Pushing the envelope

Darren's take on Java, agile methods, cool open source stuff, interesting technologies and other random wanderings through the land of blog. 		Updated: 26/01/2003; 11:50:01.
Places to go
Apache Jakarta Project
c2.com
ExtremeProgramming.org
OpenSymphony
XProgramming.com
XP Developer

People to see
Russell Beattie
Eugene Belyaev
Tony Bowden
Mike Cannon-Brookes
Jeff Duska
Paul Hammant
Scott Johnson
Brett Morgan
Rickard Öberg
James Strachan
Joe Walnes

Things to do

Subscribe to "Pushing the envelope" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.


That was the day
September 2002
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          
Aug   Oct

Archives
December 2002
November 2002
October 2002
September 2002
August 2002

Listening To


Valid RSS

Click here to visit the Radio UserLand website.

  22 September 2002

Applet security redux.

I have finally come upon a solution that is less expensive than paying the $200 plus $100/year to Thwaite for a digital certificate. I just put the following into my Java Plugin JRE's java.security file: 
   grant codeBase "http://rollerweblogger.org/ekitapplet.jar" {
   permission java.security.AllPermission;
   }


Now, this is fine for me because I trust myself. But, for example, what if Anthony Eden was to ask his users to do this, substituting roller.anthonyeden.com for rollerweblogger.org in the above snippet? Anthony would be asking his users to trust in the following things:

  • Neither Howard Kistler, Dave Johnson, nor Anthony Eden have put no malicious code in Ekit
  • An evil hacker will not break in to Anthony's site and replace ekitapplet.jar with malicious code


Is that too much to ask of Anthony's Roller users? If it is, then we need to buy a certificate for Ekit and hope that this one certificate would be good for all Roller users.

BTW, this is my first Ekit post using Mozilla.
[Blogging Roller]

Presumably, even with a certificate, users would still have to trust that none of the authors had put any malicious code into it? All the certificate does is assert where it came from. You are still required to trust the source.


11:46:35 PM      comment []

BCELify

BCEL. A tool to build classes on the fly and output them as bytecode. Complex stuff. Luckily it comes with BCELifier. This tool can take an existing .class file and generate the BCEL java source code to build that class. Very cool.

What this means is that if (like me) you find BCEL itself a mite tricky, you can write your class in the normal way, compile it, BCELify it and end up with the source code you need to feed BCEL with to get the same result. Groovy. This reminds me of my dim past, recording VBA macros in Excel to find out how to do something, then hacking the generated code into what I wanted. [Pushing the envelope]


I'm really not sure how I feel about this. We are really re-treading the boards that lisp trod with it's macro system many moons ago. I suppose the complexity of our solutions is the result of refusing to swallow the lisp/scheme mantra of code and data being one.[Brett Morgan's Insanity Weblog Zilla]

Indeed. I'm still looking for the 'perfect' language. Java with closures, multiple inheritance, dynamic execution (like Perl's 'eval') and primitives as first-class objects (a la Smalltalk) would be pretty cool.

This article on an imaginary 'Java 3' also makes for an interesting read.


3:45:06 PM      comment []

© Copyright 2003 Darren Hobbs