[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")




Jeff Weinstein writes:
> Perry E. Metzger wrote:
> > Netscape with Java cannot be so tested because important components
> > come down off the net.  So no, I'm not holding Netscape with Java to a
> > higher standard. I'm very much holding it to the same standard.
> 
>   The Netscape Administration Kit will allow a site security admin
> to create a configuration that disables Java, and does not allow the
> user to enable it.  If your customers require netscape, perhaps this
> is an option that will make you more comfortable.

It certainly makes me feel more comfortable. The problem I have is
that I expect that increasingly pages will arise for which information
can only be extracted with the use of Java. Some flunky from some desk
will will come up and scream "what do you mean I can't get a copy of
Foo Corporation's merger press release because we won't run some
program! Thats bullshit! Do you know how much money the risk arb desk
pulls in, you twit! This must never happen again! Fix it immediately!"

Luckily things aren't quite at that stage yet, but its only a matter
of time. When you create a tool like this, you have a certain degree
of, dare I say it, community responsibility. Once you've hyped the
tool enough and made it ubiquitous, people at some point are going to
claim that they *need* it, at which point the security people have no
choice but to do something that gives them nightmares.

Perry