I was really thinking about the attacks exploiting browser plugins. They're the only attacks I've seen in action in my own machines (or in those of people who can be taught not to download untrusted executables) in recent times. Aren't those examples of useful functionality added to the browser that ends up being exploited for malevolent purposes?
Android is a software stack for mobile devices that includes an operating system, middleware and key applications. The Android SDK provides the tools and APIs necessary to begin developing applications on the Android platform using the Java programming language.
By the way, I think it wasn't a wise choice from Sun to brandize the applet loading appearance with the Java logo by default. Besides being tacky, the spinning logos make the user associate Java with the waiting they have to endure before the page they want is displayed.
No, I think.NET is losing relevance as Windows does the same.
Sure, Java supports more platforms,
It's easy to support more than ONE platform, since.NET only runs properly on Windows.
but it's resource and memory hog,
Benchmarks show that Java runs much faster than.NET.
insecure (there's tons of Java exploits out there but none for.NET!)
That's why my Windows Update log shows I have 9 "critical security updates" for the two.NET frameworks I have installed in my Windows machine. And by the way, I don't see why I need to have more than one version of.NET installed at the same time, and why.NET updates have to be so heavy. 40 megabytes for a single security patch?
and Java development is light years behind.NET and C#.
The appeal of Java comes from the fact that it's not an academic language, it's a blue-collar one. This means that Java code is meant to be readable and predictable, but it needs more boilerplate lines. If you want the latest computer science features, you might look at the new languages built on the JVM, such as Scala. C# development is light years behind Scala.
On the other.NET is really lightweight, fast and C# as a language is fast and easy,
Benchmarks tell a different story. And in my personal experience,.NET applications are slow. Cold-starting the Catalyst Control Panel on the Core i7 laptop I'm writing on takes something like ten seconds, during which no progress indicator is shown. The old ATI Control Panel, which wasn't.NET-based, launched instantly.
You also get access to some devices that Java doesn't support
Java supports the same devices as the underlying OS. Of course, doing that kills the program portability. Which is something one wouldn't worry about when coding in.NET, since.NET runs with full functionality on Windows only.
and comprehensive libraries like XNA.
Java's immense software library, much of which is shipped by default in the 20 MB Java installation, is one of its strongest selling points.
If you wanted to make a game, you could code for all Windows, Linux (Mono, even if its sometimes lagging behind on new features), Windows Phone 7 and Xbox360 all at once.
Or you could code it in OpenGL, and it would run on Windows, Linux, Mac OS, Android, Symbian, iOS, HTML5 browsers, and non-Microsoft game consoles.
And Mono lags _years_ behind on new features, doesn't implement key ones such as WPF, and is slow. I've never seen it run flawlessly a.NET application that wasn't written specifically for it.
Also, Visual Studio is much better development IDE than any other.
Nah. Netbeans is better, and is free as in freedom. No ripped-down, "first dose for free" versions needed. Then there's Eclipse which is free, too. And IntelliJ which is commercially supported.
You can't ignore the fact that the browser is the most critical attack surface for any computer connected to the Internet nowadays: often, it's even the only one, given that most other network interactions from home computers are blocked by residential firewalls.
Comparing the trasformation of a component which, as demonstrated by history, is vulnerable to remote attacks, into a remotely-controlled impersonation of the human user itself, to "not installing a browser to prevent users from accidentally finding something malicious on the net", is unreasonable IMHO.
The only reason the GP has nothing to worry about, is that this feature is just an optional extension and doesn't get installed by default.
Java had a native UI layer, it was called AWT, and it really sucked because it exploited the least common denominator of all the platforms that Java supported. So it felt "bolted-on", was hard to use and wasn't flexible. A bit like Java ME. And it's still there if you want to use it, but you really don't want to.
Moreover, using any widget library other than the OS-provided one will result in applications that might look native at a first look, but then will differ in behaviour from true native applications in many subtle ways. Look-and-feel sensitive users will notice that (try selling something not based on Cocoa to Mac users).
Swing is very easy to code for and its integration with Java2D allows for a flexibility I've never seen in other toolkits (e.g. you can draw a button rotated by 27 degrees, a text label mirrored, or add a border around any widget with just a couple lines of code). And it also has a "native" look and feel available.
IMHO, the problem with Swing UIs lies with its response times: often, the first time you use some part of the UI, it will take more time to load and display it than a native widget set would do. From a developer's point of view, instead, I dislike its LayoutManagers: there are a lot of them available, but in my experience for some reason none of them happen to do what I'd like them to do (i.e. placing widgets in a sane and predictable way).
The big problem is "without any comment", not the change
The problem is also in the "within 48 hours" part. You can't have a blog and go on vacation without risking *massive* fines when you're back if somebody got offended by what you wrote on it while you weren't checking your email.
In Italy, using anti-defamation laws to intimidate honest journalists is a national sport (that's why we have so few free reporters). This law will make this practice "a commodity", so that even normal citizens will think twice before saying something about anyone over the web (not only high-ranking politicians - it's especially low-ranking people, think e.g snake oil vendors, who resort to these means to defend their lawn).
I don't know - but for example, it's not that FAT is the only way to format an SD card. In fact, from a technical point of view, it's possibly one of the worst way to do it. But doing it in any other way will make the card non-standard, and Samsung customers upset, when they'll put it inside a card reader only to find out that it isn't able to read the card's contents.
Because some of them, such as Microsoft's ludicrous long file names patent, are required by rogue standards that Samsung and the other Android vendors forcibly have to support if they want their devices to be interoperable.
Oracle really need to improve their Java plugin update mechanism. It's not user friendly at all, on Windows it triggers an UAC prompt before displaying any dialog box, and users have to explicitly start the update by clicking a balloon on the system tray before it disappears after a few seconds. Most of them won't do it, because they have no idea of what a "Java" is. After it's started, the update process happens on the foreground, and displays a series of dialog boxes that the user has to click through, annoying him and interfering with his work.
In my opinion, "consumer" Java should update itself automatically and quietly in the background, as Chrome does. Enterprise users that, for some reason, rely on a specific release of the JRE, will most probably want to have Java's self-update feature disabled anyway.
I can't build my own laptop. Or tablet. And it will cost me a lot more to buy professional hardware instead of picking up some special-offer laptop from the shelves of a large store.
managed if your OEM doesn't suck. eg. Sign your own custom Linux kernel if you want
I can sign it, but then my BIOS won't accept it because my signature is neither the OEM's nor Microsoft's.
2) Win8 doesn't require secure boot to work, it just requires secure boot to put the logo on the PC
Will Windows 8 work with all of its features enabled when booted without secure boot? I asked this question on a MS forum but got no response.
Look at the "measured boot" feature in Microsoft's diagram. What do you think they want to "measure" your boot for?
3) Secure boot can be disabled, again assuming your OEM doesn't suck
OK. I am a software vendor trying to compete with MS. What are the exact steps I should tell my customers to take in order to disable secure boot, so they can install my own OS instead of Windows 8? What keys should they press? When? What option should they select in the BIOS setup to disable it?
4) IT would have a shit storm if they couldn't manage this
5) Server admins would have a shit storm if they couldn't manage this
6) Someone would lose a job at Dell/HP/Gateway/etc if the end user couldn't manage this
I see every day laptops from major manufacturers that can't properly boot from USB drives just because Windows doesn't do it. I would be surprised to see manufacturers care about installing user-supplied cryptographic certificates when they don't even care about much more basic operations.
7) This effectively makes it impossible, with current malware, to ever take over a PC
No. People will still double click exe files they downloaded from the web, because they're convinced that they will do something useful from them. Besides, malware can do all sorts of damage even without administrative privileges. E.g. uploading your own Documents folder to a server on the opposite side of the world, then deleting its contents.
Actually, I've never seen a boot virus in action since the times of DOS. Unless you include pirate Windows boot loaders, of course.
I have yet to hear a logical argument against secure boot, just lots of emo and fud.
1) It makes open source development impossible because the end user can't sign his own kernel. RedHat can (but then, out of the box, any BIOS will reject their signature). Joe Average can't.
2) It gives Microsoft an extraordinary advantage over competitors, who can suppose that their potential customers will be able to buy and install their OSes "only if their OEM did not suck", and even so, only after the customer will have disabled secure boot, which is a tedious, non-standardized, model-specific operation - because Microsoft mandates the "secure boot" to be enabled by default.
The EU will certainly fine Microsoft for this, but it will take years for them to do so, and it could be too late when they'll do.
If that's not blatant copying*, I don't know what is.
My opinion:
(1) is just a joke comparing photoshopped pictures of something that looks like 2004 rugged laptops with windows 7 desktops attached on them, against the 2010 iPad. A more serious comparison would have included something like the 2008 Archos tablets [example], as that would reveal that indeed tablets existed years before the iPad.
(2) is a power adapter; it's found in lots of products besides the Apple ones. And even if Samsung copied it, I don't think people buy Apple gadgets because of their power adapters. My iPod didn't even come with one.
(3) is a picture taken in a Samsung shop in a small city in Sicily. I doubt that the clerks running that shop have any connections to the Samsung headquarters in South Korea, where Samsung's hardware designers are supposedly busy copying Apple products after they're done designing the chips that actually make them work.
The translation is correct and unambiguous. She indeed said that there is a tunnel "between the CERN and the Gran Sasso laboratories, through which the experiment has taken place". She probably got confused with the road tunnel when somebody of her staff explained the experiment to her.
It doesn't work. If our world was ruled by "natural selection", then the stronger, outnumbering masses would physically revolt against the elite and take over their resources. They don't, because we have an "unnatural" system that grants us social peace.
Compromise? There should be no compromises about people's rights.
I don't give a crap about music or movies and I don't want the copyright industry to bypass the judiciary system, to violate my privacy, to impose expensive and problematic filtering systems that *I* am going to pay whether I pirate music or not, to extort a fraction of my money every time I buy a blank medium because I *might* copy some music, or every time I pay my university fees because I *might* copy some book.
In particular, I don't want anyone but a judge to have a say about my right to access the Internet.
Given that, they can do whatever they want to protect their own rights.
Slashdot Mirror
I was really thinking about the attacks exploiting browser plugins. They're the only attacks I've seen in action in my own machines (or in those of people who can be taught not to download untrusted executables) in recent times. Aren't those examples of useful functionality added to the browser that ends up being exploited for malevolent purposes?
By the way, I think it wasn't a wise choice from Sun to brandize the applet loading appearance with the Java logo by default. Besides being tacky, the spinning logos make the user associate Java with the waiting they have to endure before the page they want is displayed.
Java the platform gives you everything you need to write portable code. It can't prevent people from writing code that isn't portable.
.NET and C# pretty much took over Java.
No, I think .NET is losing relevance as Windows does the same.
Sure, Java supports more platforms,
It's easy to support more than ONE platform, since .NET only runs properly on Windows.
but it's resource and memory hog,
Benchmarks show that Java runs much faster than .NET.
insecure (there's tons of Java exploits out there but none for .NET!)
That's why my Windows Update log shows I have 9 "critical security updates" for the two .NET frameworks I have installed in my Windows machine. And by the way, I don't see why I need to have more than one version of .NET installed at the same time, and why .NET updates have to be so heavy. 40 megabytes for a single security patch?
and Java development is light years behind .NET and C#.
The appeal of Java comes from the fact that it's not an academic language, it's a blue-collar one. This means that Java code is meant to be readable and predictable, but it needs more boilerplate lines. If you want the latest computer science features, you might look at the new languages built on the JVM, such as Scala. C# development is light years behind Scala.
On the other .NET is really lightweight, fast and C# as a language is fast and easy,
Benchmarks tell a different story. And in my personal experience, .NET applications are slow. Cold-starting the Catalyst Control Panel on the Core i7 laptop I'm writing on takes something like ten seconds, during which no progress indicator is shown. The old ATI Control Panel, which wasn't .NET-based, launched instantly.
You also get access to some devices that Java doesn't support
Java supports the same devices as the underlying OS. Of course, doing that kills the program portability. Which is something one wouldn't worry about when coding in .NET, since .NET runs with full functionality on Windows only.
and comprehensive libraries like XNA.
Java's immense software library, much of which is shipped by default in the 20 MB Java installation, is one of its strongest selling points.
If you wanted to make a game, you could code for all Windows, Linux (Mono, even if its sometimes lagging behind on new features), Windows Phone 7 and Xbox360 all at once.
Or you could code it in OpenGL, and it would run on Windows, Linux, Mac OS, Android, Symbian, iOS, HTML5 browsers, and non-Microsoft game consoles.
And Mono lags _years_ behind on new features, doesn't implement key ones such as WPF, and is slow. I've never seen it run flawlessly a .NET application that wasn't written specifically for it.
Also, Visual Studio is much better development IDE than any other.
Nah. Netbeans is better, and is free as in freedom. No ripped-down, "first dose for free" versions needed. Then there's Eclipse which is free, too. And IntelliJ which is commercially supported.
Comparing the trasformation of a component which, as demonstrated by history, is vulnerable to remote attacks, into a remotely-controlled impersonation of the human user itself, to "not installing a browser to prevent users from accidentally finding something malicious on the net", is unreasonable IMHO.
The only reason the GP has nothing to worry about, is that this feature is just an optional extension and doesn't get installed by default.
Moreover, using any widget library other than the OS-provided one will result in applications that might look native at a first look, but then will differ in behaviour from true native applications in many subtle ways. Look-and-feel sensitive users will notice that (try selling something not based on Cocoa to Mac users).
Swing is very easy to code for and its integration with Java2D allows for a flexibility I've never seen in other toolkits (e.g. you can draw a button rotated by 27 degrees, a text label mirrored, or add a border around any widget with just a couple lines of code). And it also has a "native" look and feel available.
IMHO, the problem with Swing UIs lies with its response times: often, the first time you use some part of the UI, it will take more time to load and display it than a native widget set would do. From a developer's point of view, instead, I dislike its LayoutManagers: there are a lot of them available, but in my experience for some reason none of them happen to do what I'd like them to do (i.e. placing widgets in a sane and predictable way).
The big problem is "without any comment", not the change
The problem is also in the "within 48 hours" part. You can't have a blog and go on vacation without risking *massive* fines when you're back if somebody got offended by what you wrote on it while you weren't checking your email.
In Italy, using anti-defamation laws to intimidate honest journalists is a national sport (that's why we have so few free reporters). This law will make this practice "a commodity", so that even normal citizens will think twice before saying something about anyone over the web (not only high-ranking politicians - it's especially low-ranking people, think e.g snake oil vendors, who resort to these means to defend their lawn).
They do have a huge market share though, but they can't remove the free option.
With the UEFI secure boot, they actually found a way to remove it, and then blame the OEMs for that.
There is nothing in that UI that HTML5 couldn't replace.
...or HTML4, too.
To run Qt on it.
I don't know - but for example, it's not that FAT is the only way to format an SD card. In fact, from a technical point of view, it's possibly one of the worst way to do it. But doing it in any other way will make the card non-standard, and Samsung customers upset, when they'll put it inside a card reader only to find out that it isn't able to read the card's contents.
Because some of them, such as Microsoft's ludicrous long file names patent, are required by rogue standards that Samsung and the other Android vendors forcibly have to support if they want their devices to be interoperable.
I still think that the iPod is lame, and its commercial success is orthogonal to my opinion.
In my opinion, "consumer" Java should update itself automatically and quietly in the background, as Chrome does. Enterprise users that, for some reason, rely on a specific release of the JRE, will most probably want to have Java's self-update feature disabled anyway.
What about Android?
Are you sure? I think people can boot non-Apple OSes on Macs. It's the converse that is not true.
I can't build my own laptop. Or tablet. And it will cost me a lot more to buy professional hardware instead of picking up some special-offer laptop from the shelves of a large store.
I guess loading third party keys by software won't be allowed either, for the same reasons.
managed if your OEM doesn't suck. eg. Sign your own custom Linux kernel if you want
I can sign it, but then my BIOS won't accept it because my signature is neither the OEM's nor Microsoft's.
2) Win8 doesn't require secure boot to work, it just requires secure boot to put the logo on the PC
Will Windows 8 work with all of its features enabled when booted without secure boot? I asked this question on a MS forum but got no response. Look at the "measured boot" feature in Microsoft's diagram. What do you think they want to "measure" your boot for?
3) Secure boot can be disabled, again assuming your OEM doesn't suck
OK. I am a software vendor trying to compete with MS. What are the exact steps I should tell my customers to take in order to disable secure boot, so they can install my own OS instead of Windows 8? What keys should they press? When? What option should they select in the BIOS setup to disable it?
4) IT would have a shit storm if they couldn't manage this 5) Server admins would have a shit storm if they couldn't manage this 6) Someone would lose a job at Dell/HP/Gateway/etc if the end user couldn't manage this
I see every day laptops from major manufacturers that can't properly boot from USB drives just because Windows doesn't do it. I would be surprised to see manufacturers care about installing user-supplied cryptographic certificates when they don't even care about much more basic operations.
7) This effectively makes it impossible, with current malware, to ever take over a PC
No. People will still double click exe files they downloaded from the web, because they're convinced that they will do something useful from them. Besides, malware can do all sorts of damage even without administrative privileges. E.g. uploading your own Documents folder to a server on the opposite side of the world, then deleting its contents.
Actually, I've never seen a boot virus in action since the times of DOS. Unless you include pirate Windows boot loaders, of course.
I have yet to hear a logical argument against secure boot, just lots of emo and fud.
1) It makes open source development impossible because the end user can't sign his own kernel. RedHat can (but then, out of the box, any BIOS will reject their signature). Joe Average can't.
2) It gives Microsoft an extraordinary advantage over competitors, who can suppose that their potential customers will be able to buy and install their OSes "only if their OEM did not suck", and even so, only after the customer will have disabled secure boot, which is a tedious, non-standardized, model-specific operation - because Microsoft mandates the "secure boot" to be enabled by default.
The EU will certainly fine Microsoft for this, but it will take years for them to do so, and it could be too late when they'll do.
I'm sure the signed Windows 8 boot loader will be happy to load older, unsigned Microsoft OSes.
If that's not blatant copying*, I don't know what is.
My opinion:
(1) is just a joke comparing photoshopped pictures of something that looks like 2004 rugged laptops with windows 7 desktops attached on them, against the 2010 iPad. A more serious comparison would have included something like the 2008 Archos tablets [example], as that would reveal that indeed tablets existed years before the iPad.
(2) is a power adapter; it's found in lots of products besides the Apple ones. And even if Samsung copied it, I don't think people buy Apple gadgets because of their power adapters. My iPod didn't even come with one.
(3) is a picture taken in a Samsung shop in a small city in Sicily. I doubt that the clerks running that shop have any connections to the Samsung headquarters in South Korea, where Samsung's hardware designers are supposedly busy copying Apple products after they're done designing the chips that actually make them work.
The translation is correct and unambiguous. She indeed said that there is a tunnel "between the CERN and the Gran Sasso laboratories, through which the experiment has taken place". She probably got confused with the road tunnel when somebody of her staff explained the experiment to her.
It doesn't work. If our world was ruled by "natural selection", then the stronger, outnumbering masses would physically revolt against the elite and take over their resources. They don't, because we have an "unnatural" system that grants us social peace.
I don't give a crap about music or movies and I don't want the copyright industry to bypass the judiciary system, to violate my privacy, to impose expensive and problematic filtering systems that *I* am going to pay whether I pirate music or not, to extort a fraction of my money every time I buy a blank medium because I *might* copy some music, or every time I pay my university fees because I *might* copy some book.
In particular, I don't want anyone but a judge to have a say about my right to access the Internet.
Given that, they can do whatever they want to protect their own rights.