Slashdot Mirror

Geesh, why does no one link to the original USENIX paper on DTrace:
Dynamic Instrumentation of Production Systems

Quite a fascinating read, actually.

"Looks like Sun doesn't want to lose out in the race in supporting dynamic languages."
I'm glad that Sun is taking more steps to make sure that the scripting support in the upcoming version of Java is decent. One thing that is kind of ironic about the first part of your statement is that Microsoft hired the Jython creator - hence Jython came first. I don't think a lot of people realize that Jython has been out for so long.

One reason I'm glad that they hired those two Ruby developers is that if you're going to implement an entire language within the JVM, make it complete and up to date - none of this - "Well we're 4 versions behind the current version of the language, but *it's in the virtual machine*!"

Also, the stated goal of the scripting support in the upcoming version of Java is to allow scripting languages to make calls to the Java backend - specifically if you have a php front end of a website and you have a Java backend, then it will become easier to connect the two. Not only that, but they're making a specification pretty open to any scripting languange.

I actually find the multi-language of of the CLR to be a negative. I work at a fortune 500 and most of us use C# and/or Java. There are a few groups of "programmers" that have always been VB-only/ASP-Only "programmers". They have really no understanding of programming maintainable code.

I'm not sure I follow your logic... How would forcing your poor programmers to switch languages make them better programmers? I think the best that you could hope for is that they'd still be poor programmers, just in a different language.

Besides, the Java Virtual Machine has just as many, if not more lanugages available for it than the CLR. (Note that I said "available" not "supported.")

This is offtopic grousing, but I submitted a Slashdot story that was rejected that I think is pretty important, namely that it is now official that Sun hires two of the main open source JRuby developers, Charles Nutter and Thomas Enebo to work fulltime on Ruby for the JVM, and generally improve tools support for dynamic languages.

This might get a lot of people worried ("Get your stinking Java out of my Ruby!" "Get your stinking Ruby out of my Java!", but I think this will benefit both languages, and especially the JVM as a platform.

FTA: "We basically intercept the Web page, inject our logic and transform the page that is eventually rendered on the browser," Wang said. "We're inserting our layer of code at run-time to make the Web page safe for the end user.

If you want to engage my argument — by all means; but unless you want to look childish, please avoid the ad-hominem attacks (you have no idea what I do or do not understand).

Even if you made a perfect browser [...] that implemented JavaScript to the exact EcmaScript specifications, you would still be vulnerable...

This is the point I was trying to make! The vulnerabilities are NOT the fault of the JavaScript language!

... because the XSS vulnerabilities exist in the web applications, not the browser. The design of JavaScript enables this, ...

No, as you just admitted just a sentence ago, "the design of JavaScript" does NOT enable XSS!

In all three types of XSS (DOM Based, Reflected, and Persistent) the fault is with the programmer (writing browser-side JavaScript code in the DOM Based case and writing server-side code in the other two cases) not validating data they are using to manipulate the DOM (DOM Based) or generate the HTML returned by the server (Reflected, Persistent). The fact that HTML allows a <script> tag is the very root of what allows this to exist at all; where the real fault lies is with the lazy programmer who is not validating the data. Neither the existence of the tag in HTML or the laziness of the programmer is the fault of the JavaScript language.

because the separation between code and data is flimsy (you can insert JavaScript almost everywhere in HTML, with "on ..." events -- you don't even need a script tag);

OK.... let's look at some JavaScript :

var b = {x:'y', i:'z'};
doSomething(b);

Well, what's "code" and what's "data" seems pretty clear to me, b is holding some "data"; there's a function getting called as part of some "code", etc; but I imagine you are trying to refer to something along the lines of:

<html>
<head>
<script>var a = 1;</script>
</head>
<body onload="alert(a);">
</body>
</html>

The problem with referring to that though, is that's HTML, not JavaScript. (And you didn't title your comment thread HTML means no dice.) (Your assertion that you can "insert JavaScript almost everywhere" is flatly wrong too, btw; you can only insert it in <script> elements or in event hander attributes (onload, etc). You can throw <script> elements just about anywhere, but with JavaScript only existing in those two places, it's really not that hard to identify it as being "code".)

you couldn't do it unintentionally with a web browser that only understood Java, and a Java web application. JavaScript makes it very easy, just like C makes it easy to mishandle pointers and fixed length buffers. If C gets criticized for that, it's fair to criticize JavaScript for making XSS vulnerabilities easy.

More of the same... There is no reason someone couldn't (though plenty of reasons someone wouldn't) write a web browser that supported interpreting Java source code instead of JavaScript source code. And if that browser exposed the same host objects (like document) you'd have about an identical number of vulnerabilities, and the exact same XSS vulnerabilities.

Furthermore, mishandled pointers arise directly out of a the design of the C language, for the about fifth time in this

For large installations (read: hundreds of thousands of users) one might also want to take a look at the Sun Java System DS (former iPlanet), which is a very trustworthy and feature rich solution from what I've been told.

The UltraSPARC T1 has an 8-core CPU out on the market today, with 4-thread hyperthreading. Ie, 32-threads at one time on a single CPU. It does this at 72 Watts. Intel and AMD are only talking about quad-core CPUs for next year.

Except the smallest USIV box they make is the 490, 4RU and non-hs power supplies. Get me a 240 replacement with a USIV and I'll be all over it. Or better yet figure out how to add HS dual power and the USIV to the 210.

RAS features include hot-pluggable disk drives; redundant, hot-swappable power supplies; environmental monitoring and fault detection; automatic failover capability; and error correction and parity checking for improved data integrity.

I'm afraid you're right (and I'm wrong).

According to
http://www.sun.com/servers/entry/v240/specs.xml
or
http://www.sun.com/servers/entry/v210/specs.xml
There are no processor upgrades avalaible to the Sun V240 or Sun V210 Server. I suppose that the upgrade is only avalaible to the Big Iron Systems.

I'm afraid you're right (and I'm wrong).

According to
http://www.sun.com/servers/entry/v240/specs.xml
or
http://www.sun.com/servers/entry/v210/specs.xml
There are no processor upgrades avalaible to the Sun V240 or Sun V210 Server. I suppose that the upgrade is only avalaible to the Big Iron Systems.

Heh.. I always thought that one was true..

But when I was trying to find a source for you, I found this:
http://www.sun.com/smi/Press/sunflash/2001-05/sunf lash.20010521.3.xml

I preferred it when I thought it was true.

I think that Sun UltraSPARC IV can replace UltraSPARC III smoothly (they share the same socket, Sun can provide help doing this, c...) According to: http://www.sun.com/processors/UltraSPARC-IV/index. xml "Executing on Sun's Throughput Computing strategy, the dual-thread UltraSPARC IV processor marks the first milestone in Sun's Chip Multithreading (CMT) roadmap (...) It protects customers' investments through 100 percent application binary compatibility, and can provide an upgrade path for current UltraSPARC III processor-based systems " It's like replacing an Athlon Socket AM2 Single Core with a Dual Core (I think...)

For most things - assembler, shell, Perl, C, C++, SQL... Slick Subversion integration is a plus.

Sun Studio for Linux might be worth trying out.

ZFS, 'nuff said.

http://www.sun.com/2004-0914/feature/

Nobody would blink if Sun took a cheap shot at HP. But making fun of two recently deceased Silicon Valley icons, both of whom are still deeply respected by many in the industry, is pretty poor form.

Did you read Schwartz's blog?

An artist has made cutouts of famous industrialists in a hitchhiking pose with and embedded GPS and placed them out to see if they reach their intended destination.

Schwartz: "Now, not everyone thought this was a cool idea. When presented with the opportunity to purchase the likeness of Bill Hewlett and Dave Packard, it having made the trek from the printer ink section of a San Jose Office Depot, our friends at HP elected not to honor their founders. So out of respect for HP's legacy, the fine folks in Sun's marketing team decided to acquire the artwork. Bill and Dave are absolute legends, held in the deepest respect by all of us at Sun. We were honored at the opportunity.

So we bought them, and their garage, for $6,000. Lock, stock and Java phone."

I think decking them out in an "I love Solaris" t-shirt before placing them was more intended as a gentle tease against HP rather than mocking the memory of the founders.

Schwartz is in the middle of trying to pull Sun out of a very deep hole. The company's stock is still trading at under $5/share.

It seems he is doing quite well, They are positioned quite well for the future too, with companies like Google warning that power consumption has started to cost a lot more money than the hardware. That makes well engineered hardware more competetive against large numbers of cheap boxes.

http://blogs.sun.com/navi/entry/try_this_at_home_b uilding

"Does java still take an hour and a half to compile 'hello troll!' on my 486?

Posted by trolly troller on August 26, 2006 at 05:12 PM PDT "

(...in a mass-market product, with tier-1 commercial support, that is. I'm sure you could hack something together that's both cheaper and higher density, but we'll assume for the moment that this is Important Stuff you're storing, and you care about quality.)

http://www.sun.com/servers/x64/x4500/

At $70K retail for 24TB that's a better deal than any top tier storage vendor's array you can find. And a rack of 10 of them puppies lists for $471K. I bet you can talk a sales weasel into a bit of a discount, too. :)

Oh, and it runs Linux. 3

I've been using these personal firewalls for years without a single occurance of malware or rooting. See for yourself, they run on a variety of architecture. They can be found here and here.

A couple of others that are nearly as good (in my personal experience) are here and here. .

Give them a try. You'll be impressed with the increased security.

> Sun appears to treat its OSS efforts as some sort of "dirty little secret",

You must be joking. If it's such a big secret then why do they brag about it on their website!
http://www.sun.com/software/opensource/

Recent versions of Sun Microsystem's developer suite have interval math libraries: http://docs.sun.com/app/docs/doc/806-7998 And since Sun execs are beginning to pull their heads out of their ... and finally making their development suite available for developers (free as in beer), you can play with it: http://developers.sun.com/prodtech/cc/index.jsp

Recent versions of Sun Microsystem's developer suite have interval math libraries: http://docs.sun.com/app/docs/doc/806-7998 And since Sun execs are beginning to pull their heads out of their ... and finally making their development suite available for developers (free as in beer), you can play with it: http://developers.sun.com/prodtech/cc/index.jsp

Except this was available more than a year ago, as 2x4, with each CPU having it's own memory bus too.

Examples:
http://www.sun.com/servers/entry/v40z/
http://www.tyan.com/products/html/thundern4250qe.h tml

Sun could do "simple things" to build a real OpenSolaris community if it were serious about doing so, Frye said. "They would push their design discussions out into the forums, so people can see what's going on," he suggested.

Sun could do "simple things" to build a real OpenSolaris community if it were serious about doing so, Frye said. "They would push their design discussions out into the forums, so people can see what's going on," he suggested.

The way I see it, the reason IBM is acting like this is because they refuse to open source their own major programs (like DB2 and AIX).

So they can't say "Sun is doing a good job at open-sourcing their own software" because then they'd be asked "so why aren't you doing the same?" - and because nobody likes to admit a competitor is doing a good job.

So we get these mealy-mouthed attacks instead.

Given that DTrace has been integrated into MacOS X into Leopard:
http://blogs.sun.com/roller/page/bmc?entry=dtrace_ on_mac_os_x
http://blogs.sun.com/roller/page/mws?entry=dtrace_ on_macos_x_at
and that it's also being worked on for FreeBSD, isn't that proof enough?

The way I see it, the reason IBM is acting like this is because they refuse to open source their own major programs (like DB2 and AIX).

So they can't say "Sun is doing a good job at open-sourcing their own software" because then they'd be asked "so why aren't you doing the same?" - and because nobody likes to admit a competitor is doing a good job.

So we get these mealy-mouthed attacks instead.

Given that DTrace has been integrated into MacOS X into Leopard:
http://blogs.sun.com/roller/page/bmc?entry=dtrace_ on_mac_os_x
http://blogs.sun.com/roller/page/mws?entry=dtrace_ on_macos_x_at
and that it's also being worked on for FreeBSD, isn't that proof enough?

Why not use desktop virtualization and virtualize you XP instances? Sure, you will not have 3D and advanced device support such as PDA's and such. But, if you have a ton of users you need to support that are everyday knowlegde workers it is perfect. It is a lot more simple to manage. Do not download the VM image that can take to long an generate to much traffic. Just use a thin client to access the VM's in the server farm. You have to be careful though not everyone is licensed to talk to XP with their devices or software. A good fit could be using a solution like a Sun Ray from Sun and X64 servers and their Windows Connector. It has no local config like other thin clients, so the bulk of your time is spent focusing on the virtualization servers and not that plus the devices as well. You really can streach out the life time of the devices. Once you get there all you have to change ar the servers in the back end. I know they have deployed it for customers as a developer solution and the users were all Microsoft developers. That is IMO the worst case scenario. http://blogs.sun.com/ponderthis

The only reason they are there is to reduce noise and especially heat in the offices. Be sure to cram a lot of memory in it, otherwise they'll be underperforming. Nice thing is the fact that you can just reboot it if the workstation it is logged into locks up, and log in to another workstation. Bad thing is that you cannot do anything anymore at a full network lockup, but that is also true for the workstations when they cannot reach the $HOME on nfs anymore. And it's less of a fuss to administrate these things.

The only reason they are there is to reduce noise and especially heat in the offices. Be sure to cram a lot of memory in it, otherwise they'll be underperforming. Nice thing is the fact that you can just reboot it if the workstation it is logged into locks up, and log in to another workstation. Bad thing is that you cannot do anything anymore at a full network lockup, but that is also true for the workstations when they cannot reach the $HOME on nfs anymore. And it's less of a fuss to administrate these things.

" What the hell have we been doing for forty years?"

Either cloning Windows, or cloning Macs

The petition you mention, along with a petition to remove multiple inheritance from C++ was taken into account very seriously some years ago: Link

"We don't know which license we're going to use yet. We do know that it will be an OSI-approved license. We also know that any particular license choice is going to disappoint some people, but we don't see any way around that."

Or you could use 5 1U's for with 8 cores or 32 threads each. Then you would run a cool 160 threads in total. For SSL, it will also use an cryptographic co-processor (RSA only, unfortunately).

http://www.sun.com/servers/coolthreads/t1000/specs .xml

Of course, it will only run at a measly 1.2 GHz per core, but still.

http://www.sun.com/processors/UltraSPARC-T1/index. xml - 32 hardware threads in one package.

Which powers the record-breaking T1000/T2000 servers: http://www.sun.com/servers/coolthreads/overview/in dex.jsp

http://www.sun.com/processors/UltraSPARC-T1/index. xml - 32 hardware threads in one package.

Which powers the record-breaking T1000/T2000 servers: http://www.sun.com/servers/coolthreads/overview/in dex.jsp

It is already interesting with Sun's T1000 ("Coolthreads") servers. They have 8 cores per chip. Each core supports 4 threads. Oracle is already scratching its head trying to figure out how the set a fair price on the license for that.

I know, I shouldn't feed a troll....

You are the reason they were reluctant to make it (fully) open source.

You obviously are confident you know more about what makes a good language than the designers of Java do. Have you read even one paper at jcp.org? Have you looked at the people who make up the JCP? IBM, Apple, Cisco, Intel, HP, ATI, NVidia, Creative Labs, Google (!), Apache, Apogee, Namco ... you really think you're smarter than their combined intellect and months of discussion? Trust me, you're not.

I'm sure you and a lot of others are already giddy with excitement over the idea of making a "better Java" with const and operator overloading.

When you understand the "less is more" principle, you'll begin to understand why all your pet features don't belong in the language.

I know, I shouldn't feed a troll....

You are the reason they were reluctant to make it (fully) open source.

You obviously are confident you know more about what makes a good language than the designers of Java do. Have you read even one paper at jcp.org? Have you looked at the people who make up the JCP? IBM, Apple, Cisco, Intel, HP, ATI, NVidia, Creative Labs, Google (!), Apache, Apogee, Namco ... you really think you're smarter than their combined intellect and months of discussion? Trust me, you're not.

I'm sure you and a lot of others are already giddy with excitement over the idea of making a "better Java" with const and operator overloading.

When you understand the "less is more" principle, you'll begin to understand why all your pet features don't belong in the language.

I know, I shouldn't feed a troll....

You are the reason they were reluctant to make it (fully) open source.

You obviously are confident you know more about what makes a good language than the designers of Java do. Have you read even one paper at jcp.org? Have you looked at the people who make up the JCP? IBM, Apple, Cisco, Intel, HP, ATI, NVidia, Creative Labs, Google (!), Apache, Apogee, Namco ... you really think you're smarter than their combined intellect and months of discussion? Trust me, you're not.

I'm sure you and a lot of others are already giddy with excitement over the idea of making a "better Java" with const and operator overloading.

When you understand the "less is more" principle, you'll begin to understand why all your pet features don't belong in the language.

Its only been year since the release of OpenSolaris, and there are already many distributions in development. So I don't think the CDDL is everyone away.

While I don't care for the CDDL, Sun's rationale is well documented.

I'm happy that Sun is deciding to open their JVM and compiler sources, but at the same time its risky business... Sun is afraid that doing so could cause incompatible Java JVMs/Compilers to emerge. James Gosling (creator of Java):

"I lived through the Unix wars...I love Linux to bits, but they've got the same problem all over again. They've got all these distributions, and they're really close, but they're just different enough to be a pain in the butt."

So, the GPL (and certainly the BSD) license may not be a good option for Sun.

This is an exciting time for Java developers though... Java SE 6 is almost out with some cool new features and major performance updates:

http://java.sun.com/developer/technicalArticles/J2 SE/Desktop/mustang/beta2.html

One of my favorite updates being double-buffering for Swing apps... the speed difference is night and day.

Also the upcoming MVM in the distant future could be one of the biggest things for Java since JIT and Generics:

http://java.sun.com/developer/technicalArticles/Pr ogramming/mvm/

I'm happy that Sun is deciding to open their JVM and compiler sources, but at the same time its risky business... Sun is afraid that doing so could cause incompatible Java JVMs/Compilers to emerge. James Gosling (creator of Java):

"I lived through the Unix wars...I love Linux to bits, but they've got the same problem all over again. They've got all these distributions, and they're really close, but they're just different enough to be a pain in the butt."

So, the GPL (and certainly the BSD) license may not be a good option for Sun.

This is an exciting time for Java developers though... Java SE 6 is almost out with some cool new features and major performance updates:

http://java.sun.com/developer/technicalArticles/J2 SE/Desktop/mustang/beta2.html

One of my favorite updates being double-buffering for Swing apps... the speed difference is night and day.

Also the upcoming MVM in the distant future could be one of the biggest things for Java since JIT and Generics:

http://java.sun.com/developer/technicalArticles/Pr ogramming/mvm/

Thanks for the info. Seems like all I was missing was tacking a new line character and then a flush of the my output stream (ie the input stream of the exec'd process).

FYI, in java there is no "posix" class. The only way to interact with another process is by using Runtime.exec() and then using the Process Object ( http://java.sun.com/j2se/1.4.2/docs/api/java/lang/ Process.html ) returned to interact with the process. Interacting properly actually requires starting 3 threads. I still seem to have a problem getting the prompt to be sent over the stdout from the other process, say for example, if I launch ssh or ftp. Its not that its buffered, it just never shows up. I guess its not entirely necessary. Ahh well. Thanks for the help.

The first paper recommended for learning more about floating point arithmetic is usually Goldberg's famous What Every Computer Scientist Should Know About Floating-Point Arithmetic .

I can't remember whether the paper specifically discusses the failure of floating point arithmetic to obey the mathematical laws of arithmetic, but even if not, the background it provides is probably enough for you to understand the reasoning yourself.

It's worse than that. In some kinds of calculations, the error can be so large that the result is entirely meaningless. That is, for example when doing a subtraction between two nearly equal floating point values, both of which were approximated, the result may have more noise than signal. This isn't the usual case, but when writing general code that cares about precise values, you can code yourself a beartrap that only springs in rare circumstances.

There is an excellent article about all of this detail, linked from TFA at sun: http://docs.sun.com/source/806-3568/ncg_goldberg.h tml

Granted, I have never written any code where this matters, but I had never realized really just how bad some of the implications are in some cases.

BigDecimal

The classic paper is David Goldberg's "Everything a Computer Scientist needs to know about Floating Point", online at http://docs.sun.com/source/806-3568/ncg_goldberg.h tml

and

When bad things happen to good numbers (as well as Becker's other floating-point columns on that same page)