[1233] in java-interest
Re: The Future of Java
daemon@ATHENA.MIT.EDU (Alexander Anderson)
Sun Aug 27 01:45:41 1995
Date: Sun, 27 Aug 95 02:08:16 0100
From: Alexander Anderson <sandy@almide.demon.co.uk>
To: java-interest@java.sun.com
(In reply to your message dated Saturday 26, August 1995)
Dear Robert O'Callaghan,
"Stop dropping acid and climb down from the ceiling"! I like that
one!
A few points to keep the chat flowing. I think VB is popular by
proxy. It gets it's popularity from an energy that goes way back to the
daring visions of Dartmouth Basic. I'm not sure, but I'm pretty certain
the creators of Dartmouth Basic could be counted on the fingers of one
hand. You that imply UNIX is being thought of as old, and everything has
to be backward compatible with it. Again, the creators of UNIX were
visionary poets, and UNIX their masterpiece. The reason we have such an
incredibly coherent InterNet system now in the '90s, is because we
_still_ lag behind the visions enshrined in UNIX. As we do Alan Kay,
Douglas Engelbart, Seymour Papert, Terry Winograd, Gerd Somerhof and many
others, and some of you included.
"Where there is no vision, the people perish"
The reason why MicroSoft succeeds to dominate the world with bungling
amateurish engineering, is that individuals, that's you and I, don't
connect; we'd rather leer through our ray-bans and be seen in our jeans
chewing gum. The Emperor's New Clothes.
I instinctively liked Java, the first I saw it. Java is a personal
creation. Again, and I would be willing to bet, originally done by a
handful of people. There's a lot of sweet futurity in the confidence of
it's ideas and the sleek syntax. Something designed by committee, or
psychological questionaires never seems to feel any good. Everyone's
chickened out, abnegated responsibility for the thing. Look at ADA, or,
and I'm sorry to say this, "Forest Gump". I remember a lecturer at
London's Guildhall University, being chosen to research into ADA at the
start of the '80s. Very high-falutin' stuff about parallel processing.
And he rammed it down everyone's throats at every laconic opportunity,
before he moved to France. Doesn't make for real vision, no way!
You said apropos a new OS written in Java:
"You can put untrusted code behind the kernel barrier and
because Java is safe, you don't sacrifice stability."
Yes, writing a Java Extensible Operating Sytem, in Java, ala Oberon,
is what naturally springs to my mind as a first priority. Therefore I
have been trying to find out about Java Secureness, and whether it's
syntax will lend itself to the yoke of Formal Semantic Analysis.
What we're doing right now, in extending the Global InterNet, is VERY
important. If we do this right, none of us will live long enough to see
an end to the benefits of our design. As Bruce Schneier said,
"Cryptography is too important to be left to governments". Now that the
group is being responsible, is really talking/hacking, I think it's time
to discuss this area. Here is a reply about Java security from an
Australian telecoms consultancy:
Dear Sandy,
Sorry this reply took a little time.
Sun are very concerned about JAVA security cause of the media
attention its received over the last few months.
The issues is of real concern: JAVA executes in the local
environment based on a level of trust the user provides the
execution engine. It's basically a four way switch that at
the most secure level provides reasonable security.
At the least secure level it is VERY simple to create a
JAVA application that would backup your file system onto a
remote host. You could even do it using a thread and the user
wouldn't even know it was happening.
I see the major issue as largely physcological. If I run a
JAVA application for a while and it seems to work well then I
begin to trust it. Lets say at some later date the
application tells me that if I reduce the security
restrictions it will 'run' better - so I do, unaware that the
JAVA application can now access my file system and perform
unwanted acts...
Improving the security is very difficult. On UNIX and other
VM based systems protecting pointer access is easy. On
MS-Windows it isn't. I don't believe there is a solution here
for the JAVA folks. Could I write a JAVA application for
MS-Windows that grovels around in memory looking for
interesting places to inject a virus - not all that
difficult....
On UNIX systems the issue is simply access to the file system
and system services. Sun will need to provide a version of
the JAVA engin that doesn't support file access and the like.
Though you may like to think about the issues of using an
application that stores all of its data back on the server.
Would corporations accept having data flow back to an external
source for storage - I don't think so.
D.
Ps. My role at [*] is [*] Manager - but my background is
software engineering.
Sandy
P.S. It reveals something interesting about Sun's attitude, so far, that
I find myself deleting out the names.
--
// Alexander Anderson Computer Science Student //
// Home Fone : +44 (0) 171-794-4543 Middlesex University //
// Home Email : sandy@almide.demon.co.uk Bounds Green //
// College Email: alexander9@mdx.ac.uk London //
// UK //
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
