Date: Mon, 14 Apr 1997 19:18:04 -0700
Message-Id: <199704150218.TAA13758@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: darryl@worldchat.com
Subject: Re: Signed Applets
Hi there,
I don't like to sound old and crusty and grey-haired, but, you know,
sometimes marketing is part of this day-to-day business world! (And
it's not like people don't sling arrows at Java, without necessarily
considering the situation in a calm philosophical manner. :-))
My advice is, regard marketing with a sense of humor, and a grain of
salt. It will lengthen your happy productive life as an engineer :-)
As for any analogy between the Java sandbox and ActiveX: I think any
such analogy misses what the point of the Java sandbox is. The deal
is, we *can* build an infrastructure in which we allow the Java
applets to do only a certain thing, in a limited way, with auditing
and logging enabled.
I don't believe this is possible with a C/C++ based embedded content
model. In fact, the people who are working on those sorts of models
have said that the sandbox approach won't work with those models.
For more info on what's really going on with Java security, please
hang in there, and do check out this info online:
1. JavaOne slides
http://java.sun.com/javaone/sessions/slides/TT03/index.html
2. Handout from JavaOne
http://java.sun.com/security/handout.html
3. Extended abstract from CompCon 97
http://java.sun.com/security/compcon97.ps
I would be interested to hear specifically what you feel are the
compelling advantages of the Microsoft implementation of the Java
virtual machine and development environment. I'm very glad to hear
you like their implementation -- really -- but I'm curious to hear
what the compelling advantage is, for you, in their products.
And I may so say brother -- we are working for more than profits, we
are working with the internet community. It's up to you if you
believe that or not, but I think our actions speak for themselves. I
haven't noticed many other internet vendors publishing their full
source code, and their full specs, and trying their hardest to work
with the entire internet community, despite how fast it's growing, and
how diverse the community is. Give peace a chance ...
Peace,
Marianne
JavaSoft engineering, security