[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")




PM:

>2) "We are ignorant, so we build something that does as little as we
>   can get away with, makes the assumption at every stage that every
>   component of the system might be broken, and put seventeen layers
>   of armor around it on the assumption that we still have probably
>   made a mistake or two in designing the system." This is the model
>   that modern firewalls built by the likes of me take -- systems that
>   are designed to be tolerant of multiple engineering failures. Such
>   systems are built on the assumption that humans are fallible. Such
>   systems, unlike Java, do not depend on flawless operation of all
>   their components for their security. Such systems are built on the
>   conservative assumption that humans are going to make mistakes and
>   that you have to take account of your own fallibility when
>   designing secure systems. In such a system, one can have breeches
>   of the security of four major subsystems and the fifth still keeps
>   you alive. The "belt and suspenders" model doesn't require
>   mathematical proofs of security because it was engineered, from the
>   start, to be robust.

well, are you saying it would be impossible to do such a thing in
a distributed programming language? why does Java not fit this 
description? it seems to have the internal equivalent of "firewalls"
(a "sandbox" is a similar concept).

furthermore, you are imposing a virtual military-level degree of
security to something that does not seem to require it. if
a virus gets loose on someone's computer because of Java, what's
the harm? you are designing systems that when broken cost bazillions
of dollars, potentially. what does Java cost when it breaks? who
is saying that one should use Java for extremely mission 
critical situations such as funds transfer?

yes, there are different kinds of security, and it would be 
foolish for anyone to assume or think that the security offered
by Java is the same security referred to by people such as PM
writing financial applications, or people inside the NSA, etc--
you know PM, you often write as if you are an authority on security,
but I'll wager that people inside NSA think you are "playing in
the sandbox" so to speak.

let us agree that no matter how secure something is, there is someone
that demands more security, and actually pays for it. sort of like
no matter how much you make in salary, there is someone who makes
more than you do. or no matter how much you know about subject
[x], someone else knows more.

PM, you go on the defensive against TCM, but he was not really 
stating that either the "scruffies" or the "neaties" have an
inherent advantage. it's a feedback loop in security as much
as it is in AI as he described. neither view is incorrect. they
both have their applications.

>Tim misunderstands, thinking this is a case of some foolish
>perfectionists getting mad at the guys who throw things together and
>hope that they work. Not at all. Our problem with Java is the security
>model, which inherently requires perfect design and operation.

again, no one said that you have to use Java for mission critical
applications. please don't criticize it for using the term "secure"
when in fact that is appropriate for its environment. has it
ever claimed to do something it doesn't? have the java designers
ever said, "our code is bug free"? 

 We
>build our own systems to be robust enough to survive our own mistakes.
>Java is built such that any mistake is fatal.

y'know, it may be possible to create an *implementation* for java
that fulfills your demands. you seem to be talking a lot more about
hardware than software. you are free to create any kind of environment
you want for the Java interpreter, including a paranoid system with
multiple firewalls that assumes Java may not do what it claims it does.

>Essentially, this is the optimists versus the realists.

I've noticed how there are two types of thinking: dualistic and
unified. people that are stuck in dualistic thinking always think
that because someone disagrees with them, they are putting them
down. they can't conceive of multiple alternative views on the
same subject, all with relative merits. they may paint their
supposed adversaries as "optimists" and themselves as the 
"realists". a silly game that can go on ad infinitum. I've noticed
that women (well, the ones that are feminine, anyway)
don't seem to get into this kind of debate much,
even when they are present. it's a real man kind of thing.

>PS BTW, Tim, Java is great for the theorem prover fetishizers -- look no
>further than Java's bytecode verifier. I have never built a system
>that required an "active defense" like that. They fill me with the
>same sort of dread I would get from a skyscraper design that required
>a constant flow of electricity to the building lest it collapse. Sure,
>its cool. Maybe it even saves some money. However, can you sleep at
>night inside it?

again, I reiterate: no one asked you to use Java, PM. it has a very
useful place where it was designed for: on the desktop of computer
geeks who get a kick out of mandelbrot generators or remailers or
whatever. you are a businessman in a mission critical situation.
why are you ramming your standards down the throat of a place where
it is inappropriate? 

did the creators of Java say that it is going
to be used in the banking industry? why do you write all your attacks
on it as if they have? do you realize it was intended at first to
be put into *home*appliances*? are you going to die if you occasionally
have to reboot your toaster because a bug? hee, hee, maybe I should 
bite my tongue. maybe you have a "firewall protected toaster arrangement."