PM returns to rant on Java after being mowed down by most people her. why? I think he has some more ulterior problems with Java than those that he cites. for Perry, ranting at java reveals certain psychological characteristics of his profile.
For at least twenty or more years, people have known that for the ultimate in multimedia email or what have you all you would need to do is make the recipient execute a program that you sent them. This obviates all the questions of having to figure out what sort of things you would want to send -- if you can execute a program, you can do anything. Unfortunately, this is also so phenomenally obvious a security problem that no one ever proposed it as anything more than a joke -- until now.
so you agree, what they are trying to solve is the holy grail of distributed computing, in some ways. but you start from a different assumption-- that such a thing is a joke to even try. they are forging ahead because they have started with the opposite assumption.
Sun is, unfortunately, suffering from a substantial hubris problem. As I have noted, the original Java applet security model and all the followups have had exactly the same problem -- they depend on perfect implementation of every element of the security model for the security to work, instead of having the realistic and conservative assumption that portions of the model will be misimplemented, and designing for defense in depth.
true, but as I have reiterated here, there is nothing preventing someone from creating an IMPLEMENTATION of Java that has the "defense in depth" that you are always ranting about. why don't you INVENT it??? such a thing is possible. Java is mostly a theoretical construct: a language. implementations are left up to different licensees. how else would you propose handling it? surely the NSA would have plenty of suggestions for putting a lock and chain around ideas. the rest of us in the real world would like to get some computing done. I continue to believe that everything you are asking for could be integrated into somebody's ingenious invention of a Java interpreter. something that implements all the features of Java in a secure way. notice, Perry, that if there was such a thing as a secure OS, you could just stick your Java browser in it and not care at all. you have your "redundant systems protection" if you already have a good OS. what? there aren't good OSes? well, why are you blaming someone who is writing a computer language because their aren't fully secure OSes? wouldn't Java running on a Kerberos system come close to the kind of security and redundancy you are proposing? such systems will probably evolve in the future. but why is a problem outside of java considered a problem of java itself by you? speaking of "hubris", I think it is you that is the most "full of it". you don't seem to understand some simple conceptions, which I have stated before in response to your ranting but you have never really replied to in the past: 1. NOBODY IS ASKING PERRY METZGER TO USE JAVA. people who ARE using it may have different needs and demands than you have. who are you to criticize all the people who have made an independent decision, "java is what we want"? 2. java threatens CONTROL by individuals over what they allow to run on their machines. it's the old "mainframe vs. PC" problem all over again. surprise!! pc's won. WHY? because people wanted to get work done without going through an all-powerful MIS priesthood. but surprise, some companies still are implementing a priesthood around their PCs. Java will help break through such kinds of monopolies. you are free to reject it, but you are getting a glimmer of understanding that Java threatens the idea of monopolistic, monolithic control over computing resources. the sysadmin with his own narrow interests may no longer be the only one who has say over how company computing resources are used. 3. no one is claiming Java is perfect. it will take years before a high level of trust is established. no one is implementing all kinds of incredibly sensitive applications in Java, YET. it is an evolutionary process. 4. in evolutionary processes, you aren't trying to find nirvana or utopia, or solve problems that no one has ever been able to solve. you make an *incremental*step*. Java is precisely this very valuable incremental step. I don't know why you continue to rant so endlessly against it. NO ONE IS ASKING YOU TO USE IT. your comments are not very valuable, either, considering that YOU ARE NOT USING IT. perhaps the people who are USING IT are far more qualified to judge whether it is fulfilling their needs, eh? 5. the world is very insecure right now in terms of computer security. java is a step in the right direction. there are a bazillion places it can be plugged into right now in which you get *better*security* than what you had before by using it. now, I wouldn't recommend placing it anywhere where you would have *less* security, but I trust designers of systems to have some sense about that. (yes, there are a lot of bonehead designers in the world, but why do you think it is a problem with Java exclusively? granted, the hype machine is way out of control, and this can lead to improper uses of the language, but there are still a lot of places where it is useful). 6. if you could point to some EXAMPLES of people using Java that shouldn't be, and ARE, then you will have a much better case. but all you have at the moment is a nagging suspicion that all kinds of people are using Java where it shouldn't be placed. 7. frankly I think you have "security envy" of pioneers who are creating the next generation of cyberspace and didn't pay some monstrous consulting fee to you in doing so. I think you would have liked to have been behind Java, because it is the next step in a field you feel you are an expert in, but instead it appeared on the scene without you ever taking it seriously, and you are increasingly pissed off that other people are taking it seriously, and that your arguments, which at one point people might have agreed with, are becoming less valid in the face of reality as people begin to understand what java is for (and not for!!). 8. criticizing something because it is not evolved is a bad way to go. C started out as the most flimsy of languages. there were serious bigtime problems with it. early compilers had ambiguities, etc. things get better. the way of the world is evolution. the tools that *you* are using *now* could have been criticized in their infancy as completely insufficient for the jobs they were "aspiring" to. they *were*. things like PCs were once the most disrespected "toys" on the planet. and you criticize Java because it is "toylike"? beware, PM, because the toys of today become the tools of tomorrow.
Beyond that, however, they have created the ultimate hype monster. Java is a neat idea looking for a good application. I use the web all day long and I have yet to see a good use for Java. We have, essentially, mortgaged our system security for almost nothing better
"we"??? hee, hee. someone who is the first to slash someone with claw-marks for using that term here among the Nihilists uses it himself. there was absolutely no system of security prior to java for what it is attempting to implement. the world is not going to end when everyone starts playing with java applets. I agree that there should be some serious question about where companies allow browsers with Java (or browsers for that matter) to be run. but you have this kind of siege mentality, "we're being invaded!! POUR DOWN THE HOT OIL!!"
than the occassional gee whiz animation that could have been implemented with a safe graphics description format instead of a turing equivalent language.
a killer java app hasn't yet been written, imho and other. so what? why are you whining about it? again, no one is forcing you to use java. the killer app lies around the corner. the PC didn't start out with excel written for it, and only an illtempered, impatient bonehead would demand such a thing.
Again, I don't hate the Sun people or hold any animosity towards them. However, I will point out the lesson that any good student of Greek Tragedies could tell you -- the gods punish hubris, and severely.
hee, hee. sounds like you speak from experience. reminds me of that saying, "good judgement comes from experience and experience comes from bad judgement". <g>