harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob <citi...@earthlink.net>
Subject Re: State of the World (it's security)
Date Tue, 10 May 2005 01:59:28 GMT
>> Maybe it seems like a grim environment for starting a new project.
>> Well, considered on technical grounds alone, it is.  One needs a
>> pretty compelling technical story to do better than already existing
>> projects.

As I mentioned in my last post, proper implementation (and 
verification) of the Java Security Model is a strongly compelling 
technical story.  And it is still WIDE OPEN.  If you wish to develop a 
protocol in which (potentially malicious) code can be WRITTEN on 
computer A, then SENT to computer B and run in a sandbox in a secure 
and flexible manner as determined by the administrator of System B ---- 
then there is NO open source project that will support that 
functionality, nor is there currently any open source project that 
intends to build that functionality.  Not GCJ.  Not Kaffee.  Not .GNU.  
Not Mono (although Mono seems to be the closest, maybe).

The Palladium proposal, to the extent it is still alive, should give 
extra impetus for this project.  Microsoft has argued that Palladium 
will make your computer "more secure" against viruses.  This is FUD 
designed to scare people into "trusted computing".  Well, so will Java 
and Java-like systems, and they'll do it without wresting control of 
the computer from the end user.  Of course, only commercial Java 
systems do it today. But imagine the potential a secure Java or 
Java-like system could have, if it were easily integratable into a wide 
range of OS and desktop applications.

-- Bob


Mime
View raw message