cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1995-11-13 - Re: Java insecurity - long - argumentative - you are warned.

Header Data

From: anonymous-remailer@shell.portal.com
To: cypherpunks@toad.com
Message Hash: d87d41654d7e5257b10ebadd19612ed4011a9b9d6399e5ee4d60782490b8c436
Message ID: <199511110538.VAA18697@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1995-11-13 09:29:45 UTC
Raw Date: Mon, 13 Nov 1995 17:29:45 +0800

Raw message

From: anonymous-remailer@shell.portal.com
Date: Mon, 13 Nov 1995 17:29:45 +0800
To: cypherpunks@toad.com
Subject: Re: Java insecurity - long - argumentative - you are warned.
Message-ID: <199511110538.VAA18697@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 7 Nov 1995, Dietrich J. Kappe wrote:

> >>> While all this checking appears excruciatingly detailed, by the time
> >>> the byte code verifier has done its work, the Java interpreter can
> >>> proceed knowing that the code will run securely. Knowing these
> >>> properties makes the Java interpreter much faster, because it doesn't
> >>> have to check anything.
> >
> >Yikes!!  I'll leave this for someone else to address.  This sounds to me
> >like a variation on virus scanning.  I think that there are far more
> >reputable virus experts than I who can comment and expand on *flaws* with
> >that approach.
> 
> This "checking," as any comp-sci undergrad will tell you, amounts to solving
> the halting problem for the java interpreter. While this is possible for a
> finite state automata like the java interpreter (made more difficult by the
> fact that it can use the "net" for additional state), it is not even
> remotely feasable.

OK, so by saying that it is not "even remotely feasable", you're saying 
that any comp-sci undergraduate will say that it can't be done?  

That is what "not even remotely feasable" means, doesn't it??  I mean, 
even if Marketing wants this problem solved, that won't be enough?

> If you can write a checker that works in a reasonable amount of time, I'll
> write a turing machine simulator that'll do something nasty if the input
> machine halts. Then we'll split the fame and fortune for solving the 5 state
> Busy Beaver problem. Deal?

I'm sorry, I only work for T-shirt and mug contests. <grin>  That fifteen 
minutes of fame thingy, just isn't my cup of tea.



> Dietrich Kappe | Red Planet    http://www.redweb.com
> Red Planet, LLC| "Chess Space" | "MS Access Products" |  PGP Public Key
> 1-800-RED 0 WEB|    /chess     |       /cobre         | /goedel/key.txt
> Web Publishing | Key fingerprint: 8C2983E66AB723F9 A014A0417D268B84


Alice de 'nonymous ...

                                  ...just another one of those...


P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.

Thread