http://www.jnext.org/sphp501/index.php http://www.jnext.org/sphp501/index.php?entry=entry100514-113627
Kerry, this is for you :-)

Hi Kerry,

Thanks for the encouraging feedback. The fact is that its been a long time that I haven't developed JNEXT due to other projects taking too much of my time. However, I really do want to continue the development.
The security infrastructure can take JNEXT to the level where it can be safely used on any Web site. I spent a lot of time trying to think of the ways in which the security design can be compromised and it seems as though all the angles have been covered. However, more scrutiny is required and the development involved would take quite a bit to complete in my spare time, so I'm sort of waiting until something changes - i.e either someone capable with enough time will want to help out or I suddenly get very rich and will be able to put in the time this project deserves. Until either of these occur, I'm afraid that progress will continue to be slow.

All the best,
Amnon

---------------------
Subject: JNEXT ver 1.0.9?

On Thursday, May 13, 2010, 04:05 PM, Kerry wrote:

I was wondering if you still plan on developing the next version of JNEXT (with the security attributes you mentioned would be in 1.0.9).

I think this is a great concept and hope you haven't gotten discouraged...

Thanks for your reply,

Kerry]]> http://www.jnext.org/sphp501/index.php?entry=entry081219-003940
The minor versions will include some cool examples of using JavaScript with UDP and perhaps some additional plugins.

In a nutshell, for anyone who is interested - the Web security is achieved using a backend utility that creates a signed file of various dependencies and signed digests of the site that requires real time verification by the JNEXT client. The JNEXT client when accessing this site in real time does not enable any native operation until the current page contents and CSS/script dependencies has been verified to be authentic.

The server backend utility has been completed and what is left is the non-trivial task of building the real-time JNEXT client side security mechanism.

It's quite a challenge, but its also a lot of fun and considering the ease at which site developers will be able to combine JavaScript with TCP,UDP,SQLite,Files and any other extension plugins gives enough motivation to meet the challenges...

]]> http://www.jnext.org/sphp501/index.php?entry=entry081125-214616
The past couple of weeks I've been laying the infrastructure for the PKI based security system for enabling JNEXT to safely run on public Web sites.

Work is currently being done on the JNEXT security backend - the idea being the a Webmaster will be able to run a utility which will automatically pre-process the site being launched and create the necessary signatures that the client JNEXT engine will process at runtime (surftime...) and on which decision will be made of whether to enable JNEXT based on whether the javascript code on the site has been compromised.

Completing the back end and the client side security framework takes quite a bit of work - I expect the new version of JNEXT containing this functionality will be complete sometime in January 2009 - so there will be a bit of silence on this blog until then - but don't get the wrong impression: JNEXT is growing and maturing every day and my ambitions for its use are of megalomanic proportions... :-)



]]> http://www.jnext.org/sphp501/index.php?entry=entry081108-232738
]]> http://www.jnext.org/sphp501/index.php?entry=entry081106-203638
Since at this point, there are not many people actively involved in developing JNEXT, my dilemma is whether to spend more time researching how to make JNEXT's security watertight or to forget about Web deployment for now, define JNEXT as a tool for rapid application development and concentrate on creating cool extensions for it.

Anyone care to comment ? ]]> http://www.jnext.org/sphp501/index.php?entry=entry081023-223552
However, once completed, this framework will have the potential to change the way we think about what Web sites can do.

As always, good technology is never enough, and so the next step (which I intend to start implementing with the next release) is to make sure that installing and using JNEXT by both Web users and Web site developers will be ridiculously simple, extremely appealing and uncompromisingly secure. To this effect, cool sample RIA via JNEXT applications will be added to jnext.org and client and server side installation and management will be much simpler and more user friendly.

There's plenty to do so I'll stop blabbing now and get to work...
]]> http://www.jnext.org/sphp501/index.php?entry=entry081020-192838
The basic idea is as follows: Any Web site that runs JavaScript code that makes use of JNEXT, will have to sign that code with its private key, and make it's corresponding X509 certificate available for download by the JNEXT client. The JNEXT plugin will verify that the JavaScript code matches the signature, using the Web site certificate and the locally stored root certificate of the CA that issued the Web site certificate.

If the root certificate of the Certificate Authority, the Web site certificate, the JavaScript code and the JavaScript code signature are inconsistent, then JNEXT will not allow the JavaScript code from that page access to native code via JNEXT extensions.

]]> http://www.jnext.org/sphp501/index.php?entry=entry080923-230731
I've verified that the new JavaScript TCP/UDP socket samples work on IE,Firefox,Google Chrome and Opera

As always, full sources are available for download as well

Enjoy... :-)


]]> http://www.jnext.org/sphp501/index.php?entry=entry080920-212934
For the impatient, you can compile the latest sources by downloading them via bzr from http://jnext.org/core

I've also added a link so you can view the latest JNEXT development updates (just click the JNEXT commit history link to your right).]]> http://www.jnext.org/sphp501/index.php?entry=entry080918-205250
There's just one more thing I wish to complete before starting this, and that is adding a UdpSocket class to the Sockets library - this way the sample can be extended to show how to use both TCP and UDP sockets from JavaScript. I will be releasing this as an update to 1.0.8 and not as a new JNEXT version.

]]>