1996-04-27 - Re: The Joy of Java

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Scott Brickner <sjb@universe.digex.net>
Message Hash: 017feeae39cc8171a021a93c40a637a512d4e01434038296d8119e491a8aa090
Message ID: <199604270025.UAA01602@jekyll.piermont.com>
Reply To: <199604262131.RAA13066@universe.digex.net>
UTC Datetime: 1996-04-27 06:53:33 UTC
Raw Date: Sat, 27 Apr 1996 14:53:33 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Apr 1996 14:53:33 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: The Joy of Java
In-Reply-To: <199604262131.RAA13066@universe.digex.net>
Message-ID: <199604270025.UAA01602@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Scott Brickner writes:
> Unfortunately, this last statement isn't really true.  To quote from the
> "Java Security" paper from some Princeton researchers:
> 
>     The Java language has neighter a formal semantics nor a formal
>     description of its type system.  We do not know what a Java program
>     means, in any formal sense, so we cannot reason formally about Java
>     and the security properties of the Java libraries written in Java.
>     Java lacks a formal description of its type system, yet the security
>     of Java relies on the soundness of its type system.

I will point out that complete formal semantics exist for other,
perfectly practical to use languages, like Scheme.

>     We conclude that the Java system in its current form cannot easily
>     be made secure.  Significant redesign of the language, the bytecode
>     format, and the runtime system appear to be necessary steps toward
>     building a higher-assurance system. . . . Execution of remotely-
>     loaded code is a relatively new phenomenon, and more work is
>     required to make it safe.
> 
> I do think that the ideas embodied in Java are very important, and will
> significantly shape the future of computing, but Java itself may be just
> a stepping stone on the way.

I go further. Java, as envisioned, cannot be made secure. It is too
powerful a language. Furthermore, it is unnecessary for the tasks that
it is used for, which are basically adding fancy wacky graphics and
simple applications and such to web pages.

Perry

Thread

• Return to April 1996

• Return to May 1996

• Return to “Alex Strasheim <cp@proust.suba.com>”
• Return to “Dan Busarow <dan@dpcsys.com>”
• Return to “mpd@netcom.com (Mike Duvos)”
• Return to “mrm@netcom.com (Marianne Mueller)”
• Return to ““Perry E. Metzger” <perry@piermont.com>”
• Return to “s1113645@tesla.cc.uottawa.ca”
• Return to “sameer@c2.org”
• Return to “Scott Brickner <sjb@universe.digex.net>”
• Return to “Simon Spero <ses@tipper.oit.unc.edu>”
• Return to “Victor Boyko <vboykod@eldorado.stern.nyu.edu>”

• Return to “Wei Dai <weidai@eskimo.com>”

• 1996-04-26 (Fri, 26 Apr 1996 19:33:55 +0800) - The Joy of Java - mpd@netcom.com (Mike Duvos)
  • 1996-04-27 (Sat, 27 Apr 1996 09:55:07 +0800) - The need for coderpunks - s1113645@tesla.cc.uottawa.ca
  • 1996-04-27 (Sat, 27 Apr 1996 14:44:09 +0800) - Re: The Joy of Java - Scott Brickner <sjb@universe.digex.net>
    • 1996-04-27 (Sat, 27 Apr 1996 14:53:33 +0800) - Re: The Joy of Java - “Perry E. Metzger” <perry@piermont.com>
      • 1996-04-27 (Sat, 27 Apr 1996 17:07:15 +0800) - Re: The Joy of Java - sameer@c2.org
        • 1996-04-27 (Sat, 27 Apr 1996 14:55:22 +0800) - Re: The Joy of Java - Scott Brickner <sjb@universe.digex.net>
          • 1996-04-27 (Sat, 27 Apr 1996 15:17:45 +0800) - Re: The Joy of Java - “Perry E. Metzger” <perry@piermont.com>
            • 1996-04-28 (Sun, 28 Apr 1996 14:47:04 +0800) - Re: The Joy of Java - mrm@netcom.com (Marianne Mueller)
              • 1996-04-28 (Sun, 28 Apr 1996 14:58:04 +0800) - Re: The Joy of Java - “Perry E. Metzger” <perry@piermont.com>
                • 1996-04-28 (Sun, 28 Apr 1996 15:06:32 +0800) - Re: The Joy of Java - mrm@netcom.com (Marianne Mueller)
                  • 1996-04-28 (Sun, 28 Apr 1996 19:12:23 +0800) - Re: The Joy of Java - “Perry E. Metzger” <perry@piermont.com>
                    • 1996-04-29 (Mon, 29 Apr 1996 09:22:23 +0800) - Re: The Joy of Java - Alex Strasheim <cp@proust.suba.com>
                      • 1996-04-29 (Mon, 29 Apr 1996 11:22:50 +0800) - Re: The Joy of Java - mpd@netcom.com (Mike Duvos)
              • 1996-04-30 (Tue, 30 Apr 1996 12:09:47 +0800) - Re: The Joy of Java - Simon Spero <ses@tipper.oit.unc.edu>
            • 1996-04-30 (Tue, 30 Apr 1996 15:29:41 +0800) - Re: The Joy of Java - Scott Brickner <sjb@universe.digex.net>
              • 1996-04-30 (Tue, 30 Apr 1996 14:21:53 +0800) - Re: The Joy of Java - “Perry E. Metzger” <perry@piermont.com>
                • 1996-04-30 (Tue, 30 Apr 1996 14:35:03 +0800) - Re: The Joy of Java - sameer@c2.org
                  • 1996-04-30 (Tue, 30 Apr 1996 15:44:41 +0800) - Re: The Joy of Java - “Perry E. Metzger” <perry@piermont.com>
                • 1996-04-30 (Tue, 30 Apr 1996 16:59:38 +0800) - Re: The Joy of Java - Simon Spero <ses@tipper.oit.unc.edu>
                • 1996-05-01 (Wed, 1 May 1996 12:03:35 +0800) - Re: The Joy of Java - Scott Brickner <sjb@universe.digex.net>
        • 1996-04-27 (Sat, 27 Apr 1996 15:46:51 +0800) - Re: The Joy of Java - “Perry E. Metzger” <perry@piermont.com>
        • 1996-04-27 (Sat, 27 Apr 1996 19:47:00 +0800) - Re: The Joy of Java - Dan Busarow <dan@dpcsys.com>
          • 1996-05-04 (Sat, 4 May 1996 13:04:42 +0800) - Re: The Joy of Java - Victor Boyko <vboykod@eldorado.stern.nyu.edu>
            • 1996-05-04 (Sat, 4 May 1996 14:33:01 +0800) - Re: The Joy of Java - Wei Dai <weidai@eskimo.com>