"L. Detweiler" writes:
well, are you saying it would be impossible to do such a thing [produce a safe execution environment] in a distributed programming language?
It is difficult. The way Java does this, with the protection relying solely on the correctness of the runtime (the interpreter isn't emasculated so flaws in the runtime can cause unexpected behavior) it is nearly impossible. Humans aren't good enough at designing systems this century.
furthermore, you are imposing a virtual military-level degree of security to something that does not seem to require it. if a virus gets loose on someone's computer because of Java, what's the harm?
The Web is the universal marketplace these days. Being unable to use the web is the equivalent of being unable to use the phone. I have research analysts at large trading houses begging for Netscape. Unfortunately, these people have a need for top notch security, because vast amounts of money are at stake. So, yes, if you are going to create a product that everyone on earth has to be able to use, it had damn well not explode in your face every once in a while. Imagine if all the world's refrigerators had a 1 in 10,000 chance of blowing up on you. "Whats the harm" you say. Well, most people don't expect that sort of behavior in a friendly consumer appliance that nice people from Sun and Netscape guarantee is absolutely positively safe except for all the bugs.
you are designing systems that when broken cost bazillions of dollars, potentially. what does Java cost when it breaks?
It costs all the same things the the firewalls are protecting.
who is saying that one should use Java for extremely mission critical situations such as funds transfer?
No one. Unfortunately, when the same machine runs Netscape so the trader can read the UUNet/MFS merger press release and also has the big shiny red "trade!" button on some application, you get nervous. As I said, the traders don't expect that their phone will explode when they pick it up, or that every piece of literature they get in the mail may be coated with contact poison. Well, Java is a silent killer. It soon is going to be sitting on every desktop at every company in America and its being sold as the new paper or phone. Its also sitting on all those PCs running "Quicken" that helpfully now can do direct electronic funds transfer from your account, etc. If you don't care about the security of your bank account, well, sure, you have nothing to worry about. In short, my clients need security today. Your home computer probably needs it soon if not now, and if you think your business can survive a few days without its computers, please, by all means, run without security.
again, no one said that you have to use Java for mission critical applications.
Its not Java crashing that I worry about. Its everything else on the computer and the network it is attached to that needs protection.
did the creators of Java say that it is going to be used in the banking industry?
Well, sorry, you try to keep it off the desks in the banking industry if you can.
do you realize it was intended at first to be put into *home*appliances*? are you going to die if you occasionally have to reboot your toaster because a bug?
No, but you could die if someone gets your toaster to catch fire, or gets your microwave oven to do something the hardware wasn't supposed to. It might also be very annoying if your home security system stopped working, or if your smoke detectors didn't detect smoke, or even if your fridge decided that it didn't like a string overflow in the interpreter and decided to stop refrigerating. Life critical applications or important financial applications are all around us. You just don't seem to notice. Perry