Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
From: "Perry E. Metzger" <perry@piermont.com>
It certainly makes me feel more comfortable. The problem I have is that I expect that increasingly pages will arise for which information can only be extracted with the use of Java. Some flunky from some desk will will come up and scream "what do you mean I can't get a copy of Foo Corporation's merger press release because we won't run some program! Thats bullshit! Do you know how much money the risk arb desk pulls in, you twit! This must never happen again! Fix it immediately!"
Might I suggest setting up another computer with Java enabled, and _without_ the critical applications? Somehow, I think they can afford an extra computer for each desk - it wouldn't have to be a high-capability one. That would also cure having to have Netscape and other high-network-access programs on the same computers as the critical applications. (Of course, some of the critical applications may also need to access the Internet... but they probably wouldn't need http capability.) Of course, feel free to tell me that I don't know what I'm talking about. -Allen
"E. ALLEN SMITH" writes:
Might I suggest setting up another computer with Java enabled, and _without_ the critical applications? Somehow, I think they can afford an extra computer for each desk
Money is not a problem, but space is. There is never any room on a trading floor. Space is at an amazing premium. Perry
Hospitals are similar, in space, although not time constraints. An operating theatre needs to be kept reasonable sterile, and the larger the area, the more difficult it is to do that. Perry E. Metzger wrote: | "E. ALLEN SMITH" writes: | > Might I suggest setting up another computer with Java enabled, and | > _without_ the critical applications? Somehow, I think they can afford an | > extra computer for each desk | | Money is not a problem, but space is. There is never any room on a | trading floor. Space is at an amazing premium. | | Perry | -- "It is seldom that liberty of any kind is lost all at once." -Hume
"Allen" == "E ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> writes:
Allen> Might I suggest setting up another computer with Java Allen> enabled, and _without_ the critical applications? Somehow, Allen> I think they can afford an extra computer for each desk - Allen> it wouldn't have to be a high-capability one. That would Allen> also cure having to have Netscape and other Allen> high-network-access programs on the same computers as the Allen> critical applications. (Of course, some of the critical Allen> applications may also need to access the Internet... but Allen> they probably wouldn't need http capability.) Of course, Allen> feel free to tell me that I don't know what I'm talking Allen> about. And I suppose the next thing you are going to suggest is to get an extra firewall just for the Java-enabled machines. This is just a waste of money and resources. I firmly believe that access and security control should be left to the operating system: OS's have been designed with that task in mind for decades, while 'secure' virtual machines, AFAIK, only appeared recently. Also, the OS uses hardware (supervisor mode bit) to protect the kernel from unauthorized access, while a Java interpreter could only do it in software. Why not make Netscape SUID root and have it spawn a separate process just for running Java as user nobody? Communication between the processes could be done through sockets (it is better not to share any address space). Then you could at least be sure it could not read or write any unprotected files and directories. Most OS's don't restrict network access for processes, but this should be easy to add: just have additional flags in the process descriptor and have all system calls related to the network check those flags. I understand that the above does not apply to Win95 and Mac. There is only one thing I can say to those unfortunate enough to use them: install UNIX!!! Linux for PC has been available for a while, and Linux for PowerPC should come out this Summer. (And yes, I know that UNIX's sometimes have security bugs too, but there are much fewer of them than in Netscape's Java interpreter, and they are usually fixed sooner. Also, UNIX has been around for 25 years, while Java-enabled Netscape for less than a year.) Any constructive comments or criticism about UNIX and Java security is welcome. Send flames to /dev/null. -- Victor Boyko <vboykod@is-2.nyu.edu> http://galt.cs.nyu.edu/students/vb1890/ To get my PGP key, finger or send e-mail with subject "send pgp key".
On Sat, 4 May 1996, Victor Boyko wrote:
I understand that the above does not apply to Win95 and Mac. There is only one thing I can say to those unfortunate enough to use them: install UNIX!!! Linux for PC has been available for a while, and Linux
Even though Victor likes C++, I share his sentiment that a lot of people would be happier with Unix if only the marketing forces hadn't driven them into the clutches of the Dark Lord. Since this has already degenerated into a religious argument (actually it started as one), I'll throw this in FreeBSD and/or NetBSD are the way to go. Actual facts follow. FreeBSD is "free" Just like Linux, you can get FreeBSD off the 'Net for free. You can also buy a CDROM for < 100USD, just like Linux. FreeBSD has solid networking code Since it is built on 4.4BSD its TCP/IP implementation has had more bashing than anything else around. It works. It's fast. FreeBSD has source available If you want the full source, or just the kernel source, grab it. If all you need is a running system, don't bother. Most people don't need kernel or utility, e.g cat or ls, source. FreeBSD has a *single* source This may seem to be a disadvantage to some. But when the core team releases a new version of FreeBSD you can be certain that it has been widely tested and is at worst a _small_ step forward, not backwards or sideways. It might even be a _big_ step forward. If they disappear, you still have the source (assuming it was important enough for you to grab it). For me it boils down to the networking code. I need it to work reliably and fast. FreeBSD delivers, Linux promises. ObCrypto: pgpsendmail is a standard package with FreeBSD (and probably Linux too :) Dan -- Dan Busarow DPC Systems Dana Point, California
participants (5)
-
Adam Shostack -
Dan Busarow -
E. ALLEN SMITH -
Perry E. Metzger -
Victor Boyko