Interview with Ken Russel about the new Java plugin

    Well, as I promised, in addition to my post habrahabr.ru/blogs/java/49989
    A short interview with the person who made a great contribution to the development of the new plug-in from Sun. The
    fruits of this person’s labor are used by every developer who writes on the Java platform, and his name is Ken Russell (http://research.sun.com/minds/2008-0811/)

    Please note that the interview was conducted in early December, so some events may be said in the future even though they have already arrived.

    Me: For developers, it became possible to specify additional parameters in the command line for VM. Of course, this is a great functionality which was not enough, but are there any security measures that control the developer's actions? For example, should I be worried about going to some website and hanging my PC because it has 5 applets that allocate 512MB RAM each?
    Ken Russell: We were thinking about creating additional restrictions in the specification of command arguments, for example: limiting the maximum memory size that all applets can request - the maximum size of available virtual memory in the system. However, in the first release of the Java Plug-In, we decided not to introduce artificial restrictions in order to avoid restricting developers in unexpected situations. I note that the Java Plug-In will try to group the applets inside the same JVM even if they request additional memory and use the “separate_jvm” parameter to isolate the applet inside its own JVM, then this JVM will stop when switching from the page. In general, if the applet does not end “cleanly”, then the plugin will “hard” stop the JVM in which it was executed.

    Me: when is the introduction of this restriction planned? and how will it look? For example, can I, as a user, tell the plugin that I trust this applet and if it wants to allocate 2GB of RAM, then let it allocate, but if I just went to some page then the applets on it should not get more than N MB RAM?
    Ken Russell: We have not yet planned a date for the development of this restriction. We are currently focusing our efforts on other areas. If the data received from our customers indicate the need for this functionality, then we will put a priority on it.

    Me: Then the following: applets have the ability to save a small amount of data on the client PC, I did not find any integration in the browser cache mechanism, how can I delete this data? Will it be possible to clear this data when clearing the browser cache? Or should users know how to clean it themselves?
    Ken Russell: The ability to save data is an innovation in Java SE 6 Update 10. Applets running with JNLP support in the plugin can access PersistenceService like any Java Web Start application. I don’t know what policies exist for this data - Java Web Start developers will be able to give an answer - but I think that if you clear the cache on the Java Control Panel, then this data should be deleted.

    Me: Well, but will there be an integration of this cleaning mechanism into the browser-based cleaning mechanism?
    Ken Russell: There are no plans to implement this. The Java cache is specifically separated from the browser cache in order to avoid dependence on the browser implementation of the cache mechanism.
    Me: I mean, as in Flash, you can specify the size of available storage directly on the Web page, or prohibit saving at all.
    Ken Russell: I know a little about Flash mechanisms. As far as I understand, Flash can save something about 100KB of data for each video, and if you need more, you can ask Flash to show the user a request for more. JNLP PersistenceService has a similar limitation, and if you want more, you can sign your applet to have direct access to the file system (provided that the user accepts your certificate).

    Me: the plugin allows you to create new windows marked with an "asterisk", given that the plugin has already left for some time, what kind of feedback do you get, does this really warn the average user that this window was created by the applet and not the browser? And one more thing: now it is possible to take out the applet from the browser, when this happens, the applet gets access to the local file system. Have you seen any malicious applets that asked to be pulled out emulating windows usually displayed by the browser, or is there an opportunity to create a window that will block the area of ​​the screen in which the browser pop-up appears - a security warning?
    Ken Russell: A new security warning was developed in the Abstract Window Toolkit (AWT), and not in the Java Plug-In. I did not closely follow its development, but the feedback from users in general is positive.
    Ken Russell: The assertion that an applet being rendered from a browser accesses the file system is incorrect. Such an applet continues to be executed inside a secure sandbox, unless of course it does not have a signature. We have not yet seen malicious pullable applets. It makes no sense to block the browser-based security warning, because the user will have to confirm it anyway, and this cannot be done using java.awt.Robot or other means.

    Me: Coca is Java's top priority at the moment: to be the most secure platform for the user or the most powerful development platform for developers? or both? If the goal is only one, then why was it chosen?
    Ken Russell: Both. With the new plugin, we made applets in the browser as powerful as regular applications, we still save the java sandbox and security model. The purpose of rewriting the plugin was to remove the artificial limitations of the “power” of applets executed in the browser, and to take advantage of the java platform for developing and deploying browser applets and extrabrowser applications almost identical. And I believe that we succeeded.

    Me: Java applets came out 10 years ago, last year Microsoft presented Silverligth, Adobe updated the Flash plugin. Can Sun's new plugin be considered their answer, and now that Sun will launch an attack on Flash? Do you confirm this statement, or how do you see this situation, which was the motivation to completely rewrite the plugin?
    Ken Russell: The new plugin is just one element in Sun’s overall strategy to refresh Java on client platforms. The motivation for writing plugins for the most part comes from my own efforts in the JOGL project for the possibility of creating applets using OpenGL. It has long been possible to create powerful 3D applications and games written in Java in the form of regular applications or applications for Java Web Start, and we wanted the same features and reliability for deploying 3D content in a browser. The new plugin uses the best architectural elements from Java Web Start and the old plugin to ensure compatibility with old applets and at the same time deploy new features for new applets.
    Ken Russell: As soon as you have a reliable container for applets, the following question arises: what to put in this container. JavaFX is the next big step towards the easy development of richer applications and applets. Look at the release of JavaFX 1.0 in a few days and many examples of amazing applications that can be created on the Java platform.

    Also popular now: