REM_ote

[Alex Strasheim]

> Might want to be careful calling Marianne a borderline liar. She's our host
> for Cypherpunks meetings at Sun, where's she's in the Java group. The
> article didn't make it clear that she's with Sun and not Netscape. She's
> also been coming to Cypherpunks meetings since the beginning, and posts
> here occasionally.

I apologize for the remark, it was out of line.  I don't know who she is,
or what she actually said, for that matter.

But the fact remains that these sorts of security problems were predicted
well before Java was widely deployed.  They're serious, and this isn't
going to be the last one.  An awful lot of people aren't going to patch
their copies of Netscape any time soon, either.

(A useful feature for Netscape might be a facility that checks
periodically to see if a security patch is in order, and displays a
warning if it is.)

Problems with security are a fact of life.  I've made embarassing mistakes
that compromised security for some of my users.  When that happens you
have to come clean, tell the truth, and fix the problem.  Don't try to
convince people that you didn't screw up, that the problem isn't serious. 
Don't say things that will encourage users to put off installing a
security patch.  And don't underestimate the ability of your attackers.