[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Netscape and Java ...

To: "Sheflug" <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] Netscape and Java ...
From: "Lewis Ashton" <nospam [at] supanet.com>
Date: Sun, 7 Jan 2001 14:36:52 -0000
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz

Hi folks,

This is not a java flame...despite what it looks like. It is just a note of
caution about running Java in any thing other than a sand box.

Java has plagued me pretty much all of the time for the last six months. Not
that I actually know any at all!

My major contribution to the subject though is that it scares the pants off
me. Quite apart from the fact that it is designed in such a way that
developers do not need to know anything at all about computers and systems
to produce a sembalance of a working program; the product its self is too
all powerful for my liking. Most of this power is to make up for coders not
knowing how to use systems. There is all the hooks you ever need in there to
interface with any thing on your machine or indeed network.

The point (yes I'm coming to it) is that you should make sure that you make
as many sensible security tweaks as possible when you install it. And if at
all possible I wouldn't run SDK/JDK on an Internet facing machine. If I need
java in that situation, I'd run the most minimal JVM possible. JDK/SDK is a
development environment. So do not run that except to develop on.

One of my pet projects for the next few months is to sort out some proper
baselines for Java and some sensible security tweaks. As soon as I've pulled
this lot together I'll publish it to the list. The down side to this is that
I need to learn Java....bugger. I gave up coding a couple of years back!

</sucking eggs>
HTH
Lewis

PS Any body know of any System Security jobs going in the area?

----- Original Message -----
From: Alex Hudson <home [at] alexhudson.com>
To: Sheflug <sheflug [at] vuw.ac.nz>
Sent: Saturday, January 06, 2001 11:15 PM
Subject: Re: [Sheflug] Netscape and Java ...

<snip>

> > I'll try and get it to work properly, but seen as this requires 20-odd
Mb
> > of new JDK to download it may take time. HotJava turns it's nose up at
> > IBM JDK, I wonder why? And Sun had the temerity to sue MS for
"corrupting"
> > java. Sheesh, it's like they couldn't do it themselves.
>
> JRE is much smaller, and generally works pretty well. I have to
congratulate
> the Blackdown guys on the quality of their implementation, it seems pretty
> good from my experience, non of the old CLASSPATH nonsense of the old days
> ;)
>
> Cheers,
>
> Alex.
>
> ---------------------------------------------------------------------
> Sheffield Linux User's Group - http://www.sheflug.co.uk
> To unsubscribe from this list send mail to
> - <sheflug-request [at] vuw.ac.nz> - with the word
>  "unsubscribe" in the body of the message.
>
>   GNU the choice of a complete generation.
>
>

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] Netscape and Java ...
  - From: Will Newton <will [at] misconception.org.uk>

References:
- Re: [Sheflug] Netscape and Java ...
  - From: Will Newton <will [at] misconception.org.uk>
- Re: [Sheflug] Netscape and Java ...
  - From: "Alex Hudson" <home [at] alexhudson.com>

Prev by Date: Re: [Sheflug] Re: bounce
Next by Date: [Sheflug] Re: Firewall Stuff
Prev by thread: Re: [Sheflug] Netscape and Java ...
Next by thread: Re: [Sheflug] Netscape and Java ...
Index(es):
- Date
- Thread