Indeed they don't, which is a real shame. Fortunatly depending on what you are coding on, classpath and some extra libs may help you out.
For game programming, classpath with LWJGL (an Native opengl/al wrapper) will do just fine. And as GCJ and Kaffe are 1.1 code compatible, it will compile fine too.
Its a shame Sun wouldn't take the extra step to open source their VM in an GPL or at least Open source fashion. Perhaps in tandem with their JCP..
It should come as no suprise that bugs of these kind are being fixed and that you should consider using a newer version. For example if you use 1.4, 1.4.1 is compatible but includes a lot of bugfixes.
Good chance that yours might be fixed. Also, talk to the person who produced the software first.
Yes, I know downloading a new VM is a lot of bandwidth, but soon (from 1.4.2 and upwards) the VM will be easier to upgrade
Re:The problem: Improving programmer productivity
on
Preview of Java 1.5
·
· Score: 3, Informative
Sure, for small programs its not perfect (as you'd have to still run the VM), but this way you can integrate Java applications and use Python to script these applications.
Use the right tool for the right job. Java can be very productive (as a lot of the optimizing is done behind your back) Also, it encourages you to code for maintainability.
The VM will take care of optimizing your code (and yes they get better at it all the time)
I supose just because all that power is available will give developers more choice to work the language they like or *fear* might even be the right job for the task
In Java (which I assume works the same way with security) your security context gets saved on your running threads.
This data is private, but can actualy be read if you don't have the security system set up to deny attempts at accessing private data.
This might not let you r00t the machine, but for example, I could bypass the entire security on the VM (and start overwriting stuff)
private is not suposed to be accessed outside its own class. Now other languages (C++) have no trouble with this and let you read/overwrite whatever you want. But Java, being used in a web environment has stricter security requirements
I write a lot of Java code. Let me give an example of where this work out.
I create a program that uses plugins to enhance functionality. Now somewhere in the base system of the program, I have a class with some information that is defined private.
In C++ I'd be left out in the cold, but a VM has to enforce this not only as a language feature, but also as a security feature.
Supose I have credit card info that is set to private, now a module needs to go through a public function to get this information (this is documented to the outside world)
Now supose module_1 can retrieve the creditcard info, but module_2 cant.
My public code makes an internal check and if everything is ok, it returns the value of the private String creditcard info.
But module_2 is malicious and tries to circumvent this system by using reflection to gain access to this variable. The security in the VM (if set up) will now throw an exception at the code (with the only minor issue that the malicious code can catch this exception, hence the end user might never know)
Ofcourse you can still decompile the binaries or use a debugger to get the values, but the VM is only suposed to protect against inside attack (the code its running) not the external world
"Do you have the faintest idea what the private keyword was designed to do?"
Originaly as an hint to programmers (do not call, this can change dissapear or cause devils to pop out of your pc)
But in the context of a sandbox it is also crucial to security. For example, if you run two programs in the same VM, you need to enforce this level of security or else programs can mess with other programs' memory.
Re:We're not in the sandbox.
on
Hijacking .NET
·
· Score: 1
I don't know.NET too well, but if it works the same as Java, we can assume that you need the privateAccess priviledge to access private data.
Its this way in Java. And thanks to our good friend the class loader, you can have very fine grained controll over your sandbox.
Yes, im having a great boss too. The whole company is great:) There are some things like bad decisions forced upon us by management, but as a job its perfect.
I dread the day I move to another country and have to give this place up..
Ok, so first you recommend an open language and then you go mention something like Microsoft.NET
I fail to see the difference between.NET and Java when it comes to Freedom BTW. Only that with Microsoft, I get the feeling this freedom will not be lasting too long.
Actually, we are making a decent sum on Java as well. Its not just IBM. Well perhaps they make money on Java itself, but making Java products is profitable.
A year ago, I was coding for both VM's and I did notice that how the MS VM was faster for some things (Graphics), Sun now runs circles around the MS VM.
Besides, when I code something in Java, I want it to work on every platform and not be sabotaged by MS.
If Microsoft gets to include their own runtime (.Net) I think it would be fair (given their reputation and the fact they were actively trying to destroy Java) that they are forced to support Java.
And don't give me any of this.net supports Java too cr*p..
I have been working on some projects and I find that after the initial entheusiasm has worn off in the team, the project would gather dust. However, im working on it alone for now and will "release" it for the public when its of alpha quality
Slashdot Mirror
Indeed they don't, which is a real shame.
;-)
Fortunatly depending on what you are coding on, classpath and some extra libs may help you out.
For game programming, classpath with LWJGL (an Native opengl/al wrapper) will do just fine.
And as GCJ and Kaffe are 1.1 code compatible, it will compile fine too.
Its a shame Sun wouldn't take the extra step to open source their VM in an GPL or at least Open source fashion.
Perhaps in tandem with their JCP..
IMB help us out please
I supose most complete versions indeed use Sun's code, but how is this different than the .net crowd?
.NET all you can mimic is the CLR and C#, not its class lib.
At least Sun lets others make implementations based on Java as where with
Kaffe and GCJ can be used if you don't depend on Sun's classlib too much
It should come as no suprise that bugs of these kind are being fixed and that you should consider using a newer version.
For example if you use 1.4, 1.4.1 is compatible but includes a lot of bugfixes.
Good chance that yours might be fixed.
Also, talk to the person who produced the software first.
Yes, I know downloading a new VM is a lot of bandwidth, but soon (from 1.4.2 and upwards) the VM will be easier to upgrade
Actualy, try looking at Jython
Sure, for small programs its not perfect (as you'd have to still run the VM), but this way you can integrate Java applications and use Python to script these applications.
Try the IBM VM, its 100% java compatible.
There is also BlackDown.
HP has its VM
BEA has one..
The list goes on
Google Java SE directory
Ahahahah.
;-)
Sad thing is I actualy watched it until its over
Shame I don't have speakers at work..
Its like that everywhere.
In fact, in Germany you can't find some games in the stores, but you have to know to ask for them (and be over 18)
Use the right tool for the right job.
Java can be very productive (as a lot of the optimizing is done behind your back)
Also, it encourages you to code for maintainability.
The VM will take care of optimizing your code (and yes they get better at it all the time)
I supose just because all that power is available will give developers more choice to work the language they like or *fear* might even be the right job for the task
Sounds like the next best thing compared to chemical happynes :P
Think of the computers that get saved if IT personel have more peace of mind
In soviet russia oxygen evaporates you at room temperature
Ok, I'll bite.
In Java (which I assume works the same way with security) your security context gets saved on your running threads.
This data is private, but can actualy be read if you don't have the security system set up to deny attempts at accessing private data.
This might not let you r00t the machine, but for example, I could bypass the entire security on the VM (and start overwriting stuff)
private is not suposed to be accessed outside its own class.
Now other languages (C++) have no trouble with this and let you read/overwrite whatever you want.
But Java, being used in a web environment has stricter security requirements
I write a lot of Java code.
Let me give an example of where this work out.
I create a program that uses plugins to enhance functionality.
Now somewhere in the base system of the program, I have a class with some information that is defined private.
In C++ I'd be left out in the cold, but a VM has to enforce this not only as a language feature, but also as a security feature.
Supose I have credit card info that is set to private, now a module needs to go through a public function to get this information (this is documented to the outside world)
Now supose module_1 can retrieve the creditcard info, but module_2 cant.
My public code makes an internal check and if everything is ok, it returns the value of the private String creditcard info.
But module_2 is malicious and tries to circumvent this system by using reflection to gain access to this variable.
The security in the VM (if set up) will now throw an exception at the code (with the only minor issue that the malicious code can catch this exception, hence the end user might never know)
Ofcourse you can still decompile the binaries or use a debugger to get the values, but the VM is only suposed to protect against inside attack (the code its running) not the external world
"Do you have the faintest idea what the private keyword was designed to do?"
Originaly as an hint to programmers (do not call, this can change dissapear or cause devils to pop out of your pc)
But in the context of a sandbox it is also crucial to security.
For example, if you run two programs in the same VM, you need to enforce this level of security or else programs can mess with other programs' memory.
I don't know .NET too well, but if it works the same as Java, we can assume that you need the privateAccess priviledge to access private data.
Its this way in Java.
And thanks to our good friend the class loader, you can have very fine grained controll over your sandbox.
Think of classloading two modules
System (all privs)
|_Non trusted app (restricted)
|_Trusted app (all privs)
Now if in both I'd try to change a private value, the untrusted version will throw a runtime exception.
Ofcourse, not having access to the article makes it difficult to see if this is the case or if this really is an exploit..
Actualy that is what I am doing.
Here in the Netherlands you can do a dual study, where you work for a company (more or less full time) and do some school work too.
The first two years I spent studying like everybody else, and now im working 32 hours a week (40 soon)
Though the costs of college are a lot lower here (total will ammount to about 10K for 4 years)
Explain to me why you think we are ungrateful.
Is it because we have a different opinion?
(BTW, im from the Netherlands that offered full political support to the US, unlike others)
We must somehow be related ;)
:)
Yes, im having a great boss too.
The whole company is great
There are some things like bad decisions forced upon us by management, but as a job its perfect.
I dread the day I move to another country and have to give this place up..
Ok, so first you recommend an open language and then you go mention something like Microsoft .NET
.NET and Java when it comes to Freedom BTW.
I fail to see the difference between
Only that with Microsoft, I get the feeling this freedom will not be lasting too long.
Actually, we are making a decent sum on Java as well.
Its not just IBM.
Well perhaps they make money on Java itself, but making Java products is profitable.
This would become very expensive very quickly where I work ;)
;)
I have the advantage of mostly working in a pair on my project, so there is no real chance of fuxoring
Have you even ever used Java?
If you avoid bloated things like Swing in Java you will do fine.
And platform independence has been getting a lot better over the past few years
OMG, lets slashdot them now!
It depends on what you use it for.
.net supports Java too cr*p..
A year ago, I was coding for both VM's and I did notice that how the MS VM was faster for some things (Graphics), Sun now runs circles around the MS VM.
Besides, when I code something in Java, I want it to work on every platform and not be sabotaged by MS.
If Microsoft gets to include their own runtime (.Net) I think it would be fair (given their reputation and the fact they were actively trying to destroy Java) that they are forced to support Java.
And don't give me any of this
Doesn't the USA allready do this? ;)
I agree with you.
I have been working on some projects and I find that after the initial entheusiasm has worn off in the team, the project would gather dust.
However, im working on it alone for now and will "release" it for the public when its of alpha quality