From burt Tue Dec 16 21:08 EST 1997 Return-Path: Received: by bonehead.sedonageo.com (8.8.4/SMI-SVR4) id VAA20982; Tue, 16 Dec 1997 21:08:12 -0500 (EST) Date: Tue, 16 Dec 1997 21:08:12 -0500 (EST) From: burt Message-Id: <199712170208.VAA20982@ bonehead.sedonageo.com> To: letters@iw.com Subject: Joel Snyder in November IW X-Sun-Charset: US-ASCII Content-Type: text Content-Length: 2929 X-Lines: 56 Status: RO To the editor, I recently read Joel Snyder's remarks in the November Internet World about Java, and I have to say it sounds like he was confusing Java with ActiveX as far as security issues go. I mean, a phrase like "You must trust that your Java implementation is perfect, has no bugs, and that the Java applets and JavaScript you download are not designed to be malicious" could be applied to ANY software, including the browser, the operating system, and the TCP/IP stack (which almost everyone has to install these days). Does that shareware program you just downloaded have a virus? Will that public domain app mail your password file off to some hacker? Can you really trust the developer of that new application you just bought? Fact of the matter is, you just have to trust the Java implementation. If that is working, it doesn't matter if the Applets are malicious. Furthermore, a statement like that is one like 'you have to trust your ISP not to give out your password' or 'you have to trust your router not to have bugs that allow access to your system'. Yes, these are risks. Are they really so great of a risk? I sincerely doubt that every user needs to nervously await the icy finger of death for his files and system just because they are running an applet, yet Joel makes it sound as if a running applet is the final toll of the death bell. In any case, this article shows either ignorance or a desire to inflame people, and while I'm happy that he so gleefully harped on these problems, I find it interesting that he never even mentioned what was pushed as the big competitor to Java: ActiveX, which has *all* the problems he mentioned, plus several additional ones: zero security and no portability whatsoever. In addition, I get the impression that he hasn't really done much work with Java or Java applications. Java *is* being used to develop true cross platform applications. Look at IBM, Lotus and Corel. And don't sneer at Corel; they haven't dropped Java, the Corel Office development was a test, and based on that they've decided to go forward with Java, not drop it. Look at companies like ApplixWare ... InfoWorld rated their application suite highly and found that the cross platform portability was not only all it was touted to be, but that it made it *much* more attractive of a product than one tied to a platform. Look at Ralston Purina, which just rebuilt its entire inventory system using Java and are extremely pleased. The days of vendor monopolies and leveraging thereof are numbered, and yes, it is Java that will drive the wedge in the door. Joel very carefully avoids mentioning where his preference for a development environment and vendor suite lies; it makes me wonder. I suspect he really wrote this article just to get a rise out of people. It is too inflammatory to be a true, sober evaluation. sincerely Burt Smith Sedona GeoServices, Inc.