Re: The Joy of Java

["Perry E. Metzger" <perry@piermont.com>]

Scott Brickner writes:
> Unfortunately, this last statement isn't really true.  To quote from the
> "Java Security" paper from some Princeton researchers:
> 
>     The Java language has neighter a formal semantics nor a formal
>     description of its type system.  We do not know what a Java program
>     means, in any formal sense, so we cannot reason formally about Java
>     and the security properties of the Java libraries written in Java.
>     Java lacks a formal description of its type system, yet the security
>     of Java relies on the soundness of its type system.

I will point out that complete formal semantics exist for other,
perfectly practical to use languages, like Scheme.

>     We conclude that the Java system in its current form cannot easily
>     be made secure.  Significant redesign of the language, the bytecode
>     format, and the runtime system appear to be necessary steps toward
>     building a higher-assurance system. . . . Execution of remotely-
>     loaded code is a relatively new phenomenon, and more work is
>     required to make it safe.
> 
> I do think that the ideas embodied in Java are very important, and will
> significantly shape the future of computing, but Java itself may be just
> a stepping stone on the way.

I go further. Java, as envisioned, cannot be made secure. It is too
powerful a language. Furthermore, it is unnecessary for the tasks that
it is used for, which are basically adding fancy wacky graphics and
simple applications and such to web pages.

Perry