3D Community

Posted: 30.09.2011, 23:41
by bjoern
Maybe many Java user still do no know it: Oracle bought Sun, the inventor company of Java.

Many Java Developers were able to see already the first results: Dead links in different Java projects, many projects disappear suddenly or they are hidden in directories which are not regularly accessible. It seemed that Oracle bought Java without the intention to co-operate with the Java community. While Sun knew the reason of its large success, Oracle is too big to see an obviously too small Java community.

And now its ignorance reached a new level: On September 17th 2011, Oracle decided to provide only unsigned jars for the Java3D project, and maybe also for JOGL, JOAL and gluegen projects. The jars which once were signed with a Sun certificate were removed.

Then the user may say: Okay, then I use the unsecure libraries, it is not so important for me!

But there is a small problem: Java will not start these libraries anymore! It will fail, because Java says, these libraries are insecure. And this makes sense, because you do not want to have some strange programs on your machine were noone wants to be responsible for. And obviously Oracle does not want to be responsible for any jars on their web page.

So, what is the outcome of this new practice? Worldwide, thousands of Java3D projects does not run anymore. The users are confused and usually will put the blame on the developers. Some developers may first be unsecure what to do now.

What is the solution to this problem? Every developer has now to take care for the signing process on his own. He has to provide the full set of files, signed by his own certificates.

The orginal description as well as the solution to this problem is found here:

http://www.java.net/forum/topic/javades ... ent-818570

But in case Oracle moves once again this thread to another link, here a copy of the basic solution:
It's been several years since Oracle (previously Sun) stopped providing support for the open source Java3D projects. It was decided that keeping binaries signed with old Sun signing certificates represented a potential security risk, and because of this, we have removed the old Sun signing certificates for the binaries on download.java.net.

The jar files are still there and can be used, but must now be signed by third party developer(s) who wish to run Java 3D apps as applets or as Java Webstart applications.

If you wish to use Java3D in these modes, we recommend you follow these steps:

1) Download the following files:

The JNLP file for the Java 3D extension:
http://download.java.net/media/java3d/w ... 1.5.2.jnlp

The vecmath jar file:
http://download.java.net/media/java3d/w ... ecmath.jar

All Java 3D jar files in this directory:
http://download.java.net/media/java3d/w ... j3d/1.5.2/

2) sign all the jar files with your own signing certificate (or use self-signing).

3) host the jar files and jnlp file along with your application

4) update the jnlp file with the correct path name.

--
Kevin Rushforth
Oracle Corporation
Please keep in mind that you need to do the same with the JOGL files, which are only needed for Mac OS X. Download them here:

http://download.java.net/media/jogl/bui ... t-current/


CELLmicrocosmos Webstart

What is the impact on the CELLmicrocosmos project? From now on, the whole files are hosted together with the projects like the MembraneEditor on our server, so we do not rely anymore on the charity of an ignorant giant.


Summary

Let's sum up, why the original, jar-signed solution of Sun was better:
  • Every developer could use one address for the orginal JAVA files
  • There was a possibility for all Java3D projects to use the latest version directly, without updating the link each time
  • Thousand developers need now to provide some extra webspace for their projects
  • You can not be sure anymore that all Java3D developers use the same library, X extra versions may be created
  • This method is contrary to the vision of a community
Okay, there are thousand Java3D developers worldwide, and most of them will be or are already working in the industry or the academic sector. And many of them will have to think in the near future about which database is best for their company. So, maybe I am wrong, but which company might have the priority -10 on our list, hmm, let me guess again ...

Björn