> And then there's "write once, run anywhere." Yeah ... right. I've run
> Java applets, and Javascript applets, and the latter are vastly superior
> for performance, and worse, all too often the Java applets are not "run
> anywhere", they only run on very specific JVM implementations.

You really can't judge java based on java applets; they are a really
poor front, for reasons I assume you are aware.


> There's the nice property that bytecode can be type safe. I really like
> that. But the bytecode checker is slow; do people really run it
> habitually? More important; is type safety a valuable property for
> *untrusted code* that you are going to have to sandbox anyway?

I believe major application servers run with -verify, which is
appropriate and useful for them.


> So I give up; what is it that's so great about bytecode? It looks a
> *lot* like the Emperor is not wearing clothes to me.

I think you just want to see him that way ;)


> Crispin

-- mic
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to