<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 09/08/2014 06:56, Peter Firmstone
wrote:<br>
</div>
<blockquote cite="mid:1407563776.1841.30.camel@Nokia-N900"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="generator" content="Osso Notes">
<title></title>
<p>I've noticed there's not much interest in improving
Serialization on these lists. This makes me wonder if java
Serialization has lost relevance in recent years with the rise
of protocol buffers apache thrift and other means of data
transfer over byte streams.
<br>
</p>
</blockquote>
Just to add to Brian's comments, I think part of it is that many
people are busy with other things, preparing for JDK 9 for example.
So I think there is a lot of support for investigation and proposals
that would improve things, it's just that some people are too busy
to respond.<br>
<br>
<br>
<blockquote cite="mid:1407563776.1841.30.camel@Nokia-N900"
type="cite">
<p>
<br>
I don't know if isolates will be included with JDK 9 for Jigsaw,
or whether ClassLoaders alone will provide isolation for
modules.
<br>
<br>
The ability to limit visibility and provide isolation of
implementation classes as well as providing limits on memory and
threads for isolated modules would also improve platform
security.
<br>
</p>
</blockquote>
If by "isolates" you mean JSR 121 then I think that would be well
beyond the scope, as would resource management. This isn't really
the thread to discuss how module boundaries will work but just to
say that class loaders and visibility can be weak when it comes to
module boundaries. There are other options available, particularly
when the ability to extend the access control rules are on the
table. So I would suggest not making any assumptions here for now.<br>
<br>
-Alan.<br>
</body>
</html>