<< MSN Search Better Than Google? | Home | Strange Typo >>

RSS | Atom | E-mail

Navigate

Tags | Advanced Search

Tags

Recent Blog Entries

Happy New Year
Happy New Year 2009
Tomcat 6.0.18, Apache 2.2.9, proxy_ajp on Ubuntu 8.10: Almost Trivial...
... after four hours of documentation re-reading. [Update Tue Dec 23 15:30:20 CST 2008] The above line was written two days ago when I moved this blog away from a dying PC. Regular readers might have noticed outages of this blog for stretches of ...
Wednesday Java Quiz
(Mark Volkmann suggested this quiz.) Q: Will the following Java source compile, run without exceptions? .ln { color: rgb(0,0,0); font-weight: normal; font-style: normal; } .s0 { color: rgb(0,0,128); font-weight: bold; } .s1 { } .s2 { color: ...

Recent Responses

Re: Using JavaFX 1.0 On Linux
Try this.
Re: Using JavaFX 1.0 On Linux
I installed everything and added into the $PATH variable, but when I tried to download and install the plugin from NetBeans, it said that the sdk is not found. Did I do anything wrong in the process?
Re: QEMU: The Open Source Processor Emulator
Thanks for the info. I went into the backing store and hand edited the XML. It looks OK now. As for the SVGA driver, I did not write down the exact URL where I downloaded it. And I haven't been playing with the Windows 3.1 image lately. All I can ...

I Read

Blogging Software

Bloglines | News

Simon Brown

Social Websites

programming: what's new online

Linux

Don Marti

Irving Wladawsky-Berger

Mark Shuttleworth

The Pragmatics

Coding the Architecture

C++

Money

Computer Science

Lambda the Ultimate - Programming Languages Weblog

Making it stick.

Recycled Knowledge

Software Engineering Radio - the podcast for professional softwa

OnSoftware (Video + Audio)

OCI Bloggers

Weiqi Gao's Observations

heifner

View from the Fringe

Dale Wilson

Various Technical Topics

dangertree techblog

Code To Joy

Compulsion to Code

It's Just a Bunch of Stuff That Happens

OCI Test Group Google Group

Iconoclastic Tendencies

Vendors and Communities

Editor's Daily Blog

Google Research Blog

Google Web Toolkit Blog

InfoQ Personalized Feed for Weiqi Gao

Planet JDK

Planet Openmoko

TheServerSide.com: Your Enterprise Java Community

Distributed Computing

Eric Newcomer's Weblog

Steve Vinoski's Blog

Untangled

armstrong on software

dot.NET

Eric.Weblog()

Interoperability Happens

Famous Bloggers

I, Cringely . The Pulpit | PBS

O'Reilly Radar

ongoing

Brendan's Roadmap Updates

Rough Type: Nicholas Carr's Blog

Stevey's Blog Rants

Martin Fowler's Bliki

Python

Sam Ruby

Frank Wierzbicki's Weblog

unofficial planet python

Mathematics

Java

The Weblog of Peter Ah?

Stephen Colebourne's Weblog

Beijing Java User Group

Cafe au Lait Java News and Resources

The Cliffs of Inanity

The Java(tm) Specialists' Newsletter

Zden?k Tron??ek's blog

Cliff Click Jr.?s Blog

XML

Jeffrey Zeldman Presents The Daily Report

Web Things, by Mark Baker

James Clark's Random Thoughts

JavaFX Script

Chris Oliver's Weblog

James Weaver?s JavaFX Blog

Mike's Weblog

DevJFX

Peter Pilgrim Java Champion Enterprise Weblog

Don Box on James Gosling on .NET and Java

Go read.

Responses[2]

Posted by Weiqi Gao on February 6, 2005 7:37:51 AM CST #

Re: Don Box on James Gosling on .NET and Java

Comment from Brian Gilstrap on February 7, 2005 4:18:32 PM CST #

Of course, Don didn't 'get it'. The comments Gosling was making were about including C and C++ support in the CLR, thus encouraging people to write code that has substantially lower verifiability and thus a much greater chance of having vulnerabilities.

Re: Don Box on James Gosling on .NET and Java

Comment from Weiqi Gao on February 7, 2005 7:11:40 PM CST #

I liked Don's explanation better than Gosling's comment. Prior to this, I thought the C# unsafe code feature are the moral equivalent of JNI, and I was sure Gosling was wrong.

Don's explanation actually moved me towards Gosling's argument, at least theoretically.

I don't know how much of this debate can translate into practice. In Java, you can say "if you load native libraries, the all security bets are off." Can you say "in C#, if you write unsafe code, all security bets are off?"

From another angle, say I actually wrote a line of unsafe code in C# that, if written in C, is exploitable. Does that mean the code is exploitable in C#? Is this more bad, as bad or less bad as writing an equivalent piece of JNI code in Java?

There is a lengthy debate about this going on at TheServerSide.com right now.

Add a comment Send a TrackBack

February 2005
Sun	Mon	Tue	Wed	Thu	Fri	Sat
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28
Jan \| Today \| Mar

2009 January (1)	2008 December (10) November (14) October (16) September (18) August (16) July (7) June (11) May (14) April (17) March (13) February (11) January (12)
2007 December (10) November (9) October (12) September (9) August (17) July (9) June (18) May (16) April (9) March (14) February (13) January (18)	2006 December (15) November (10) October (15) September (13) August (16) July (7) June (18) May (22) April (17) March (20) February (16) January (14)
2005 December (15) November (13) October (15) September (17) August (14) July (13) June (11) May (14) April (12) March (24) February (18) January (12)	2004 December (18) November (20) October (17) September (20) August (18) July (19) June (13) May (18) April (17) March (14) February (13) January (17)
2003 December (16) November (11) October (14) September (10) August (19) July (6)

Re: Don Box on James Gosling on .NET and Java Comment from Anonymous on January 8, 2009 6:35:44 PM CST #
Title
Body	HTML : b, strong, i, em, blockquote, br, p, pre, a href="", ul, ol, li, sub, sup
Name
E-mail address
Website
Remember me	Yes No
E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).

Username
Password
Remember me