I've been rather hard on Java here lately. I'd like to state, for the record, that I have nothing against the folks at Sun. They are good, smart people, and I'm sure they mean well and aren't in on some evil plot. However, that doesn't make Java a good idea. For at least twenty or more years, people have known that for the ultimate in multimedia email or what have you all you would need to do is make the recipient execute a program that you sent them. This obviates all the questions of having to figure out what sort of things you would want to send -- if you can execute a program, you can do anything. Unfortunately, this is also so phenomenally obvious a security problem that no one ever proposed it as anything more than a joke -- until now. Sun is, unfortunately, suffering from a substantial hubris problem. As I have noted, the original Java applet security model and all the followups have had exactly the same problem -- they depend on perfect implementation of every element of the security model for the security to work, instead of having the realistic and conservative assumption that portions of the model will be misimplemented, and designing for defense in depth. Beyond that, however, they have created the ultimate hype monster. Java is a neat idea looking for a good application. I use the web all day long and I have yet to see a good use for Java. We have, essentially, mortgaged our system security for almost nothing better than the occassional gee whiz animation that could have been implemented with a safe graphics description format instead of a turing equivalent language. Again, I don't hate the Sun people or hold any animosity towards them. However, I will point out the lesson that any good student of Greek Tragedies could tell you -- the gods punish hubris, and severely. Perry