On Tue, Nov 14, 2006 at 05:39:05PM -0500, Simetrical wrote:
That said, there's no reason to be paranoid. Yes, there will always be vulnerabilities, but they'll be doubly limited by the approval process *and* the sandbox. We aren't distributing arbitrary machine code, we're distributing Java, which as far as I know can't do anything like take over your computer or wipe your hard drive. Running arbitrary Java is not to my knowledge a real security risk, at least no more than arbitrary JavaScript (which can spy on you to an extent), and this Java won't even be arbitrary: it will be vetted first, however imperfectly.
The idea that Java cannot take over your computer or wipe your hard drive may (and I emphasize the use of "may" here) be true for applets, but for other uses of Java it is anything but true.
Hey, if we're going to start including virtual machine run bytecode content, maybe we should include other VMs than Java's. For instance, there's OCaml's toplevel VM, Parrot, and Smalltalk out there. Could be fun.
Okay, I'm not very serious about that.