Re: Java Firewall?

[Bennett Todd <bet () rahul net>]

Thomas Whateley wrote:
> I sent this message to the list a last week, but it doesn't seem have made
> it thru. [...] did you actually see this?

I didn't receive the first one; thanks for re-sending it.

I have to say, I have mixed feelings about the idea. However, no matter how
hard I try, I can't seem to put 'em down in writing without clearly stomping
way way out of the charter of this list, which prohibits flaming.

But carving the odd excert out of my first reply:

I'm not sure I see what's the advantage of doing up a whole new OS? You
proposed

> * The whole OS is small and doesn't include alot of baggage
>   that is unnecessary for a FW machine.

but I don't think I see this. Unless you're just doing a router with packet
filtering, you still need to support multiple applications running time-shared
through a common IP stack, and so all of a sudden you need most of the
functionality of a general-purpose operating system. Perhaps that can be done
better than currently available choices. I'd personally be more tempted to
look at say QNX than to try and do a custom OS myself from scratch.

You also wrote

> * Performance issues?  (should be addressed by actual Java chips)

I think history suggests that custom chips don't make fast languages; indeed,
custom chips can turn fast languages into slow ones. Easily 99% of the code I
ever see run is written in C. Didn't someone do a sort of C-on-a-chip a few
years back?

> * Saleability (the marketing guys should love this one)

Now you've nailed an unassailable advantage. Truly stunning fortunes have been
expended trying to turn Java into a silk purse. Ain't gonna happen, You Can't
Get There From Here. But an infinite marketing budget can sell _anything_ to
people who don't know any better, and I could easily see a firewall written
entirely in Java riding on the coattails of the Java marketing crusade.

-Bennett