It seems the patent in question covers not only client-side executables, but server-side as well: "Once selected the program object executes on the user's (client) computer or may execute on a remote server or additional remote computers" So, not only javascript/flash/java are subjects of this copyright but any CGI/whatnot application as well - or am I reading it wrong ? Igor On Mon, 1 Sep 2003, Simon Brady wrote: > On Sat, 30 Aug 2003, Alun Jones wrote: > > > The descriptions I've heard of this suggest that this patent could be > > applied equally to prevent (or grab payment from implementors of) > > Javascript, Java, Flash, etc. > > > > I'm with you on the security issues with ActiveX (and Javascript) - I > > disable ActiveX on the principle that it has no security consideration, and > > Javascript on the basis that it's been frequently implemented in a > > vulnerable manner. But this is a considerably further-reaching patent than > > merely killing off ActiveX. Before we sing "ding dong the witch is dead", > > let's have some concern for the peaceful Wiccans that might be next on the > > chopping block. > > Java and Flash aren't exactly free of security issues either. In fact, I > would go further and argue that the whole notion of a controlled > client-side runtime environment for remote code has been an unmitigated > disaster for the web (and this is solely from a security perspective - see > http://members.optusnet.com.au/~night.owl/morons.html for a refreshing > take on the usability crisis they've caused). > > I'm not just referring to current implementations with their appalling > defect rates. All client-side runtimes, no matter how well-written, > inherently reduce security. That's their function: to give outsiders > access to your machine they otherwise wouldn't have. > > Even more insidiously, their prevalence numbs users into a mode of thought > that it's quite normal and healthy to let this happen. How can the > security community promote safe browsing when users are being forever > brainwashed into ignoring or disabling security features for the sake of > pointless but pretty downloadable applets? How can we encourage content > developers to reduce attack surface when fashion demands yet more > gratuitous bells and whistles? > > Web applications belong on the server. The more widely this patent gets > applied the better off the browsing public will be. > > -- > Simon Brady mailto:simon.brady@otago.ac.nz > ITS Technical Services > University of Otago, Dunedin, New Zealand > > I don't speak for my employer, and they don't speak for me. >