Java, Netscape, OpenDoc, and Babel

Perry E. Metzger perry at imsi.com
Fri Jul 28 08:30:53 PDT 1995



solman at MIT.EDU writes:
> I disagree for the simple reason that Java and Hotjava are not being
> treated as trusted code in their applications. Applets are tightly
> contrained in what they can do,

You are incorrect. Applets are DESIGNED to be tightly constrained in
what they do. You want to bet your career that there are no bugs in
the implementation of this design? The thing keeping you from opening
sockets or doing file-io is a very thin scrim. Are you *certain* that
it is bug free? I'm not.

> I've been looking at the Java code closely for a couple of months now, and
> I find it to be relatively clean in its implementation (Solaris version at
> least).

Are you willing to bet your career that its bug free? Thats my question.

> I think I'm actually more worried by far less powerful browsers
> whose code I don't approve of, like Mosaic.

Don't get me wrong -- Mosaic also bothers me, as does Netscape. Java,
however, gives me the willies.

> The vast majority of security problems result from the fact that
> most code has security added in AFTER coding starts. Java has been
> designed for excellent security from the very begining.

*designed*. Can you be certain that both the design and the
implementation are bug free?

I like systems that are more fail-safe. About half a dozen
simultaneous bugs would be needed to break some of my more secure
firewalls, for example. Java does *not* provide security in depth.

.pm






More information about the cypherpunks-legacy mailing list