[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java insecurity - long - argumentative - you are warned.



> 
> On Mon, 6 Nov 1995, Ray Cromwell wrote:
> 
> > > WARNING - THIS MESSAGE CONTAINS INFORMATION THAT MIGHT BE CONSIDERED AS
> > > A FLAME BY SOME READERS - IT IS LONG AND TEDIOUS - YOU ARE WARNED!
> > > 
> > > >From the Java Web pages (as combined in Firewalls/BoS):
> > > 
> > > > The language's security features (not just applets):
> > 
> > [Long list of bullshit deleted]
> 
> I don't think that this is *bullshit* ... the questions I mean ... but,
> I for one am tired of people promoting products in a manner which flies 
> in direct contravention of expert consensus.

   Dr Cohen could have answered the questions himself if he had read
the literature. What he did was equivalent to asking "how secure is DES"
based on a marketing information flyer. Java does not fly in direct
contravention of expert consensus. Java does not purport to solve
the halting problem or formally prove the correctness of algorithms.
The only phrase you can quibble with is "tamper-free/virus-free",
but how many products on the market make that claim, for instance,
over-the-counter drugs? Anyone with half a brain knows that nothing
is perfectly secure, and what those phrases really mean is
"tamper-resistant". So get over it.

  It seems that after all those Netscape bugs were found, now folks,
many of whom I consider to not be very skilled in computer science,
are trying to conduct a witch hunt against Netscape, it seems in the
hope of gaining some fame or recognition. The general tone of your
messages and Dr Cohen's, leads me to believe that you think you are
conducting some service by "exposing" these "flaws", thinking that
one day c'punks will recognize your contribution and thank you. 
My guess is that most c'punks view your analysis as content free,
and overly zealous/hostile.

-Ray