Bill Joy gave an
interview to Fortune recently and some of his statements puzzle me.
Another reason spam is so bad is that so many
companies use Microsoft Outlook for reading e-mail. Again, because that program
is written in C, it’s quite easy to design a virus to go through your e-mail
address book and broadcast spam to all the people you know
Sometimes, I wonder if Joy really lives in the same world we live in.
Or if he really knows what he’s talking about. There are two things that
are totally wrong in the above quotation:
- It’s not because Outlook is written in C that viruses can read your address book.
It’s because of a Windows language-neutral technology called COM.
- Windows viruses propagate not because of Outlook but because people execute
attachments. You will suffer the same fate if you are using Eudora or
Mozilla Mail and you double click on the virus.
I also note that Joy encourages writing programs in Java over C, because C is
not as safe as Java (true enough) but I notice that he doesn’t mention C#, which
is just as safe.
So by using Outlook, you’re not practicing safe
e-mail. We need a "condomized" version of it.
Even though Joy is "cutting the cord" completely with Sun, he obviously can’t
resist spinning things according to the party line of his former employer. This idea of running
programs in protected environments is very dear to Sun. It sounds good in
theory but is just a disaster of usability in the real world. Let’s
contrast the two approaches:
- Sun decided to go the "sandbox" way, by denying all actions potentially
harmful to Java programs, thus forcing users and developers to explicitly grant
access to dangerous functionalities. The result? A model that has
totally failed to catch on because using Java applets is extremely unpractical
both for users and developers.
- Microsoft decided to take the opposite approach: start by (mistakenly)
allowing everything to run everywhere without restrictions. The result?
They created a tremendous traction in the user space, generated millions of
dollars in revenues both for themselves and the industry, but they also spawned
the civilization of viruses that we all know and hate today. Now that they
have momentum, they are proceeding to patch the holes.
Who made the best choice? You decide.
So far, Bill Joy has been the "enfant cheri" of Sun. Every year, he
came up with a brand new idea and regardless of whether it became a success or
not, Bill Joy kept being saluted as a visionary and a true hero of our time.
But are you really a visionary when you keep repeating that the world is
doomed unless we change our ways, that we should use more solar-powered energy
and design our power-grids so they never black out? Last time I checked,
being a visionary was about proposing solutions for the future, not making trite
statements about events past and predicting extinction.
There is no safety net this time, he will have to prove himself. The
coming years will show whether he really has what so many people see in him, or
if he is simply a standard geek who just happened to be at the right place at
the right time and ended up receiving much more exposure than he deserved.
I wish him well. Honestly. But the only way he can achieve the
ambitious goals he set for himself is to break away from the religion and start
looking at things objectively.
Otherwise, the future simply doesn’t need you.
#1 by Marcello on October 6, 2003 - 5:24 pm
it’s also true that most of the time you don’t need to execute any attachments in Outlook to let a virus propagate, the program does it for you…
#2 by maps and legends - craig pfeifer on October 6, 2003 - 6:25 pm
Joy Blasts Outlook, Cedric Defends It
Finally! A sane and rational person rebutts Bill Joy’s comments about Outlook being the root of all email virii. This…
#3 by Rune on October 11, 2003 - 12:37 am
There are some things in your posting that are just plain wrong. First you have the issue above posted by Marcello that for example the preview mode in Outlook can ‘execute malicious code’. Outlook is the most dangerous e-mail client because of it’s design, wide spread use, and tightly Windows integrations. Don’t blame the users for bad design choices made by Microsoft! It’s not a good habit to blame the users for obvisouly design flaws. Remember that.
The second BIG mistake is your analysis of the ‘choices’ made by Microsoft. It is completely wrong to say that Microsoft deliberatly made the choice of making COM without restrictions and then when they had the marked planned to patch all the security flaws. How they got the marked is a more complex story, and stating it was choices is just a wrong pick of words (as we say it in Norway). Do not take a reductionist account of this, I mean you can’t tell the story by referencing to com and the java sandbox alone.
Last, you seem to know Bill Joy and if that is the case you should now that he ‘often’ answers strangely to questions in interviews. For example saying he i now using Netscape instead of vi etc. You should look beyond that and really take a look at his visions. They are great even though they haven’t been implemented with the right technology and marked strategy. Remember that some of the greatest innovations have been invented by small companies that not neccesary have been a great enterprise/commercial successes, but still got picked up later by other companies with highly commercial success.
Ok, I will stop my bad english now.
– Rune
#4 by Ross Judson on October 13, 2003 - 7:02 am
There is a third way. Neither the sandbox nor the “full access” concept is workable, in a hostile environment (which the internet most surely is).
You must be able to full access, but granting that access must be harmless. I have discussed the idea of a ring system before…the key is to _widen_ the notion of sandbox to include nearly the entire realm of system capabilities, while restricting anything that emerges from that sandbox. Essentially you construct a virtual systems, within virtual systems, within virtual systems…code running at the most protected level includes the base operating system and little else. The next ring out includes basic system updates. Then comes a mutable device driver level, followed by insatlled application levels, and finally throwaway internet access levels. You can create, nest, and toss away these sandboxes at will.
You _cannot_ grant access to external resources in a sandbox. In fact, there should NEVER be a need to — everything a program could possibly need is already available to it in the sandbox.
Shared document directories would be exactly that — document directories, with no execution allowed.
Contamination at the lower levels can be strictly disallowed…
#5 by Osifrage on October 31, 2003 - 12:33 am
Sounds like your sour and full of envy, you have accepted that you will never get the exposure and fame that Bill Joy has gotton, dont be mad, do something about instead of crying on the net.
#6 by Erica on August 8, 2004 - 3:48 pm
Good read
#7 by amateur nude pictures on November 11, 2004 - 10:32 pm
Google linked me to this page, nice reading
#8 by amateur nude on December 10, 2004 - 11:17 am
Hi.