[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Joy of Java



Tim May and Mike Duvos have expresses an enthusiasm for Java which I share.
 There are a few practical issues which should be addresses.

Mike says:
>Indeed, with Java, I can put up a Web page which teaches someone
>about a cryptographic algorithm, allows him to try it out and run
>sample data through it, and provides him with a
>platform-independent implementation of it to use as he wishes.
>All in one fell swoop.  That's a pretty powerful concept.

But with the #$%^& ITAR you have to do it outside the USA/Canada, or limit
it to USA/Canadians.  The patent situation with RSA doesn't help making
applications inter-operate with the existing PGP based infrastructure. 
Perhaps all these applications will appear first on the outside, where
these problems do not exist for the developers.  (The patent problem would
still exist for US/Canadian users.  I will be interested to see the patent
holder's response.)

Tim says:
>One interesting remark I read from someone was that the Java distribution
>model returns us to an era of easier distribution of small programs. The
>"application bloat" of very large programs may be at least partly fixed.
>We'll see.

I have my doubts about this one.  I think application bloat comes from
market forces and from the kind of bundling you see in XYZCorpOffice
products where you get 4 applications packaged together.  This marketing
approach maximizes revenue by selling you products you don't need as a
matter of convenience.  But, we shall see.


There are some features of Java which make it less than ideal for crypto
applications.  These features can be overcome, but they will affect
implementors and users.

(1) There are not many sources of high-quality entropy available to Java
applets.  Keystroke timings and scribble windows are probably the best
sources, but may represent an inconvenience for users.

(2) Java doesn't allow you to define operators as methods of classes.  This
feature has the advantage that you don't have strange uses of the
operators, the classic example being the left shift operator being used to
do output.  However, if you need to do arithmetic on numbers larger than 64
bits, you can't use common, infix notation.  This feature only affects
developers, and at worst, qualifies as a pain in the rear and not a show
stopper.

I too hope to soon see high-quality crypto applications on my desktop in Java.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
[email protected] | dead teenagers | Los Gatos, CA 95032, USA