Java Bugs - Hard loop message

Path: dog.ee.lbl.gov!overload.lbl.gov!lll-winken.llnl.gov!uwm.edu!vixen.cso.uiuc.edu!howland.reston.ans.net!tank.news.pipex.net!pipex!swrinde!sgigate.sgi.com!sgiblab!news.spies.com!matra.meer.net!usenet
From: Arthur van Hoff 
Newsgroups: comp.lang.java
Subject: Re: Hostile Applets
Date: Sun, 25 Feb 1996 19:59:35 -0800
Organization: meernet
Lines: 25
Message-ID: <31313027.5B1D@netcom.com>
References: <312F3196.59ED@math.gatech.edu> <4gntg6$e4a@decaxp.harvard.edu>
NNTP-Posting-Host: java.meer.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 2.0 (X11; I; SunOS 5.5 sun4m)

Hi Keith,

> It seems that any applet which executes a tight loop is potentially
> hostile; I've been able to freeze Netscape on applets which had
> the equivalent of
> 
>         while (true) {}
> 
> somewhere in their code.

I won't call that hostile. We've never claimed that we would
protect your browser against resources abuse like infinite loops. 
There are any many similar attacks (try showing a million
windows for example). Any besides, how do you tell the difference
between an MPEG decoder and an infinite loop?

By the way, Netscape could fix this by having a better threading
model that supports time slicing.

Have fun,

	Arthur van Hoff

Suite 3, 345 California Ave, Palo Alto, CA 94306,
415-328 JAVA (main), 415-328 5283 (direct), avh@netcom.com