Archive of UserLand's first discussion group, started October 5, 1998.

Re: Why is RMI Java-only? Who does *that* serve?

Author:Paul Snively
Posted:10/18/1999; 3:00:43 PM
Topic:Today's scriptingNews Outline
Msg #:12138 (In response to 12102)
Prev/Next:12137 / 12139

Dave Winer wrote re: mobile code:

That's something we could do Frontier-Frontier, but it's an inherently Uber-OS style thing. (Aside from the horrendous security issues.)

It doesn't have to be a horrendous security issue, although it certainly is given the half-assed way most systems have approached security. Ironically, the right answer to the problem--capability-based security--dates to the 1960's but was largely abandoned due to its "impracticality." In spite of this, a large body of existing literature on "the confinement problem" in security exists and remains valid today (i.e. it's worth doing a search on your favorite engine for "security" and "confinement problem.")

In the meantime we have the Web, and the whole question of how mutually distrustful bits of code can be made to cooperate without being forced to become vulnerable. A good starting point for learning about the issues--as well as a very good shot at addressing them on top of the Java virtual machine--can be found at <http://www.erights.org>.

Regards, Paul




This page was archived on 6/13/2001; 4:53:06 PM.

© Copyright 1998-2001 UserLand Software, Inc.