 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Back in the day when Netscape incorporated Java in their flagship product I was horrified. Not because of Java per se but because of how Netscape implemented it: any Java program would run more or less automatically upon load from a web page. This flew in the face of a fundamental security tenet: you only run programs that you choose to run. But here was Netscape trying to dominate the world with the "convenience" of Java applets right there with Sun backing Netscape all the way. And then Microsoft followed suit with ActiveX. And then all hell broke lose. Fast forward to today. Oracle has announced and deployed a security update to Java 7 that will once and for all solve the problem of web browsers loading and launching rogue programs. It's called Deployment Rule Set and it prevents Java from running anything that isn't explicitly allowed by a site's administrators. Java finally has an implicit deny/explicit allow security mechanism, and it's about damned time. It only took Sun + Oracle the better part of 20 years to figure it out. Bets on how long it will take the black hats to figure out how to bypass it? -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
