Problems with WebSDR

Thanks to Pieter, PA3FWM, today I have overcome the issues with the WebSDR system not working.  For anyone not familiar, the WebSDR is a Software-Defined Radio receiver connected to the internet, allowing many listeners to listen and tune it simultaneously.  It can be found at…..


But as of January this year, there have been some problems.  Oracle released Java 7 update 51, and with that update, using WebSDR receivers has become increasingly more difficult.  But thanks to Pieter, and a bit of jiggling around this morning, the system is working fine again now.

Please refer to the notes below…..

On January 14, 2014, Oracle released Java 7 update 51, and with that update using WebSDR receivers has become more difficult.

Cause and background

The WebSDR project has, since its beginning, used Java applets to play sound and show the waterfall display. These are so-called “unsigned” applets, which run in a restricted environment (called “sandbox”), where they cannot do any harm to your computer and thus are totally safe, in principle.
Java and this sandbox are made by Oracle, and apparently Oracle has trouble making this sandbox totally safe. These bugs can be exploited by malicious applets to harm your computer. In the latest Java release, they apparently gave up the hope of fixing all sandbox bugs; instead, they now make it as difficult as possible to run unsigned applets at all, both the malicious and the good ones.

Short-term solution

Fortunately, it still is possible to run unsigned applets, but only if you explicitly tell your computer from which websites applets should be accepted. So in order to use a WebSDR, you first have to add its URL to a list of acceptable Java sites. (Applets from other sites, including malicious ones, will still be blocked.)

On Windows/Mac, you can find this list by going to the system control panel or System Preferences and choosing Java (you may want to use the control panel’s search function); then choose the Security tab, and click on “Manage Site List”. Then there’s an “Add” button to add a URL to the list. Put the complete URL there, like , so including the http part.

On Linux/Solaris, open a terminal and type jcontrol there; then choose the Security tab, and the rest of the instructions are as for Windows/Mac.

More detailed instructions can be found here:

Longer-term solution

Of course, the above situation is pretty inconvenient. For the future, there are two options, assuming Oracle’s policy does not change:

  • Oracle now wants every applet to be “signed”. This means that the applet gets a cryptographic “signature” by which it can be verified that the applet was written by a specific person (e.g., me), so if you trust that person, you can trust the applet. Unfortunately, this signature apparently would cost me several hundred dollars/euros per year…
  • At my own WebSDR site at, I’m testing a WebSDR version which no longer needs Java but uses recent HTML5 features instead. There are still some problems with it, which is why I have not yet distributed this update to the other sites, but in due time, I will.
    However, it is not a total solution either: it doesn’t work on Internet Explorer, and generally not on older versions of browsers.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s