1996-05-03 - Re: Why I dislike Java. (was Re: “Scruffies” vs. “Neats”)

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Alex Strasheim <cp@proust.suba.com>
Message Hash: 8fadfdc8c910aa9e97657d8366d42e8981d66468e2099198ae29b1628088687a
Message ID: <199605030038.UAA21763@jekyll.piermont.com>
Reply To: <199605010528.AAA00506@proust.suba.com>
UTC Datetime: 1996-05-03 06:56:37 UTC
Raw Date: Fri, 3 May 1996 14:56:37 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 3 May 1996 14:56:37 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605010528.AAA00506@proust.suba.com>
Message-ID: <199605030038.UAA21763@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alex Strasheim writes:
> One thing that I'm sort of fuzzy on is whether or not you feel that this 
> is a problem specific to this one group of products (java) or if it's a 
> problem with the general idea of grabbing and running applets 
> indiscriminently in a protective environment.

I believe that it is possible to design environments in which you can
safely run applet like things. However, 1) I am not sure that such an
environment is needed for most of what Java does in the Netscape
environment, so given the dangers I'm not sure the price is worth
paying, 2) Java does not possess the characteristics such an
environment needs, and 3) It is pretty clear that much of what the
Java designers want to do could not be done in such an environment.

> Right now, as near as I can tell, we have two major security complaints
> with java's design.  The first is Perry's point (which I might be
> munging), that there isn't enough redundancy in the security to protect us
> if and when human error creeps in.  The second is that a rigorous formal
> analysis of the language hasn't been performed, and that the language as
> it is currently constituted doesn't lend itself to such an analysis. 

I would very much prefer a language who's security did not require
such analysis. Java, sadly, does require such an analysis because it
requires perfect implementation for its security model to work. In a
restricted execution environment that was designed with defense in
depth in mind, such an analysis would be a bonus, but not strictly
required.

Perry





Thread