PM:
2) "We are ignorant, so we build something that does as little as we can get away with, makes the assumption at every stage that every component of the system might be broken, and put seventeen layers of armor around it on the assumption that we still have probably made a mistake or two in designing the system." This is the model that modern firewalls built by the likes of me take -- systems that are designed to be tolerant of multiple engineering failures. Such systems are built on the assumption that humans are fallible. Such systems, unlike Java, do not depend on flawless operation of all their components for their security. Such systems are built on the conservative assumption that humans are going to make mistakes and that you have to take account of your own fallibility when designing secure systems. In such a system, one can have breeches of the security of four major subsystems and the fifth still keeps you alive. The "belt and suspenders" model doesn't require mathematical proofs of security because it was engineered, from the start, to be robust.
well, are you saying it would be impossible to do such a thing in a distributed programming language? why does Java not fit this description? it seems to have the internal equivalent of "firewalls" (a "sandbox" is a similar concept). furthermore, you are imposing a virtual military-level degree of security to something that does not seem to require it. if a virus gets loose on someone's computer because of Java, what's the harm? you are designing systems that when broken cost bazillions of dollars, potentially. what does Java cost when it breaks? who is saying that one should use Java for extremely mission critical situations such as funds transfer? yes, there are different kinds of security, and it would be foolish for anyone to assume or think that the security offered by Java is the same security referred to by people such as PM writing financial applications, or people inside the NSA, etc-- you know PM, you often write as if you are an authority on security, but I'll wager that people inside NSA think you are "playing in the sandbox" so to speak. let us agree that no matter how secure something is, there is someone that demands more security, and actually pays for it. sort of like no matter how much you make in salary, there is someone who makes more than you do. or no matter how much you know about subject [x], someone else knows more. PM, you go on the defensive against TCM, but he was not really stating that either the "scruffies" or the "neaties" have an inherent advantage. it's a feedback loop in security as much as it is in AI as he described. neither view is incorrect. they both have their applications.
Tim misunderstands, thinking this is a case of some foolish perfectionists getting mad at the guys who throw things together and hope that they work. Not at all. Our problem with Java is the security model, which inherently requires perfect design and operation.
again, no one said that you have to use Java for mission critical applications. please don't criticize it for using the term "secure" when in fact that is appropriate for its environment. has it ever claimed to do something it doesn't? have the java designers ever said, "our code is bug free"? We
build our own systems to be robust enough to survive our own mistakes. Java is built such that any mistake is fatal.
y'know, it may be possible to create an *implementation* for java that fulfills your demands. you seem to be talking a lot more about hardware than software. you are free to create any kind of environment you want for the Java interpreter, including a paranoid system with multiple firewalls that assumes Java may not do what it claims it does.
Essentially, this is the optimists versus the realists.
I've noticed how there are two types of thinking: dualistic and unified. people that are stuck in dualistic thinking always think that because someone disagrees with them, they are putting them down. they can't conceive of multiple alternative views on the same subject, all with relative merits. they may paint their supposed adversaries as "optimists" and themselves as the "realists". a silly game that can go on ad infinitum. I've noticed that women (well, the ones that are feminine, anyway) don't seem to get into this kind of debate much, even when they are present. it's a real man kind of thing.
PS BTW, Tim, Java is great for the theorem prover fetishizers -- look no further than Java's bytecode verifier. I have never built a system that required an "active defense" like that. They fill me with the same sort of dread I would get from a skyscraper design that required a constant flow of electricity to the building lest it collapse. Sure, its cool. Maybe it even saves some money. However, can you sleep at night inside it?
again, I reiterate: no one asked you to use Java, PM. it has a very useful place where it was designed for: on the desktop of computer geeks who get a kick out of mandelbrot generators or remailers or whatever. you are a businessman in a mission critical situation. why are you ramming your standards down the throat of a place where it is inappropriate? did the creators of Java say that it is going to be used in the banking industry? why do you write all your attacks on it as if they have? do you realize it was intended at first to be put into *home*appliances*? are you going to die if you occasionally have to reboot your toaster because a bug? hee, hee, maybe I should bite my tongue. maybe you have a "firewall protected toaster arrangement."