XML Save/Load bug fix...
This page describes several ways to work around the security error messages, which pop up anytime a VARNA applet is present on a page, and prevent Applet/WebStart versions of VARNA to operate on recent versions of Java.
This error message means that the authors of the downloaded code are unknown to a list of commercial companies that are deemed trustworthy by Oracle/Java (Verisign, Comodo, Thawte...). Despite what is stated in the misleading text, VARNA's code is signed by a third-party certificate issued by the French National Center for Scientific Research (Centre National de la Recherche Scientifique-CNRS). Despite arguably being one of the leading research institution in Europe, CNRS is unfortunately not one of the default certification authorities for Java, leading to VARNA's execution being refused.
Absolutely! As long as you download VARNA directly from the official site at http://varna.lri.fr, you are getting a malware/virus-free piece of software.
In the long term, we will most likely purchase a commercial certificate.
Until then, the following procedures will allow you to run VARNA:
java
, javaw
... executables. This means that one can download one of the JAR distributions of VARNA, and execute it directly as a Desktop application (by double clicking it from Explorer/Finder, or by running a command line of the sort java -jar VARNAxxx.jar
)
In so many words, one could possibly summarize the situation as: Oracle screwed up big time, tried to make up for it, and unfortunately killed non-commercial Java projects in the process.
To elaborate a bit, Java and its current promoter Oracle have much suffered recently from the discovery of many security flaws (or exploits) in the Java virtual machine. Due to its perceived inability to diagnose and fix the severe security hole(s) in reasonable time, Oracle has jeopardized Sun's hard earned reputation for reliability and safety. For this reason, they were facing the very real prospect of losing many of its commercial (paying) customers, who would have been equally affected by the lack of reliability of the JVM, and the decreasing trust in Java-related products.
Consequently, Oracle took the decision to make it mandatory for applets to be signed by a third-party commercial partner. This decision was possibly based on the rationale that whoever can be identified can also be located, held accountable, and is therefore less likely to commit a felony in the first place (e.g. use one of the remaining holes in Java VM to hack an unsuspecting user). That way, they must have reasoned that they would regain some of their clients' trust, and further increase the competitive advantage of their commercial JAVA developers (the ones that can afford a third-party certificate).
This policy is so wrong and hurtful, and on so many levels, that I could rant for ages about this many paragraphs, so I'll try to keep it simple: