I've always read with interest Sameer's notes, and I also enjoyed this one. I just can't figure out why he's writing it (spelling and grammar errors aside): At 07:52 11.06.1995 -0800, sameer wrote:

For Immediate Release Date: Nov 6th, 1995 Contact: Sameer Parekh 510-601-9777 sameer@c2.org

PRINCETON STUDENTS FIND HOLE IN INTERNET SECURITY SOFTWARE

This title and the opening paragraphs seem unnecessarily (and misleadingly[*]) alarmist, given the recent spate of similar mass-media articles. After the lead and second paragraphs repeatedly talk about "holes", "make viruses and other malicious programs possible", etc., it isn't until the third paragraph that we read a calmer quote: [*] Java isn't really 'Internet security software', and the students didn't find a hole in any current version according to the rest of the text.

"While we did find some interesting holes, we believe these can be addressed and Java could make a good standard for remote code on the Web, if an effective security policy is defined."

The opening paragraphs sure didn't reflect this. Then:

The holes they found exist only in the alpha release of HotJava. The beta release, which is the version found in the widely-used Netscape Navigator 2.0b1J is not vulnerable to these attacks.

They do? It's not? Then... why mention it at all?! If this is so, it's a dead issue, old news, passe'. Why another alarmist press release (other than to promote Community ConneXion's decision to add Java to its hit list <grin duck & run>)? The public's paranoid enough about net commerce; why should we, of all people, fan the flames? This isn't to bash Sameer, whose posts I always enjoy reading. I'm just a bit puzzled by this one... Herb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Herb Sutter 2228 Urwin, Suite 102 voice (416) 618-0184 Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019