1995-07-28 - Re: Java, Netscape, OpenDoc, and Babel

Header Data

From: “Perry E. Metzger” <perry@imsi.com>
To: solman@MIT.EDU
Message Hash: d23c98bb22cee8a80ae8d78babf0dc6ac6035f50f7155e844566b10be298953d
Message ID: <9507281530.AA18869@snark.imsi.com>
Reply To: <9507281525.AA22734@ua.MIT.EDU>
UTC Datetime: 1995-07-28 15:30:53 UTC
Raw Date: Fri, 28 Jul 95 08:30:53 PDT

Raw message

From: "Perry E. Metzger" <perry@imsi.com>
Date: Fri, 28 Jul 95 08:30:53 PDT
To: solman@MIT.EDU
Subject: Re: Java, Netscape, OpenDoc, and Babel
In-Reply-To: <9507281525.AA22734@ua.MIT.EDU>
Message-ID: <9507281530.AA18869@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain



solman@MIT.EDU writes:
> I disagree for the simple reason that Java and Hotjava are not being
> treated as trusted code in their applications. Applets are tightly
> contrained in what they can do,

You are incorrect. Applets are DESIGNED to be tightly constrained in
what they do. You want to bet your career that there are no bugs in
the implementation of this design? The thing keeping you from opening
sockets or doing file-io is a very thin scrim. Are you *certain* that
it is bug free? I'm not.

> I've been looking at the Java code closely for a couple of months now, and
> I find it to be relatively clean in its implementation (Solaris version at
> least).

Are you willing to bet your career that its bug free? Thats my question.

> I think I'm actually more worried by far less powerful browsers
> whose code I don't approve of, like Mosaic.

Don't get me wrong -- Mosaic also bothers me, as does Netscape. Java,
however, gives me the willies.

> The vast majority of security problems result from the fact that
> most code has security added in AFTER coding starts. Java has been
> designed for excellent security from the very begining.

*designed*. Can you be certain that both the design and the
implementation are bug free?

I like systems that are more fail-safe. About half a dozen
simultaneous bugs would be needed to break some of my more secure
firewalls, for example. Java does *not* provide security in depth.

.pm





Thread