Artwork

Content provided by Roger Brinkley. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Roger Brinkley or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Java Spotlight Episode 129: Anthony Lai on JSR 236 Java EE Concurrency Utilities @jcp

 
Share
 

Archived series ("Inactive feed" status)

When? This feed was archived on August 03, 2019 01:27 (4+ y ago). Last successful fetch was on July 26, 2016 06:00 (7+ y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 56652292 series 8371
Content provided by Roger Brinkley. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Roger Brinkley or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Interview with Anthony Lai on JSR 236 Concurrency Utilities for Java EE.

Right-click or Control-click to download this MP3 file. You can also subscribe to the Java Spotlight Podcast Feed to get the latest podcast automatically. If you use iTunes you can open iTunes and subscribe with this link: Java Spotlight Podcast in iTunes.


Show Notes

News


Events

  • Apr 23-24, JavaOne Moscow, Russia
  • May 8-9, JavaOne Hyderabad, India
  • May 10, GIDS, Bangalore, India
  • May 14, Java Day Tokyo
  • May 18-19, Geecon, Poland
  • May 22-24, GR8Conf, Denmark
  • May 24-25, JEEConf, Kiev
  • Jun 3-5, JAX Conf, Santa Clara, USA

Feature Interview

Anthony Lai is a principal member of the Oracle technical staff and a developer in the J2EE Connector Architecture area of Oracle Application Server Containers of J2EE. Anthony is also a member of the expert committee for the J2EE Connector Architecture 1.5 specification (JSR 112) and the specification lead for JSR 236 Concurrency Utilities for Java EE.

Mail Bag

Tetsuo wrote:
I think requiring signing applets is the right path. It's a little harder to developers? It's their (well, our) job to understand and handle this kind of thing, not the users'.

I have one question, though:

Currently, when we sign an applet, it can run outside the sandbox (that means, it could read and/or write to any file the current user has access to, run native commands with Runtime.exec(), etc.). I think it asks for permission, but I think it's almost a given that now, when you accept to run a signed applet, you're authorising it to run outside the sandbox (otherwise, there would be little incentive to sign it in the first place) and do whatever it wants to your computer.

If all applets now will require signing and user approval to run, how can the user differentiate a sandboxed applet from a run-as-admin (windows users almost always are admin) applet?

Signing in the past was only done for apps that were going to request elevated permissions. Today all apps need to be signed, but signing doesn't equated to elevated permissions. The user gets different informational prompts for sandboxed vs. privileged apps, and the app developer is is control of whether the app runs inside the sandbox (for now).


What’s Cool


  continue reading

29 episodes

Artwork
iconShare
 

Archived series ("Inactive feed" status)

When? This feed was archived on August 03, 2019 01:27 (4+ y ago). Last successful fetch was on July 26, 2016 06:00 (7+ y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 56652292 series 8371
Content provided by Roger Brinkley. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Roger Brinkley or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Interview with Anthony Lai on JSR 236 Concurrency Utilities for Java EE.

Right-click or Control-click to download this MP3 file. You can also subscribe to the Java Spotlight Podcast Feed to get the latest podcast automatically. If you use iTunes you can open iTunes and subscribe with this link: Java Spotlight Podcast in iTunes.


Show Notes

News


Events

  • Apr 23-24, JavaOne Moscow, Russia
  • May 8-9, JavaOne Hyderabad, India
  • May 10, GIDS, Bangalore, India
  • May 14, Java Day Tokyo
  • May 18-19, Geecon, Poland
  • May 22-24, GR8Conf, Denmark
  • May 24-25, JEEConf, Kiev
  • Jun 3-5, JAX Conf, Santa Clara, USA

Feature Interview

Anthony Lai is a principal member of the Oracle technical staff and a developer in the J2EE Connector Architecture area of Oracle Application Server Containers of J2EE. Anthony is also a member of the expert committee for the J2EE Connector Architecture 1.5 specification (JSR 112) and the specification lead for JSR 236 Concurrency Utilities for Java EE.

Mail Bag

Tetsuo wrote:
I think requiring signing applets is the right path. It's a little harder to developers? It's their (well, our) job to understand and handle this kind of thing, not the users'.

I have one question, though:

Currently, when we sign an applet, it can run outside the sandbox (that means, it could read and/or write to any file the current user has access to, run native commands with Runtime.exec(), etc.). I think it asks for permission, but I think it's almost a given that now, when you accept to run a signed applet, you're authorising it to run outside the sandbox (otherwise, there would be little incentive to sign it in the first place) and do whatever it wants to your computer.

If all applets now will require signing and user approval to run, how can the user differentiate a sandboxed applet from a run-as-admin (windows users almost always are admin) applet?

Signing in the past was only done for apps that were going to request elevated permissions. Today all apps need to be signed, but signing doesn't equated to elevated permissions. The user gets different informational prompts for sandboxed vs. privileged apps, and the app developer is is control of whether the app runs inside the sandbox (for now).


What’s Cool


  continue reading

29 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide