1995-07-28 - Re: Java, Netscape, OpenDoc, and Babel

Header Data

From: solman@MIT.EDU
To: perry@piermont.com
Message Hash: e2fff6da27ccac7b3cb01f757427bce255139a285e7b78a1abfe7838fabd78d5
Message ID: <9507281615.AA23005@ua.MIT.EDU>
Reply To: <9507281530.AA18869@snark.imsi.com>
UTC Datetime: 1995-07-28 16:16:00 UTC
Raw Date: Fri, 28 Jul 95 09:16:00 PDT

Raw message

From: solman@MIT.EDU
Date: Fri, 28 Jul 95 09:16:00 PDT
To: perry@piermont.com
Subject: Re: Java, Netscape, OpenDoc, and Babel
In-Reply-To: <9507281530.AA18869@snark.imsi.com>
Message-ID: <9507281615.AA23005@ua.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Thus spake Perry:
|> solman@MIT.EDU writes:
|> > I disagree for the simple reason that Java and Hotjava are not being
|> > treated as trusted code in their applications. Applets are tightly
|> > contrained in what they can do,

|> You are incorrect. Applets are DESIGNED to be tightly constrained in
|> what they do. You want to bet your career that there are no bugs in
|> the implementation of this design? The thing keeping you from opening
|> sockets or doing file-io is a very thin scrim. Are you *certain* that
|> it is bug free? I'm not.

What's with the facetious questions? Only an idiot would guarantee a piece
of software to be error free. I am highly confident that there is very
little probability of a raider applet doing significant damage. That's as
much as I can say of any of of any of the systems I use... and its saying
alot given that the thing is executing code it pulls off the net. Is there
still room for cleaner code? Definitely, and I think we'll see some of it
as Java goes Beta and then production.

|> I like systems that are more fail-safe. About half a dozen
|> simultaneous bugs would be needed to break some of my more secure
|> firewalls, for example. Java does *not* provide security in depth.

I think that the high level architecture of Java provides as much security
as such a product can possibly provide. By the time Java becomes widely
distributed (it is still in Alpha3), I expect it to have features that deny
access to any applet not signed by somebody in a list the user creates, a
sort of web of trust. On top of this layer, Java already offers rudimentary
firewalls. The combination of these layers should be quite effective.

Of course, Netscape will probably find a way to screw their implementation
up :)

JWS





Thread