Google Native Client Puts x86 On the Web

← Back to Stories (view on slashdot.org)

Google Native Client Puts x86 On the Web

Posted by timothy on Tuesday December 9, 2008 @03:33AM from the which-can-then-be-virtualized-ad-infinitum dept.

t3rmin4t0r writes "Google has announced its Google native client, which enables x86 native code to be run securely inside a browser. With Java applets already dead and buried, this could mean the end of the new war between browsers and the various JavaScript engines (V8, Squirrelfish, Tracemonkey). The only question remains whether it can be secured (ala ActiveX) and whether the advantages carry over onto non-x86 platforms. The package is available for download from its Google code site. Hopefully, I can finally write my web apps in asm." Note: the Google code page description points out that this is not ready for production use: "We've released this project at an early, research stage to get feedback from the security and broader open-source communities." Reader eldavojohn links to a technical paper linked from that Google code page [PDF] titled "Native Client: A Sandbox for Portable, Untrusted x86 Native Code," and suggests this in-browser Quake demo, which requires the Native Code plug-in.

83 of 367 comments (clear)

Min score:

Reason:

Sort:

doesn't sound too secure yet by alain94040 · 2008-12-09 03:33 · Score: 5, Insightful

This is not a good thing: by definition x86 code is not portable across platforms.
Secure or not, it goes against the main founding principle of the web, which is portability. There are other ways to solve the performance issue, I thought just-in-time compilers were getting pretty close anyway (50% according to http://www.mobydisk.com/softdev/techinfo/speedtest/index.html).
On the security side, I'll just quote Google's description: "modules may not contain certain instruction sequences". That doesn't sound like a robust way to detect malicious code.
http://fairsoftware.net/ where software developers share revenue from the apps they create together
1. Re:doesn't sound too secure yet by Sockatume · 2008-12-09 03:43 · Score: 4, Funny
  
  You could work around that compatability issue easily, just set up the browser so it runs inside a preset virtual machine or emulator on the host, so that you can just write x86 code for that virtual machine/emulator rather than executing it directly.* (I heard you like programs, so I put a machine in your machine so you can execute while you execute.)
  
  *Someone may have thought of this already.
  
  --
  No kidding!!! What do you say at this point?
2. Re:doesn't sound too secure yet by Anonymous Coward · 2008-12-09 03:44 · Score: 3, Insightful
  
  On the security side, I'll just quote Google's description: "modules may not contain certain instruction sequences". That doesn't sound like a robust way to detect malicious code.
  Why not? It just means that the permissible instruction sequences are limited to a subset that can be statically analyzed and verified to be safe. The Java VM has similar verification algorithms that are run whenever untrusted code is first loaded.
  It's true that this does not allow all x86 code to run; it's at least practically (and probably theoretically) impossible to correctly determine whether or not a piece of code is safe, but as long as the VM errs on the side of caution, there shouldn't be any problems with this approach.
  I will grant that this makes it unclear what the advantage is over (say) Java applets. What can this technology do that the Java VM couldn't? As far as I'm concerned, the failure of Java in the browser has more to do with the lack of a standard library for high-performance multimedia applications (think: Flash) than with shortcomings in the bytecode language.
3. Re:doesn't sound too secure yet by Anonymous Coward · 2008-12-09 03:48 · Score: 2, Informative
  
  by definition x86 code is not portable across platforms
  Sure it is, you just write a JIT compiler from x86 to your native machine code, thus COMPLETELY nulling any advantage this has over other JIT languages :)
4. Re:doesn't sound too secure yet by larry+bagina · 2008-12-09 03:55 · Score: 5, Insightful
  
  Those that don't understand java are doomed to repeat it.
  
  --
  Do you even lift?
  These aren't the 'roids you're looking for.
5. Re:doesn't sound too secure yet by AKAImBatman · 2008-12-09 03:57 · Score: 4, Insightful
  
  Why not? It just means that the permissible instruction sequences are limited to a subset that can be statically analyzed and verified to be safe. The Java VM has similar verification algorithms that are run whenever untrusted code is first loaded.
  One of the key differences is that Java code and data are separated to the point of paranoia. I cannot load a classfile as data and pass through execution to the native system. With the x86 instruction set, I can load a data file and execute a jump to a data segment without the code having passed through any sort of system loader. A VM would have to take this into account. Not to mention common issues of stack smashing, heap overflows, and other common memory tricks to execute unwanted code.
  When you're managing native code, it only takes one slip-up to hand over the keys to the kingdom. That slip-up may be as simple as a two byte exploit, but it's a slip-up none the less. One must be VERY careful with native code because there is no way to prove that it is safe to execute natively.
  Hypervisor features in modern processors simplify the issue somewhat, but it is still not proven that hypervisors are without exploits. Not to mention the overhead of running dozens of simultaneous hypervisor environments.
  Java and Javascript have it right. Java bytecode is provably correct because it targets an ideal machine. Thus the code can be translated into well-behaved native code with the linkage between data and code managed during or after translation. Javascript is just as good because it provides an abstract execution environment that must rely on exposed APIs to accomplish any interaction with the system. It is provable not possible (shy of an underlying flaw in the browser) for Javascript to break through its execution engine into a native runtime.
  The two platforms may be paranoid, but when you're dealing with security on the scale of the World Wide Web, "better safe than sorry" is a good motto.
  
  --
  Javascript + Nintendo DSi = DSiCade
6. Re:doesn't sound too secure yet by jellomizer · 2008-12-09 04:02 · Score: 2, Interesting
  
  Yes all new technology is bad even R&D concepts. Dag Nabbit I want my ASCII (no freaking colors) 300BPS BBS back you know the ones where you need to put your phone headset into the modem. Back then everything was secure. The password was the telephone number that you dialed. Brute force attacks were expensive. And if the BBS had a Password protection you were secured to no end, where no one can get in who you didn't want.
  Um the way things work with software is the program sends opt-codes to the CPU which interns translates them to particular basic actions. You could emulate X86 across platforms and it has been done before. Virtual PC did that in the past allowing you to run x86 code on a PowerPC processor. For applications all that we really care about putting input in a black box that will do stuff and getting output back. The Web Interface is good at taking input and giving output (By no means the best, but it can get the job done with a lot of tricks) So if google approach is server side then it would in general be available across clients platforms. Allowing you to run a wide array of applications regardless of your client.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
7. Re:doesn't sound too secure yet by Chyeld · 2008-12-09 04:03 · Score: 2, Insightful
  
  Isn't Java run in an emulated fashion on all platforms? Isn't that part of the 'slow' image that it cultivated in it's early years, that it was too slow due to the emulation of the java 'virtual machine'?
  Is the problem here that this could mean some machines won't be as slow as others or just that its x86?
  What exactly is the difference, outside of one having a much larger code base to 'exploit' and the potential for a huge speedup on machines that can natively handle x86 code?
8. Re:doesn't sound too secure yet by K.+S.+Kyosuke · 2008-12-09 04:04 · Score: 3, Funny
  
  The industry will solve it the usual way: They will put an x86 chip inside!
  
  --
  Ezekiel 23:20
9. Re:doesn't sound too secure yet by VGPowerlord · 2008-12-09 04:07 · Score: 2, Funny
  
  It's a Java system! I know this!
  
  --
  GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
10. Re:doesn't sound too secure yet by phoenix321 · 2008-12-09 04:13 · Score: 2, Funny
  
  Yep, they're re-inventing the wheel, how cool is that?
11. Re:doesn't sound too secure yet by fbjon · 2008-12-09 04:14 · Score: 4, Informative
  
  Java is compiled Just-in-time, though I don't know about smaller, obscure or embedded platforms.
  
  --
  True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
12. Re:doesn't sound too secure yet by Ed+Avis · 2008-12-09 04:19 · Score: 4, Interesting
  
  x86 code runs natively on 90% of the processors out there. Java or .NET bytecode runs natively on about 0% of them (Sun did have a Java chip once but it is long dead). So it is hardly any worse than the alternatives. There are many x86 emulators and some of them have reasonable performance.
  If we were starting from scratch now, nobody would choose the barnacle-encrusted i386 instruction set as a way to distribute programs. But given the hardware and software that exists, it's not such a bad choice.
  
  On the security side, I'll just quote Google's description: "modules may not contain certain instruction sequences". That doesn't sound like a robust way to detect malicious code.
  Of course, the way to do it is to define what instruction sequences are safe and allow only those. I assume that's what they are doing and 'modules may not contain certain instruction sequences' is just the one-line summary.
  That said, you can make any instruction sequence you like using the assembler and run it on your Linux system, and it cannot break out of the process virtual machine to access hardware or memory belonging to other processes or the kernel. If it can, this would be a bug in Linux. So there is no reason why arbitrary instruction sequences couldn't be allowed in principle, if you let the operating system do the work of sandboxing the process. After all why reinvent the wheel?
  
  --
  -- Ed Avis ed@membled.com
13. Re:doesn't sound too secure yet by tomhudson · 2008-12-09 04:29 · Score: 2, Interesting
  
  Those that don't understand java are doomed to repeat it.
  
  Worse - their example doesn't even make sense ...
  
  Today, you could provide this feature using a combination of JavaScript and server side processing. This approach, however, would cause huge amounts of image data to be transferred between browser and the server, leading to an experience that would probably be painfully slow for users who just want to make a few simple changes. With the ability to seamlessly run native code on the user's machine, you could instead perform the actual image processing on the desktop CPU, resulting in a much more responsive application by minimizing data transfer and latency.
  
  So you still end up downloading code ... and probably a lot more code, since you don't have libraries like javax.swing sitting on the users' machine to tap into, you have to download an entire UI ...
  What would be better would be to more tha apps out of the browser completely. There's no reason that a java app sitting on your local machine can't do the photo touch-ups w/o having to be embedded in a browser, just like there's no reason you can't open up a remote file in the GIMP and edit it directly if you have the url, username, and password, without having to go through the hassle of right-click in your browser, save to disk, open in GiMP, edit, save to disk, then ftp'ing it back.
  Of course, if too many people start relying on apps that interact directly with the net rather than through a web browser, google's business is threatened.
14. Re:doesn't sound too secure yet by binarylarry · 2008-12-09 04:32 · Score: 4, Interesting
  
  Pretty much all of Sun's offerings have HotSpot built in, which provides JIT compilation for the JVM. IBM's JVM, BEA, etc. all have JIT features. Google's Android has Java-like Dalvik, which is slow as balls and doesn't have JIT functionality.
  Some ARM processors are capable of executing Java bytecode natively. The device developers have to pay for that feature though.
  Really, it sounds like Google is poorly trying to reinvent Java. They've tried this with Android already and it doesn't work so hot from a performance standpoint.
  
  --
  Mod me down, my New Earth Global Warmingist friends!
15. Re:doesn't sound too secure yet by MightyYar · 2008-12-09 04:35 · Score: 2, Interesting
  
  Well, a couple of things...
  First, today there isn't a "first class" platform for Java. It's JIT everywhere (excepting a few devices with chip-based Java execution). So a web developer has to consider performance when using Java or Flash. In contrast, native x86 execution obviously favors x86 machines and creates a web ghetto - similar to ActiveX, though not quite as bad.
  The second problem is that while Java, and now even Javascript, have been pretty well optimized on non-x86 hardware, I've yet to see a x86 bytecode emulator perform as well. Earlier in the thread someone pointed out how JIT-compiled languages are now about 50% as efficient as natively compiled languages. If this is true, then it seems really foolish to eek out that extra 50% by destroying the performance on all other platforms - especially when those platforms are growing so fast.
  My experience with emulation is a bit underwhelming. My G5 Mac can emulate an x86 processor using Virtual PC, but it's slow enough that anything beyond Windows 98 is pretty annoying. I'd hate to see performance of x86 emulation on a phone!
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
16. Re:doesn't sound too secure yet by davecb · 2008-12-09 04:39 · Score: 2, Informative
  
  One might say the same thing about p-code (;-))
  --dave
  
  --
  davecb@spamcop.net
17. Re:doesn't sound too secure yet by LordKazan · 2008-12-09 04:42 · Score: 2, Insightful
  
  that and applets are slow as shit. The National Weather Service still uses a java applet for their single-radar radar loops (uses animated gifs for larger views).. takes forever to load because the JVM is initializing, whereas the animated gif takes exactly as long as it takes to download.
  Java failed in the browser.. because java is slow.
  
  --
  If you cannot keep politics out of your moderation remove yourself from the Mod Lottery.. NOW!
18. Re:doesn't sound too secure yet by H0p313ss · 2008-12-09 04:44 · Score: 3, Insightful
  
  Those that don't understand java are doomed to repeat it.
  Given that Java started as a poor re-implementation of other VM based OO languages that just makes me want to weep.
  
  --
  XML is a known as a key material required to create SMD: Software of Mass Destruction
19. Re:doesn't sound too secure yet by Wescotte · 2008-12-09 04:48 · Score: 4, Funny
  
  (I just love it when my browser runs unmanaged code full of unverified branch statements!)
  Bah! Where's your sense of adventure?!?
20. Re:doesn't sound too secure yet by online-shopper · 2008-12-09 04:51 · Score: 4, Insightful
  
  x86 does not run natively on 90% of the processors out there. ARM beats it by a bit.
21. Re:doesn't sound too secure yet by Xargle · 2008-12-09 04:51 · Score: 5, Informative
  
  x86 code runs natively on 90% of the processors out there. Java or .NET bytecode runs natively on about 0% of them (Sun did have a Java chip once but it is long dead). So it is hardly any worse than the alternatives. There are many x86 emulators and some of them have reasonable performance.
  ARM Jazelle (in quite a number of the ARM revisions deployed all over the place) includes DBX for direct bytecode execution of Java. That includes the iphone and loads of other stuff.
22. Re:doesn't sound too secure yet by X0563511 · 2008-12-09 04:54 · Score: 3, Informative
  
  From the article linked from the story, emphasis mine:
  
  The release contains the experimental compilation tools and runtime so that you can write and run portable code modules that will work in Firefox, Safari, Opera, and Google Chrome on any modern Windows, Mac, or Linux system that has an x86 processor. We're working on supporting other CPU architectures (such as ARM and PPC) to make this technology work on the many types of devices that connect to the web today.
  
  Reading Comprehension FTW!
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
23. Re:doesn't sound too secure yet by LordKazan · 2008-12-09 04:58 · Score: 3, Interesting
  
  my "platform" would be very linux and windows machine i've ever run - all on x86
  try this for a "Slow platform"
  Athlon 64 x2 6000+, 4GB DDR2-800, 250GB SATA-II drive
  JVM initialization is slow because the JVM weights 9 million metric tons.
  and initialization of the VM of any language is an important factor in it's effective performance - no matter if it's per-instruction performance once it's VM is started is almost as good as native code, it will take a long time for that to outweight the initial startup time.
  
  --
  If you cannot keep politics out of your moderation remove yourself from the Mod Lottery.. NOW!
24. Re:doesn't sound too secure yet by should_be_linear · 2008-12-09 05:19 · Score: 5, Interesting
  
  I also noticed that Google is very aggressively trying *not* to use Java JRE anywhere, as Dalvik VM or this x86 nonsense demonstrate. I have no idea why is that, given Java and JRE are FOSS now. One thing is for sure: Their Google Docs and other office-like applications would only start to make much more sense if they use new JavaFX clients (that can be dragged from browser to desktop, becoming standalone app) alongside with improving JRE support in Chrome and Firefox.
  
  --
  839*929
25. Re:doesn't sound too secure yet by TubeSteak · 2008-12-09 05:32 · Score: 4, Funny
  
  Um the way things work with software is the program sends opt-codes to the CPU which interns translates them to particular basic actions.
  Ah ha!
  So that is the secret!!
  Cheap intern labor!
  
  --
  [Fuck Beta]
  o0t!
26. Re:doesn't sound too secure yet by DamageLabs · 2008-12-09 05:33 · Score: 5, Informative
  
  An interpreter compiles each instruction every time it gets executed.
  JIT compiles blocks of code only on first execution. Next time, the compiled code is already in memory.
27. Re:doesn't sound too secure yet by Moochman · 2008-12-09 05:44 · Score: 2, Informative
  
  Have you tried Java 6 Update 10?
28. Re:doesn't sound too secure yet by poot_rootbeer · 2008-12-09 05:52 · Score: 2, Insightful
  
  x86 code runs natively on 90% of the processors out there.
  Among desktop PCs, maybe. But have you heard that they've started putting the web on devices such as cellular phones and set-top boxes? You're not going to find a lot of x86 CPUs in those.
  Of course, the way to do it is to define what instruction sequences are safe and allow only those. I assume that's what they are doing and 'modules may not contain certain instruction sequences' is just the one-line summary.
  Doesn't change the fact that there's no practical and all-encompassing way of whitelisting "safe x86 code" nor blacklisting "dangerous x86 code".
29. Re:doesn't sound too secure yet by Enter+the+Shoggoth · 2008-12-09 05:55 · Score: 3, Informative
  
  On the security side, I'll just quote Google's description: "modules may not contain certain instruction sequences". That doesn't sound like a robust way to detect malicious code.
  Why not? It just means that the permissible instruction sequences are limited to a subset that can be statically analyzed and verified to be safe. The Java VM has similar verification algorithms that are run whenever untrusted code is first loaded.
  It's true that this does not allow all x86 code to run; it's at least practically (and probably theoretically) impossible to correctly determine whether or not a piece of code is safe, but as long as the VM errs on the side of caution, there shouldn't be any problems with this approach.
  I will grant that this makes it unclear what the advantage is over (say) Java applets. What can this technology do that the Java VM couldn't? As far as I'm concerned, the failure of Java in the browser has more to do with the lack of a standard library for high-performance multimedia applications (think: Flash) than with shortcomings in the bytecode language.
  All this means is that google have created a VM in which the "bytecodes" happen to be executable on real hardware, but some of these "bytecodes" have to be intercepted and replaced at runtime with substitute code... this aught to sound familiar; this is what a software hypervisor does (eg VMware).
  In other words every man and his dog has jumped aboard the "I can write an x86-hypervisor" bandwagon, the difference being that google have decided to take theirs and embed it into the browser rather than run as a standalone app.
  Interestingly enough it took the momentum that VMware created to get intel to correct some of the issues with its' ISA to make it much easier to virtualise, perhaps someone the size of google can prod intel into adding a third wave of virtualisation accelartion extensions to their ISA so as to make this idea safer* with low overhead
  *I think virtualisation is a useful thing (I make a living from consulting on it), however I am unconvinced of it being possible, to truly secure it.
  
  --
  Andy Warhol got it right / Everybody gets the limelight
  Andy Warhol got it wrong / Fifteen minutes is too long.
30. Re:doesn't sound too secure yet by prockcore · 2008-12-09 06:55 · Score: 5, Funny
  
  Knock Knock.
  Who's there?
  .
  .
  .
  (long pause)
  .
  .
  .
  Java.
31. Re:doesn't sound too secure yet by bpkiwi · 2008-12-09 06:59 · Score: 4, Interesting
  
  Two reasons they didn't use a JVM for Android:
  
  1) They started the Android project before Java was open-sourced.
  
  2) Sun has slightly different licenses for desktop and mobile use. The desktop license is GPL with a classpath exception (letting you write non-GPL java apps to run on the virtual machine), the mobile license is straight GPL. Google didn't want to force developers to only produce GPL apps for Android, so they could not use this.
  
  See Stefano's blog
32. Re:doesn't sound too secure yet by Free+the+Cowards · 2008-12-09 07:04 · Score: 2, Insightful
  
  Seeing how JIT-compilation means that the code is compiled to native code just before being executed, this is clearly rubbish. JIT-compilation results in native code, just like any other compilation; the program is simply stored in some intermediate form (bytecode) rather than in the final compiled form.
  ...
  
  Yes, this is true. Emulation is horrible for performance. This whole idea is ludicrous.
  You contradict yourself here. JIT is one way to perform emulation. Either JIT isn't as fast as native code or emulation isn't horrible for performance, you can't have it both ways!
  
  --
  If you mod me Overrated, you are admitting that you have no penis.
33. Re:doesn't sound too secure yet by Billly+Gates · 2008-12-09 07:40 · Score: 2, Interesting
  
  Don't modern processors that are pentium IV's and above feature protection from data vs application code? Windows XP service pack 2 features it and I am aware that programs have to be recompiled to take advantage of it.
  In a few years it will make sense just to compile the code for the pentium IV and above and you can have the extra protection in your programs like RISC processors.
  
  --
  http://saveie6.com/
34. Re:doesn't sound too secure yet by Dolda2000 · 2008-12-09 07:44 · Score: 2, Informative
  
  When you're managing native code, it only takes one slip-up to hand over the keys to the kingdom. That slip-up may be as simple as a two byte exploit, but it's a slip-up none the less. One must be VERY careful with native code because there is no way to prove that it is safe to execute natively.
  Hypervisor features in modern processors simplify the issue somewhat, but it is still not proven that hypervisors are without exploits.
  That's not at all true, though, and you certainly don't need any supervisor CPU features. It is quite easy to run native code completely securely -- all you need to do is set up a private virtual memory space for the managed code, and only provide it with a call gate to your own program code through which it can do controlled requests. It's done at large scale -- it's called a "process" in normal OS parlance. You may have heard of the term
  The normal problem is just that the operating system gives too much privilege to all processes, such that any running process can access the filesystem, the network stack, can allocate limitless amounts of memory (swappable memory, but nevertheless) and so on. However, that's a problem with the operating system, not with the CPU. In fact, later versions of Linux has a special process mode called SECCOMP, in which the process may only call exit(), read() and write() (the latter two only on already open file descriptors), which could certainly be used to implement Google's idea completely securely.
  The problem in this case, that the OP complained about was that Google seems to only blacklist certain program data bytes, which is most likely unsafe, as there are probably other code paths left that could be used to execute unsafe code that noone would have thought to blacklist.
  My point is just that there's no reason to think that a JVM is inherently more secure than an x86 CPU. It's just the Java class library that's more secure than your standard off-the-shelf operating system.
35. Re:doesn't sound too secure yet by cmacb · 2008-12-09 07:46 · Score: 2, Insightful
  
  Thanks for your comment and the links. Every time I run across an article like this and sigh, wishing I had the technical cojones to explain why it is that we were doing things like this on mainframes in the 80s with complete safety... and continuing to wonder why Intel couldn't just COPY the damned concepts if they can't figure out how to implement them from scratch.
  Our world continues to be saddled with a half assed operating system running on a third rate architecture and for no other reason that technology takes a back seat (or maybe it's more like back of the bus) to marketing, bribery and collusion (with an unhealthy dose of buyer ignorance thrown in for good measure).
  I continue to hope that good technology will win out eventually, although I'm almost convinced at this point that it will have to come from some country that hasn't been bought out by the Borg.
  I wonder though, and maybe you know, why isn't the Power-PC mentioned in the Wikepedia article. I would assume because of its origin that it is closer to the 370 than to the Intel architecture in being fully virtualizable, a concept apparently not on the "roadmap" that Steve Jobs kept referring to in his rationale for Apple's switch to Intel. The Power-PC represented our best hope of escaping the Intel monoculture and I'd like nothing better than to once again have a mainstream non-Intel (and non-Intel-like) choice when I pick my next laptop.
  Of course if Intel had a deserved (I'm being generous) third of the market then what Google is doing with this initiative would be dead in the water (as it probably should be).
36. Re:doesn't sound too secure yet by jonbryce · 2008-12-09 09:03 · Score: 2, Informative
  
  You can type the brackets for <tags> by using the html codes such as < and >.
37. Re:doesn't sound too secure yet by IamTheRealMike · 2008-12-09 09:03 · Score: 5, Informative
  
  Holy crap. AKAImBatman I usually enjoy your posts, but it's painfully clear nobody on this thread - including you - has actually read the paper.
  If you had, you'd see that this system is secure. It's simple yet clever at the same time. By using a combination of x86 segmentation (which ironically you say is never used anymore!), alignment rules, static analysis and - crucially - masked jumps, it's possible to ensure that native code cannot synthesize unverified code in memory and then jump into it. If you can prevent arbitrary code synthesis, you can control what the program does. It's as simple as that.
  Even though the verifier for this system is microscopic (compared to, say, a JVM), and so much more likely to be correct, NativeClient also includes a ptrace sandbox to provide an additional redundant level of protection.
  
  One must be VERY careful with native code because there is no way to prove that it is safe to execute natively.
  I don't blame you, because until I read the paper I also believed this. Once you read it you'll slap your forehead and say, my god, it's so simple. Why didn't I think of that?
38. Re:doesn't sound too secure yet by IamTheRealMike · 2008-12-09 09:07 · Score: 2, Informative
  
  I used to think Jazelle meant actual Java bytecode execution on the chip, until I talked to an Android developer about it. It turns out that Jazelle is quite incomplete and traps out to native code quite frequently ... for instance, to call a method.
  That said, so what? You already have to write special web pages for mobile devices if you want a truly great user experience. The performance/power profiles of mobile devices are so radically differen to desktops that being unable to run x86 code natively isn't a big deal ... even if there was some kind of hardware neutral IL you still wouldn't want to use it on mobiles, for the same reason mobile browsers don't download and run WebStart applets.
39. Re:doesn't sound too secure yet by Lokitoth · 2008-12-09 09:20 · Score: 2, Insightful
  
  Thanks to Microsoft's known influence to corrupt all the standard bodies the "(applet)" tag is now depreciated. ITs been depreciated since html 3 last century.
  Realize that the <object> tag is vastly superior to the <applet> tag in that it can be used for other things, like Adobe's Flash and Microsoft's Silverlight, as well as new technologies yet to be developed. It is that Java was very slow (pre-JIT), loaded very slowly (pre-"New Bytecode Verifier") and was a pain to do anything good looking or active in - see Flash and Silverlight - added to the fact that Javascript was easier and faster to write and gave developers a platform nearly as robust that killed applets. The tag has nothing to do with it.
40. Re:doesn't sound too secure yet by onitzuka · 2008-12-09 10:45 · Score: 2, Informative
  
  Java is compiled Just-in-time, though I don't know about smaller, obscure or embedded platforms.
  On mobile phones that use ARM chips Java byte-codes can also be executed directly by the CPU if the ARM chip implementes Jazelle. These ARM chips have a "J" in their names (eg. ARM926EJ-S).
  Read about it here: ARM Jazelle.
41. Re:doesn't sound too secure yet by Adam+Jorgensen · 2008-12-09 22:55 · Score: 2, Interesting
  
  Quite a bit I'd say. Last time I checked, every Tom, Dick and Jane has a Cellphone (Mostly running on ARM chips). The same can not be said for x86...
The important (and finally valid!) question by Faw · 2008-12-09 03:35 · Score: 4, Funny

Does it run Linux??
1. Re:The important (and finally valid!) question by Anonymous Coward · 2008-12-09 03:41 · Score: 2, Funny
  
  Does it run Linux??
  
  I just tried Debian PPC, and apparently, no it doesn't.
2. Re:The important (and finally valid!) question by mikeee · 2008-12-09 04:06 · Score: 3, Funny
  
  So as if javascript isn't bad enough, now we're going to have the inevitable beowulf cluster running across the tabs of our browsers?
Two steps backward by AKAImBatman · 2008-12-09 03:35 · Score: 4, Insightful

Google has announced its Google native client, which enables x86 native code to be run securely inside a browser.
Because all that we need is to further promote an archaic instruction set that won't die because of all the pre-existing code compiled for it. An instruction set that was finally starting to loosen its grip as the industry worked toward more abstract solutions.

With Java applets already dead and buried
And with good reason!!! Plugin engines do not provide a very smooth browsing experience. You must wait for them to download and activate before you can start using the widget. Meanwhile, Javascript is designed for execution as the page is loading.
The heavyweight JVM was probably the worst offender, but look at Flash for another example of an engine that most developers would rather eliminate. While it was hip to create entire websites out of Flash for a while, the platform was very user-unfriendly and almost died out. Thanks to infighting over video standards however, Flash was able to hold on as a video delivery platform and even gained a margin of success as a web-gaming platform. (About the only area where Java Applets really shined back when they were popular.)
My personal opinion* is that this is a step in the wrong direction. Javascript engines are getting good. Damn good. I'd like to see more R&D poured into these engines and the underlying technologies rather than reinventing ActiveX and Java. If researchers wanted to invent a more efficient or usable browser language other than JS, I'd be all for it. But I don't run a browser to become a part of a compute farm. I run a browser to access web information and applications. Very little of which is compute-intensive enough to require a new execution engine over a more advanced set of APIs.
* ...and 50 cents won't buy you a cup of coffee anymore, so take it for what it's worth.
** As an aside, C/C++ is an incredibly complex build environment. Why anyone would want to continue subjecting developers to the angst of compiler differences, makefiles, configure scripts, and other irritants is beyond me. As is typical with such platforms, I can't even get the examples running on my machine. The run.py script dies with an "Invalid Argument" on line 42 and the nacl-gcc compiler fails with syntax errors a-plenty. I'm sure I'll figure it out eventually, but WHY oh why do we want to promote such a complicated method of compiling code?

--
Javascript + Nintendo DSi = DSiCade
1. Re:Two steps backward by Anonymous Coward · 2008-12-09 03:50 · Score: 3, Interesting
  
  f researchers wanted to invent a more efficient or usable browser language other than JS, I'd be all for it.
  I really hope so. Does anyone actually enjoy programming JavaScript? No real objects, weak typing, etc. It's fine for small bits of code, but for larger apps? Ugh.
  
  A "lite" version of Python would be nice. Shove (erm, specify) lots of interesting libraries into the browser itself, and let us use those.
2. Re:Two steps backward by MikeBabcock · 2008-12-09 03:51 · Score: 5, Interesting
  
  The only problem you seem to have with Java plugins is the load time -- this is only resolved by Javascript because JS is pre-loaded by the browser at all times (in modern browsers at least).
  If other plugins were to be marked as 'frequently used' by the plugin engine and loaded at runtime instead of page load-time, they'd obviously be just as responsive as Javascript (or more so, since Java is compiled to native code in many cases).
  Making a browser that integrates Java in a reasonable way and makes it work just as seamlessly as Javascript was tried already (by Netscape) but it was before we had computers with enough RAM to handle it IMHO.
  
  --
  - Michael T. Babcock (Yes, I blog)
3. Re:Two steps backward by ardor · 2008-12-09 04:06 · Score: 2
  
  Whats the problem with JavaScript? I have written JS code with >20k lines already, and it was quite ok. Among the things that irritate me is this "var" nonsense (declaring a variable without var puts it in the global namespace!), but other than that, it was fine. Also, you are wrong, JS has real objects. And, weak typing can be a very powerful tool if used properly. Note that Python has weak typing too...
  
  --
  This sig does not contain any SCO code.
4. Re:Two steps backward by AKAImBatman · 2008-12-09 04:09 · Score: 4, Insightful
  
  The only problem you seem to have with Java plugins is the load time -- this is only resolved by Javascript because JS is pre-loaded by the browser at all times (in modern browsers at least).
  The Java runtime was compiled into early browsers like Netscape. So the load time is not caused by the plugin itself. (Though that does play a role in the first activation.) The load time is the time it takes to download the complete application, dearchive the components, load the components into an interpreter or JIT, initialize the environment and/or APIs used, and finally present the application to the user.
  Javascript fits in better with the way web browsers are designed in that the browser executes each individual module during the page load. The makes page loading more asynchronous and thus a better experience for the web user. The web developer can still throw up a "loading" progress bar for applications must preload, but they are the exception rather than the rule.
  
  Making a browser that integrates Java in a reasonable way and makes it work just as seamlessly as Javascript was tried already (by Netscape) but it was before we had computers with enough RAM to handle it IMHO.
  There is more to the issue than meets the eye. Besides the synchronous aspect I mentioned, the client Java runtime has also grown to meet the expansion in system memory and complexity. Which is a good thing from the perspective of writing rich applications for deployment on the server or desktop. It's a bad thing when we're talking about the time-sensitive environment of the web browser. If you want an ideal JVM for the browser, Sun is going to have to strip it down again and make the platform a better fit than it has been in the past. (A version that relies heavily on the DOM for APIs would be preferable.)
  They're also going to have to work out a good method of solving the load problem. Even Flash allows for partial execution prior to the load being complete. (This is how most Flash games show a LOADING screen.) Java was not designed with this in mind and the platform shows it. There are ways a developer could work around it using dynamic class loading, but this requires a great deal of knowledge, effort, and skill on the part of the developer.
  My own feeling is that it's best to let sleeping dogs lie. I love the Java platform, but it currently has a higher calling. Best to let it work where it excels and focus on the aspects of the browser that currently excel. (e.g. Javascript)
  
  --
  Javascript + Nintendo DSi = DSiCade
5. Re:Two steps backward by vrai · 2008-12-09 04:20 · Score: 2, Interesting
  
  As an aside, C/C++ is an incredibly complex build environment ...
  C/C++ are programming languages, not build environments. There's nothing to stop developers using qmake, or Jam, or one of many more user friendly build systems. The fact that the examples don't is more indicative of the intended audience (expert native-code developers) than anything else.
  As to "why build this at all" ... because they can, they want to and it has the possibility to provide a feature set not currently available. No one who isn't a graphic designer likes websites made entirely out of flash; but flash games are undoubtedly popular and fun. In general I don't like the use of Javascript (if I see another stupid fading menu I'm going to hunt down the developer who wrote it and kill them as they sleep) but I love the GMail interface and wouldn't be without it.
  The web is nothing if not Darwinian. If this technology has no real use it will go the way of Java applets and VRML. If a killer app can be found it will become part of the landscape and we'll all forget what it like to live without it.
6. Re:Two steps backward by AKAImBatman · 2008-12-09 04:26 · Score: 4, Interesting
  
  Does anyone actually enjoy programming JavaScript?
  I do. And so can you. It's the C-based syntax that throws most programmers for a loop. Once you realize that the language is actually of a functional design similar to LISP, everything gets a lot easier.
  
  No real objects, weak typing, etc.
  Javascript has one of the most flexible Object systems I have seen in my 20+ years of programming. And its typing system is actually quite strong. Like another poster mentioned, it's dynamically typed not weakly typed. Which is an issue that fades into obscurity once you understand how to properly utilize the language.
  
  It's fine for small bits of code, but for larger apps? Ugh.
  Javascript (like most functional languages) is perfect for building large apps out of a massive number of small bits. Look up scoping in Javascript sometime and you'll understand that larger apps get built by having machines within machines within machines to go from simple tasks to ever more complex tasks. It is, in many ways, a more scalable solution than APIs and packaging. But it is different and therein lies the crux of its failure in the minds of many programmers.
  
  --
  Javascript + Nintendo DSi = DSiCade
7. Re:Two steps backward by AKAImBatman · 2008-12-09 04:43 · Score: 3, Insightful
  
  Strong typing means 1 + "2" is nonsense, and you have to explicitly convert the types.
  That example has nothing to do with strong typing, but rather operator overloading. Both Java and Javascript understand "+" to be a string concatenation symbol when dealing with strings. Thus they attempt to coerce the values into strings. In Java's case, the resulting output looks something like this:
  
  new StringBuffer().append(String.valueOf(1)).append("2");
  
  Javascript does have implicit type casting (e.g. '1' - 1 = 0), but this is a feature that can be found in quite a few strongly languages. (e.g. int x = 10; char val = 10; x += val) Javascript is actually STRONGER than C when it comes to typing. When I cast a variable to a new type, its original type information is redefined and/or completely lost. This can create problems when programmers start using (void *) pointers for everything. Javascript remembers the underlying type of a value at all times. Values are never modified or destroyed, but can be coerced to create a new value with an implicitly cast type.
  
  --
  Javascript + Nintendo DSi = DSiCade
8. Re:Two steps backward by cowwoc2001 · 2008-12-09 04:57 · Score: 3, Informative
  
  Try Java6 update 10 and you'll be surprised. The plugin loads instantaneously and I believe applets load jars on demand as well.
9. Re:Two steps backward by AKAImBatman · 2008-12-09 05:19 · Score: 2, Informative
  
  I'm sick of people spouting off this FUD.
  You seem to be confusing the instruction set with the underlying implementation. Core 2 is awesome. The instruction set is not. So much so that it must be translated into a decent set of instructions by microcode before the processor can pass it through the decoder and ALU.
  
  What is "archaic" about modern x86?
  Oh, I don't know. Instructions for 64-bit programming piled upon instructions for 32-bit programming piled upon instructions for 16-bit programming piled upon instructions for 8-bit programming, all with a half-dozen memory modes to choose from, four different register access methods, special use of particular registers in certain modes, complex instructions added willy-nilly only to be deprecated into slow microcode later on, four different SIMD schemes, a few different floating point modes, a variety of segmentation schemes (none of which are used), support for context switching (that no one uses), variable length instructions, etc, etc, etc.
  x86 is about the worst instruction set known to man. (Which is kind of amusing when you consider that it became the most used instruction set ever.) Even if we assume that the system will only allow a small subset of x86 code, there is still the very real possibility that it will be impossible to protect against the full ISA when executing code natively. Just off the top of my head, I'm already thinking of carefully crafting instructions so that they seem correct when the verifier passes over them in sequence, but actually execute as different instructions when the jump is executed into what appears to be the middle of an instruction. Oops.
  
  Have you looked at a modern x86 microprocessor's implementation of the x86 ISA?
  Yeah, I have. I could kill my cat by accidentally dropping heavy reference manuals sitting on my shelf. The x86 instruction set is far too large, overly complex, redundant, antiquated, and poorly suited as a replacement for VM-targeted instruction sets like Java bytecode.
  
  The only reason to do any of this is speed. You're right, JS is fine for lots of things, but even the best JavaScript JIT won't be as fast as native x86.
  "We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil." --Donald Knuth
  "Speed" is a terrible excuse for attempting a platform like this. Especially when APIs can cover the 3% performance gap that Knuth referred to. I don't need to write a GL renderer in Javascript. I can simply call the necessary APIs to manipulate the native GL instance for me. That's more than fast enough for compute-intensive graphics.
  
  --
  Javascript + Nintendo DSi = DSiCade
10. Re:Two steps backward by cowwoc2001 · 2008-12-09 05:44 · Score: 3, Insightful
  
  No, you're thinking of Java6 (no updates). Java6 update 10 introduced many client-side enhancements, such as preloading of the browser plugin so the first time you hit applets they load instantaneously.
11. Re:Two steps backward by AKAImBatman · 2008-12-09 08:16 · Score: 2, Informative
  
  I'll put this as simply as I can. Javascript execution is like this:
  1. Read <script src="a.js">
  2. Execute a.js
  3. Read <script src="b.js">
  4. Execute b.js
  5. Read <script src="c.js">
  6. Execute c.js
  See how that happens as part of the page load? Now let's look at a similar Java app:
  1. Read <applet src="app.jar" code="a">
  2. Create a new thread and turn over execution to the JVM
  3. Download app.jar
  4. Read Manifest.mf to load references to any necessary libraries
  5. Extract a.class
  6. Verify a.class
  7. Extract b.class
  8. Verify b.class
  9. Extract c.class
  10. Verify c.class
  11. Initialize a.class
  12. Initialize b.class
  13. Initialize c.class
  14. Execute a.class
  Somewhere in there the JVM downloads library JARs referenced by app.jar. When this happens and how is dependent on the classloader. It could be during the initial load, or it could be after execution starts. Either way, the entire applet must be downloaded before execution can begin. That's just the nature of the JAR format.
  Javascript files are not archived and can be executed on demand. Flash files are written out in an odd linear format that allows for streaming of the file. This allows execution to begin even before the file has completed downloading.
  
  --
  Javascript + Nintendo DSi = DSiCade
12. Re:Two steps backward by cowwoc2001 · 2008-12-09 08:32 · Score: 2, Interesting
  
  Either way, the entire applet must be downloaded before execution can begin.
  Wrong. Here are some enhancements that have been added recently:
  Java6: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4690736
  Java6 update 10: "Lazy Downloading" at the bottom of http://java.sun.com/javase/6/docs/technotes/guides/jweb/deployment_advice.html
  I'm not certain whether the latter feature also works for applets (I suspect so) but it proves my point that this is technically possible and already implemented.
I can see the appeal; but it sucks. by fuzzyfuzzyfungus · 2008-12-09 03:42 · Score: 3, Insightful

Yeah, as the title suggests, I can see why this would be attractive. x86s are everywhere, as is code for them, sidesteps the hassle of working it out in javascript, etc, etc. That said, though, it seems really, really gross. For those applications where dealing with an embedded add-on is an acceptable tradeoff for higher performance, we already have java, which is designed for platform independence(JVM), sandboxability, etc. and has had years of development and wide support. Particularly given the increasing popularity of web on embedded(read non-x86) devices, "sorta-kinda-quasi-java-that-only-runs-on-x86s" seems like an enormous step back. Why would you do that?
Did they really just... by geminidomino · 2008-12-09 03:46 · Score: 5, Funny

The only question remains whether it can be secured (ala ActiveX)
HAHAHAHAHAHAHAHAHAHAHAHAHAHA *gasp* HAHAHAHAHAHAHAHAHAHAHAHHAAHHAHA *wipes eyes*
HAHAHAHAHAHAAHHAAHAHAHAHAHAHAH
"secured (ala ActiveX)" by fgaliegue · 2008-12-09 03:46 · Score: 4, Insightful

Talk about an oxymoron.
Beta by rodrigoandrade · 2008-12-09 03:48 · Score: 2, Insightful

"We've released this project at an early, research stage to get feedback from the security and broader open-source communities."

Just slap a "Beta" on it and move on, that's the Google way, right?
1. Re:Beta by ionix5891 · 2008-12-09 04:10 · Score: 2, Insightful
  
  Nope the google way is:
  1. slap "Ads by Google" on everything
  2. ???
  3. PROFIT !
Something similar from Microsoft by Doodhwala · 2008-12-09 03:53 · Score: 4, Interesting

Microsoft is doing something similar and is, in fact, presenting a talk today on leveraging legacy code to deploy desktop applications on the web.

You can find more details here.
GREAT IDEA by scsizor · 2008-12-09 03:56 · Score: 5, Funny

BIG thanks from Russia. i hope it catches on!
google x86 by ablizz · 2008-12-09 03:58 · Score: 3, Funny

Does this mean I can run old DOS games in a browser?
Silent Service II!
1. Re:google x86 by John+Hasler · 2008-12-09 05:07 · Score: 3, Funny
  
  It means you can run old DOS games in your neighbor's browser.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
2. Re:google x86 by Sloppy · 2008-12-09 05:25 · Score: 2, Funny
  
  It means you can DoS your neighbor's browser.
  
  --
  As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
A remarkably bad idea. by John+Hasler · 2008-12-09 04:00 · Score: 5, Insightful

It will go far.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
1. Re:A remarkably bad idea. by freddy_dreddy · 2008-12-09 04:34 · Score: 3, Interesting
  
  from page 3 in the paper:
  
  "In Native Client we disallow such [self-modifying code] practices through a set of alignment and structural rules that, when observed, insure that the native code module can be disassembled reliably, such that all reachable instructions are identified during disassembly."
  
  Ok, when I read the post I had to chuckle when I read the asm joke. I've been programming in asm for 16 years now and there are a few rules of thumb:
  - if assembly is allowed then the only real security is executed by hardware.
  - malware writers love a challenge like this.
  
  --
  "Violence is the last refuge of the competent, and, generally, the first refuge of the incompetent" - Thing_1
2. Re:A remarkably bad idea. by IamTheRealMike · 2008-12-09 09:18 · Score: 2, Informative
  
  Did you get past page 3? Unmasked jumps are forbidden by static analysis, so you can't create new code and jump into it. Existing code is verified against whitelisted opcode sets. Segmentation it used to prevent self-modifying code. Tricks that prevent accurate dissasembly are also forbidden by the verifier.
What a stupid idea by Sloppy · 2008-12-09 04:05 · Score: 5, Insightful

Seriously, this is even worse than saving Hitler's brain by putting into the body of a great white shark armed with lasers.

With Java applets already dead and buried
If you want crap like this, you would be a lot better off, by just exhuming Java applets.
I really hope this project dies a quiet death.

--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
More importantly.... by PinkyDead · 2008-12-09 04:06 · Score: 4, Funny

Does Linux run on it?
(Prompting a possibly valid "In Soviet Russia" gag).

--
Genesis 1:32 And God typed :wq!
With Java applets already dead and buried by Hognoxious · 2008-12-09 04:33 · Score: 2, Funny

With Java applets already dead and buried
Nothing on Netcraft yet...

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Quake in the browser! by yeremein · 2008-12-09 04:50 · Score: 2, Funny

Clearly, playing Quake in the browser is the killer app for this technology.
This is rather clever by Animats · 2008-12-09 05:18 · Score: 5, Informative

This is a fascinating effort. Read the research paper.
This is really a little operating system, with 44 system calls. Those system calls are the same on Linux, MacOS (IA-32 version) and Windows. That could make this very useful - the same executable can run on all major platforms.
Note that you can't use existing executables. Code has to be recompiled for this environment. Among other things, the "ret" instruction has to be replaced with a different, safer sequence. Also, there's no access to the GPU, so games in the browser will be very limited. As a demo, they ported Quake, but the rendering is entirely on the main CPU. If they wanted to support graphics cross-platform, they could put in OpenGL support.
Executable code is pre-scanned by the loader, sort of like VMware. Unlike VMware, the hard cases are simply disallowed, rather than being interpreted. Most of the things that are disallowed you wouldn't want to do anyway except in an exploit.
This sandbox system makes heavy use of some protection machinery in IA-32 that's unused by existing operating systems. IA-32 has some elaborate segmentation hardware which allows constraining access at a fine-grained level. I once looked into using that hardware for an interprocess communication system with mutual mistrust, trying to figure out a way to lower the cost of secure IPC. There's a seldom-used "call gate" in IA-32 mechanism that almost, but not quite, does the right thing in doing segment switches at a call across a protection boundary. The Google people got cross-boundary calls to work with a "trampoline code" system that works more like a system call, transferring from untrusted to trusted code. This is more like classic "rings of protection" from Multics.
Note that this won't work for 64-bit code. When AMD came up with their extension to IA-32 to 64 bits, they decided to leave out all the classic x86 segmentation machinery because nobody was using it. (I got that info from the architecture designer when he spoke at Stanford.) 64-bit mode is flat address space only.
1. Re:This is rather clever by exhilaration · 2008-12-09 06:46 · Score: 2, Informative
  
  I'd just like to thank you for posting the first intelligent comment in this thread.
Only an AC needs to ask... by Tenebrousedge · 2008-12-09 06:37 · Score: 2, Insightful

If you had any, you'd know.

--
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Java Not Dead by Doc+Ruby · 2008-12-09 06:54 · Score: 2, Insightful

Java applets are not "dead and buried". Neither on the Web, nor on mobile phones (with the distinction increasingly meaningless), or on embedded devices, like DVD players and settop boxes (most of which have Java VMs in them, especially Blu-Ray players and other HD players for menus).
What is "dead and buried" is ActiveX, which is x86 code running in a browser's "sandbox". But even that is clearly no barrier to resurgence, as this story shows.
x86 is a lousy architecture for modern purposes. Its design was determined by optimizations for executing Pascal programs, which was the primary programming market for the IBM PC when it was originally designed. That was a long time ago, and only the huge legacy of existing apps (and their forward momentum maintained by huge backwards compatibility design and sacrifices) keeps x86 code popular. I'm all for a SW x86 emulator, especially for newer CPUs so they don't have to be shackled to design compromises just to run the legacy code, instead of doing it newer and better ways with a more modern instruction set. Just like I'm all for the game emulators that will play old Atari 2600 games on Core Duo PCs and ARM mobile phones. Let's just not enslave ourselves to 1980 design priorities optimizing for a really dead language for yet another decade of programming, now going on 30 years, which is 20 generations under Moore's Law.

--
--
make install -not war
Emulation speed by Rob+Y. · 2008-12-09 07:26 · Score: 2, Insightful

The problem with Virtual PC on the G5 is that it needs to emulate the X86 application code plus the Windows OS.
Since most apps strike a pretty reasonable balance between application logic and library calls, most emulators only need to emulate a relatively small portion of the code. They can drop down into native implementations as soon as the app calls library code. That's why script languages are viable at all.
Where I work, we had a large set of applications written in assembler (don't ask) for an '80s vintage minicomputer that was discontinued. Rather then junk the whole thing, we wrote a machine emulator and reimplemented key libraries in C on unix. The result was faster than the original minis, since modern unix hardware was so much faster and the app/library mix was skewed toward the native libraries.
I think one of the problems with traditional desktop Java apps was that major libraries (like Swing?) were not available on all platforms as native code. Again, that leaves you essentially emulating the application plus the platform, which shouldn't be necessary. Don't know if that's still an issue with Java. Certainly Eclipse seems to perform pretty well (once it starts up)...

--
Posted from my Android phone. Oh, I can change this? There, that's better...
you can have both! by ajrs · 2008-12-09 07:58 · Score: 2, Funny

JIT emulation is the worst of both possible worlds! The extra overhead of the bytecode to native translations and the extra overhead of emulation!
Re:catch all error by ArsonSmith · 2008-12-09 08:12 · Score: 2

Bad, only if it is handled bad. Logging an unhanded exception may be a good thing in showing programmers that something is happening that they didn't think of.

--
Paying taxes to buy civilization is like paying a hooker to buy love.
Um... what? by Estanislao+Mart�nez · 2008-12-09 13:38 · Score: 2, Informative
An interpreter compiles each instruction every time it gets executed.
Um, a pure interpreter never "compiles" its program, in the sense of transforming the code into equivalent code in an object language. A pure interpreter usually works this way:
1. Parse source code and produce an abstract syntax tree representation of the program.
2. Traverse that AST according to the interpretation rules of the language, keeping track of the program state at each point.
The easiest example to learn here would be a typical Lisp meta-circular evaulator.
A compiler, on the other hand, translates the AST into equivalent object code in a different language, which can then be run in an implementation of that second language (which can be either a real machine, a virtual machine, a language interpreter, ). For a pure interpreter to "compile each instruction every time it gets executed," there would have to be a program in the object language involved somewhere... and there isn't one, only an model of the successive states of a computation.
--
Are you adequate?