Re: An URL to ponder

Mr 'Zap' Andersson (zap@lysator.liu.se)
Wed, 13 Dec 95 09:32:57 -0500


-- [ From: Mr 'Zap' Andersson * EMC.Ver #2.5.02 ] --

> You're not actually reading Java code to see if it's secure, are you?
>
> Actually, if you look at that again, you'll notice that he mentions that
the
> closer you get to the hardware, the harder it is to find the bug. Since C
> and C++ are both closer than Java, I should be trusting apps written in
Java
> more than those written in C or C++. What is Meme written in again?

Uh... first of all - my point wasn't to slam Java in particular. Nor was my
point to say ANYTHING about Meme at all. My point was merely that I wanted
to wake people up a little to the fact that you can NEVER be sure that even
the most benign thing - even if we can esad it's source - is really safe.

There is really no such thing as a "100% safe" system.

That was all.

Who knows, there might be a Pentium virus wired into the microcode of the
processor?

A floating point virus maybe? :-)

- - -

As for your comment on Meme - the Meme virtual machine and compiler is
written in C, and so is the Java virtual machine and compiler. So I don't
see your comparision.

Actually, [Correct me if I am wrong] Java gives you access to system level
DLL's! So what stops me to send a virii DLL along with my Java applet!?

Meme doesn't allow that.

Note: I won't say that Meme is a dream of security. It is not, especially
not in the beta stage it is in. [Stuff like file-scope limitations are yet
to be implemented].

But - and that is the important part - NOR HAS IT CLAIMED TO BE.

Jave CLAIMS to be "oh so safe", and then it has a LOT to live up to.

> James
>
> --
> James Waldrop / Technical Director
> sulam@construct.net / Construct Internet Design
> sulam@well.com / http://www.construct.net

--
Hakan "Zap" Andersson | http://www.lysator.liu.se/~zap | Q: 0x2b | ~0x2B
Job:  GCS Scandinavia | Fax:   +46 16 96014            | A: 42
zap@lysator.liu.se    | Voice: +46 16 96460            | "Whirled Peas"
------------------------------------------------------------------------
 #include <std.disclamier.h>
------------------------------------------------------------------------

  • Next message: Jay Torborg: "RE: Looks like they want to charge for ActiveVRML"
  • Previous message: Mr 'Zap' Andersson: "Re: An URL to ponder"
  • Maybe in reply to: Mr 'Zap' Andersson: "An URL to ponder"
  • Next in thesad: James Waldrop: "Re: An URL to ponder"