"Even if it were not possible to remotely relay the connection between the smartcard and the ATM (something I wouldn't count on)"
Well, trust me, you can count on this. In order for the remote reader to even access the card long enough to ask the user for the PIN, it must be able to have access to the private key of both the card and the vendor. It then must be able to decrypt and "unhash" a random challenge generated by the card AND by the host bank application in order to fake out the transaction and replace $20 with $300.
As for your put something physically between the customer and the card to intercept the PIN, letting the bad guys seem to use the card legitimately, you are right this is the weakest link in the chain. But again, the technological resources required to do that are not only immesne but not likely to happen. In reality, the same weak link exists between the user than their card right now. Why don't the scammers do the fake fronts right now? Well, it's hard to fool even the dimmist bank machine user with a total fake front. A fake slip over the card reader can easily go unnoticed. Most machimes have cameras now. Much harder to put up a fake front with that kind of sophistication without getting caught. You can pretend to do you banking and slip a cover over the card reader. But most importantly, the fake front will probably require the scammer to be physically present in order to complete the crime. With magnetic stripe cards, it is much easier because they can copy the card and debit the account at a later time. They cannot copy the smartcard, so they must be physically present, steal the PIN and debit the account (at another nearby machine) immediately in order to succeed, all the while sending seemingly legitimate commands back to the user in real time. Given all of that I think that your scenario, while possible, is highly unlikely and not likely to succeed if it were tried.
So are smart cards the perfect solution? No, but they are orders of magnitude more secure than magnetic stripe cards.
Firstly, the "real" ATM can sense if there really is a card in the slot. But, for the sake of arguement, lts assume they can get by this.
Every SmartCard reader, espeically those used by banks, follows the protocols and procedures of the Visa Open Platform, now called Global Platform. In order for the card to be used, it must authenticate to the reader/host application and vice versa. This is done through the External Authentication. Basically it is a somewhat complicated challenge-response protocol, involving a random host and card challenge EACH time. Once you successfully navigate that, THEN you authenticate the USER of the card via the PIN.
Once that is done, ALL transactions are signed and hashed and, with the hash of the previous transaction becoming the host challenge of the next transaction. This is difficult to do correctly when you have the keys and know the algorithm. I would venture it is nearly impossible without.
So, unless you know the correct keys for both encrypting and signing used by the bank or financial institution AND you can then use them to do EXAUTH on the real machine, AND you can sucessfully navigate the algorithm for transactions, the man in the middle attack simply won't work for a smart card. The GP spec was designed with this kind of attack in mind.
And even if you could for a single card, it is highly unlikely you could do it for more than one. So is $300 worth this kind of effort at an ATM?
Easier to hit someone over the head with a pipe after they've walked away with a pocket full of cash.
True enough, but JBoss is still the biggest Open Source project and Geronimo is being created specifically for J2EE licencing to an opensource implementation.
"In the past few months we've seen quite a bit of waffling from Sun regarding Linux. They seem to go from lukewarm to cold on a regular basis."
Oh so the release of the first major Linux Desktop OS (the Sun Java Desktop System) in the last few months is "waffling"? Release of the entire Sun ONE stack (the Java Enterprise System) on Suse Linux for the Opteron is "lukewarm"?
Come on.
"Does anybody know exactly what Sun got when they gave millions of dollars to SCO?"
About a million dollars worth of SCO employees and booty when SCO loses and gets carved up during the counter suits it will face. Or perhaps they did it just to piss off IBM. You know, they may both push Java but they don't really like each other all that much.
Sun has help push Linux, especially on the desktop, recently. Irregardless of the SCO shit.
And none of this has anything to do with Java. You want the Java source? Go to Sun, sign the SCSL and read it. Or Read the freely available Spec and write your own implementation. Or Join the JCP and have a say...
Just because it's not GPL doesn't mean it's not free - free to use, free to develop to, free to redistribute with your programs is still free.
I've been going through this story and the previous one looking for the exact reason everyone is pissed and the answer was on the XFree86 site.
After reading that, I would say the licence issue is a tempest in a teapot. The gang at XFree86 seems to be debating and willing to change the wording so the new licence is NOT incompatible with the GPL (as evidenced by some of the solutions in the above mentioned post).
It seems to me the REAL issue here is a personality conflict between certain members of the XFree86 team (mostly David Dawes) and the rest of the community. So much so that we now have possible forks and alternatives springing up. Well guess what, this is nothing new in the open source world. Remember JBoss? It is well known in Java open source circles that Marc Fluery and a few others in the current JBoss organization are twats and thoroughly disliked by a large number of developers. So much so that a large chunk of the original JBoss team broke away and formed their own company and there are now real viable alternatives to JBoss springing up (Geronimo from Apache). But none of that means the code is bad, or the product is bad or the licence is wrong. Like it or not XFree86 is still the only real alternative to a commerial XServer right now, just as JBoss is the only real alternative to commercial J2EE servers.
I say, let them work it out like adults. If they can't, when XOuvert or freedesktop are mature enougth to be a real alternative, use one of them and move on.
x86, x86_64 (as of 1.5), PowerPC, SPARC 32, SPARC 64, ARM, Dragonball, TINI, SmartCard processors (too many to name), z390, RS6000....
Is that enough for you? (and I'm sure I have forgotten some).Net runs on x86. Period. Even there, it runs basically only on Win32 and *BSD OS platforms.
You remember DevX don't you? The VB crowd's version of Slashdot. I have always mistrusted anything from DevX, especially their Java/C and C++ advice, because they always seem to be a little too pro-Microsoft. I would say that DevX is a Microsoft shill site.
You should be as surprised that DevX published this opinion as you are when it's published in the Windows System Journal.
Plus, if they had been throwing a billion dollars a month at the so-called "corrupt" welfare system, then maybe that would be reason to be uspset. But since the amounts are orders of magnitude smaller and did not affect the ability of that previous administration from having a surplus, I guess it's OK.
Please don't equate welfare spending in the US with the military spending because they are not in the same league, game, town or state as each other.
It's 11:50 EDT and this post is labeled Flamebait?
Come on.
It seems that everytime there is a post on/. (or k5 or CNN) about giving NASA more money or spending money on science research in general, there is always someone who says "But what about X here on earth?" From the Left, 'X' is usually hunger, poverty etc. From the right,'X' is usually national debt or government spending or something they care about. So my guess is the (grand)parent of the above post is likely a conservative, since he/she seems to be concerned about the debt.
So the parent post correctly points out that NASA's budget is miniscule compared to the billions of dollars being spent monthly on the war and occupation of Iraq and yet the we've not heard many conservatives concerned about THAT inflating the debt. A war that was waged on dubious grounds - none of the WMD that were an immediate threat to the US and the west have been found despite close to a year of war and occupation. A war that sucked men and resources from that other war...remember Afghanistan? Remember how Dubya promised to rebuild their country so it would never be a haven for terrorists again? Well, considering one of my countrymen was killed by Al Queda about 1 week ago there, I'd say he hasn't kept that promise, has he?
So as I understand it now, it's OK for the US to spend a billion a month in Iraq without irking the fiscal conservatives, but as soon as NASA is targeted to get a few billion TOTAL, suddenly they are worried about the debt? That's Bullsh*t. Peaceful space exploration just isn't as sexy in the political ring as embedded reporters racing across the desert to raise Old Glory above a town after a "live" fire fight.
And that's why the post above should be "+5 insightful" rather than the Flamebait it is labeled as. If I had mod points, that's how I'd do it...
Keep it up danro
Re:Sun Should Embrace and Extend
on
How C# Was Made
·
· Score: 3, Informative
True enough, but that hardly qualifies them as experts in OpenBSD, NetBSD, FreeBSD, ${any other BSD I don't know about}BSD.
And if that's the case, it shouldn't be too hard fro some smarty-pants *BSD guy to sign the SCSL, get he 1.5 beta source and make a *BSD port from that... or use the Solaris one.
What?
You mean *BSD and Solaris are not binary compatible? You mean they have drifted that far apart? You mean Sun may not actually be experts in any variation of *BSD except Solaris?
Don't whine at Sun my friend...go the the HP site and get the JDK from them...they may have even released a 1.4 version by now...
Oh BTW, since Sun itself only directly supports Linux Solaris and Windows with all of it's other software, you should not be surprised when they don't release a BETA on another platform. *BSD may be good, but Sun are not experts in *BSD. When The 1.5 SDK is final, I'm sure you will see a quick release to *BSD, jsut as there is a 1.4x fro *BSD now (actually maybe only NetBSD but there is one....).
You see, unlike some other software giants, Sun will let other companies and organizations port Java to their platform at their own speed since they are the experts not them...
Telephone - Bell (Scotland) - He was Scottish, but an immagrant to Canada and invented the telephone in Brantford, Ontario, Canada. He did Patent it in New York/Washingto though...
I'm afraid it is true. I use both Netbeans and Eclipse on a daily basis (even today...you should try Netbeans 3.5.1 It's quite different than the last time you used it when it was probably Forte 1.0). Eclipse out of the box is really fast to start up. Netbeans is not.
But then, out of the box I can edit XML, JSP, Servlets, have a Tomcat server, do Swing visual editing, have automatic code completion and a bunch of other stuff with Netbeans. Eclipse is not much more than Wordpad with syntax highlighting for Java(and the cool refactoring too, but you don't use it that often). After I download, test and install all the plugins I need Eclipse's start up time is almost identical to Netbeans.
I love Eclipse for it's superior refactoring tools, for it's extensibility and for it's customization. I don't like it's counterintuitive way of creating projects. It is almost impossible to "import" or mount a project with a non-Eclipse-standard directory structure (usually created in another IDE or just by using commandline tools). And Even if you manage to get it up, because you don't follow the Eclispe standard, you can't use all the bells and whistles. Netbeans can even detact when you've mounted and arbitrary directory that is the root of a web app and automagically give you a web app view of the code. In Netbeans you just mount the directory (or the library), just like in *nix...
Netbeans doesn't have as many "plugins" as Eclipse but the ones it does have are of a generally high quality and work with other plugins seamlessly. Eclipse has thousands of plugins, most of which can be described as "mediocre" at best, and even when they are good, do not always play nice with each other (such as the MyEclipseIDE, which only recently got Struts support and EasyStruts - if you have both installed, niether will work properly). There are some excellent ones, but they are touch to find...much tougher than finding good quality ones for Netbeans.
I like both and I would like to see them move a little closer to each other and share functionality. But don't kid your self, Eclipse may be cool,and it may have a bright future and have IBM behind it, but sure hasn't won anything yet.
And as for IBM's GUI, well, it's my personal opinion that it is buck ugly. I would hardly call it elegant. Better looking than Metal? Sure, but I can use JGoodies Plastic (which, incidently, can make Swing look exactly like SWT!), Kunstoff, SkinLF or any other Look and feel libs to pretty up Swing. Can't do that with SWT. And as for performance, well since Eclipse seems to be the only app I've run into build with SWT, it doesn't impress me. I have seen no performance difference between two similar IDEs with similar features installed (Netbeans out-of-the-box and Eclipse with the added plugins to make it match the Netbeans out-of-the-box functionality), either in start up or during development.
So let's enjoy the competition. Eclipse will push Netbeans to add new and improved features and vice-versa. And in the end, we the developers will win. But not if zealots wipe out the competition before it really gets going...
"No, I berated you for complaining about something not working on a browser that's 3 point versions back from the newest available (about versions back if you count all the x.x.x, alpha, beta, and RCs). Also, the newest version is not six months old, it's three days old (as of the time of this writing). The version before that, 1.5.1, had been released on November 26th. Did you ever bother to look at the Mozilla web site before making that claim?"
No you called it ancient and proceeded to compare it to a goup of software, the newest of which is about 6 years old - Netscape 2 or 3 I believe was the "newest" software in your list. Moz 1.3, which is only 9 months old or so is not even in he same league with the ones you mentioned.
I don't care if the newest version is 3 days old. I never claimed the newest Moz was 6 months old. I said the version I used was only 9 months old and therefore NOT ancient and on par with "linux 0.1" or "IE 2.0" as you stated.
Now I am willing to admit that maybe I should have tried a different version of Moz. It's likely that there is a bug in Moz 1.3 that messes up imagemaps, if you will admit that a peice of software that is only 9 months old, on ANYBODY's timescale, is not old. After all, the last time I checked, the HTML 4.0 standard hasn't changed in the last 9 months. I have had the sorry pleasure of having to create webapps that are "cross-browser" and I almost always find that IE will render garbage HTML code, when Moz (any version) rightly refuses to do so. It almost always means the use of poorly written and/or non-standard HTML.
Which I thought was funny because at the last HOPE there were seminars on making websites renderable in lynx. LYNX! They want modern sites to be renderable in LYNX but can get it to render in a recent version of Moz, the opensource wet-dream browser.
Now, I feel like a bit of a putz for not having researched whether this is a bug in Moz 1.3 (since I have never before had a rendering problem in 1.3, why would I assume it was a bug in Moz and not a bug in the page). I wrongly assumed that because it didn't render in Moz 1.3, it wouldn't render in Moz period. Worked fine in IE 5.5 though, a much older browser. I will accept that criticism.
But let's be honest, do you think that anybody beyond developers are even going to us Moz if 9 months makes a version obsolete? When It doesn't have an auto update or patching feature? Hey, I might do it but my wife sure as hell won't. She'll stick with IE.
Well, it has been my experience that in 99% of the time when a page does not render under Moz, it is usually because the page uses non-standard, poorly written, and/or MS-specific tags, not be cause of a bug in Moz. I guess I was all too subtley pointing out the irony that a so-called "hacker" website can only write a page that can be rendered in IE!
"All I said was that if it's not working, you should try upgrading it."
No, you said
"Apparently it doesn't work very well under Linux 0.1 either. Nor does it look quite right with Internet Explorer 2.0 or Netscape 1.0.
Guess what - when you use old/ancient versions of software, some things are not going to work. "
You beratted me for having "old" "ancient" software and went on to compare my Moz 1.3 (9 months old) with software, the newest of which is 6 years old.
And in case you didn't try, it works fine in IE 5.5 (3 years old). And under Moz 1.3 page 12 renders OK, but none of the others. That tells me that the page is written poorly, incorrectly or with IE specific html extensions. And any of those seem bitterly ironic for a counter-culture hacker site, which is likely to be accessed by a great many people using Moz, many of those who may be using Moz 1.3.
No, I'm not ruling out a bug in Moz 1.3, but that doesn't mean you need to be pissy in your response. Given the qualitly of the code the Moz team generates now, I think it was reasonalbe to think it was the page, not the browser.
Ooooo, my browser is 9 months old! OMFG how can I live down the embarassment. I should be using Mozilla Firebird 0.7 or better yet a nightly build just so I can be cool at Slashdot!
BTW, imagemaps are just about as old as the internet and could be rendered in Netscape 2.0, so either there is a bug in Moz 1.3 OR they aren't using standard html. Funny how it works under IE 5, a program that is 3 years old.
Slashdot Mirror
"Even if it were not possible to remotely relay the connection between the smartcard and the ATM (something I wouldn't count on)"
Well, trust me, you can count on this. In order for the remote reader to even access the card long enough to ask the user for the PIN, it must be able to have access to the private key of both the card and the vendor. It then must be able to decrypt and "unhash" a random challenge generated by the card AND by the host bank application in order to fake out the transaction and replace $20 with $300.
As for your put something physically between the customer and the card to intercept the PIN, letting the bad guys seem to use the card legitimately, you are right this is the weakest link in the chain. But again, the technological resources required to do that are not only immesne but not likely to happen. In reality, the same weak link exists between the user than their card right now. Why don't the scammers do the fake fronts right now? Well, it's hard to fool even the dimmist bank machine user with a total fake front. A fake slip over the card reader can easily go unnoticed. Most machimes have cameras now. Much harder to put up a fake front with that kind of sophistication without getting caught. You can pretend to do you banking and slip a cover over the card reader. But most importantly, the fake front will probably require the scammer to be physically present in order to complete the crime. With magnetic stripe cards, it is much easier because they can copy the card and debit the account at a later time. They cannot copy the smartcard, so they must be physically present, steal the PIN and debit the account (at another nearby machine) immediately in order to succeed, all the while sending seemingly legitimate commands back to the user in real time. Given all of that I think that your scenario, while possible, is highly unlikely and not likely to succeed if it were tried.
So are smart cards the perfect solution? No, but they are orders of magnitude more secure than magnetic stripe cards.
Why not use them?
This won't work.
Firstly, the "real" ATM can sense if there really is a card in the slot. But, for the sake of arguement, lts assume they can get by this.
Every SmartCard reader, espeically those used by banks, follows the protocols and procedures of the Visa Open Platform, now called Global Platform. In order for the card to be used, it must authenticate to the reader/host application and vice versa. This is done through the External Authentication. Basically it is a somewhat complicated challenge-response protocol, involving a random host and card challenge EACH time. Once you successfully navigate that, THEN you authenticate the USER of the card via the PIN.
Once that is done, ALL transactions are signed and hashed and, with the hash of the previous transaction becoming the host challenge of the next transaction. This is difficult to do correctly when you have the keys and know the algorithm. I would venture it is nearly impossible without.
So, unless you know the correct keys for both encrypting and signing used by the bank or financial institution AND you can then use them to do EXAUTH on the real machine, AND you can sucessfully navigate the algorithm for transactions, the man in the middle attack simply won't work for a smart card. The GP spec was designed with this kind of attack in mind.
And even if you could for a single card, it is highly unlikely you could do it for more than one. So is $300 worth this kind of effort at an ATM?
Easier to hit someone over the head with a pipe after they've walked away with a pocket full of cash.
Yeah, you know Smith and Wesson, Glauk, Remmington...they got a lot of pull with the Texas cowboy types in Washington these days...
Hey, I think it's funny, but then I know what Marburg and Ebola are....:)
Hint to others: Read Outbreak
True enough, but JBoss is still the biggest Open Source project and Geronimo is being created specifically for J2EE licencing to an opensource implementation.
Glad to here it.
Uhm, like the MS adherance to the C++ standard? Right, I thought so....
"In the past few months we've seen quite a bit
of waffling from Sun regarding Linux. They seem to go from lukewarm to cold on a regular basis."
Oh so the release of the first major Linux Desktop OS (the Sun Java Desktop System) in the last few months is "waffling"? Release of the entire Sun ONE stack (the Java Enterprise System) on Suse Linux for the Opteron is "lukewarm"?
Come on.
"Does anybody know exactly what Sun got when they gave millions of dollars to SCO?"
About a million dollars worth of SCO employees and booty when SCO loses and gets carved up during the counter suits it will face. Or perhaps they did it just to piss off IBM. You know, they may both push Java but they don't really like each other all that much.
Sun has help push Linux, especially on the desktop, recently. Irregardless of the SCO shit.
And none of this has anything to do with Java. You want the Java source? Go to Sun, sign the SCSL and read it. Or Read the freely available Spec and write your own implementation. Or Join the JCP and have a say...
Just because it's not GPL doesn't mean it's not free - free to use, free to develop to, free to redistribute with your programs is still free.
Thanks for that link.
I've been going through this story and the previous one looking for the exact reason everyone is pissed and the answer was on the XFree86 site.
After reading that, I would say the licence issue is a tempest in a teapot. The gang at XFree86 seems to be debating and willing to change the wording so the new licence is NOT incompatible with the GPL (as evidenced by some of the solutions in the above mentioned post).
It seems to me the REAL issue here is a personality conflict between certain members of the XFree86 team (mostly David Dawes) and the rest of the community. So much so that we now have possible forks and alternatives springing up. Well guess what, this is nothing new in the open source world. Remember JBoss? It is well known in Java open source circles that Marc Fluery and a few others in the current JBoss organization are twats and thoroughly disliked by a large number of developers. So much so that a large chunk of the original JBoss team broke away and formed their own company and there are now real viable alternatives to JBoss springing up (Geronimo from Apache). But none of that means the code is bad, or the product is bad or the licence is wrong. Like it or not XFree86 is still the only real alternative to a commerial XServer right now, just as JBoss is the only real alternative to commercial J2EE servers.
I say, let them work it out like adults. If they can't, when XOuvert or freedesktop are mature enougth to be a real alternative, use one of them and move on.
OK then -
.Net runs on x86. Period. Even there, it runs basically only on Win32 and *BSD OS platforms.
x86, x86_64 (as of 1.5), PowerPC, SPARC 32, SPARC 64, ARM, Dragonball, TINI, SmartCard processors (too many to name), z390, RS6000....
Is that enough for you? (and I'm sure I have forgotten some)
And that's why you use Java instead of .Net.
...this guy is the editor on DevX.
You remember DevX don't you? The VB crowd's version of Slashdot. I have always mistrusted anything from DevX, especially their Java/C and C++ advice, because they always seem to be a little too pro-Microsoft. I would say that DevX is a Microsoft shill site.
You should be as surprised that DevX published this opinion as you are when it's published in the Windows System Journal.
Uhm,, even in my country Welfare may be a social program but not all social programs are welfare....
Besides, he still had surplus.
Thanks for playing
Your previous administration had a surplus.
Plus, if they had been throwing a billion dollars a month at the so-called "corrupt" welfare system, then maybe that would be reason to be uspset. But since the amounts are orders of magnitude smaller and did not affect the ability of that previous administration from having a surplus, I guess it's OK.
Please don't equate welfare spending in the US with the military spending because they are not in the same league, game, town or state as each other.
Try again.
It's 11:50 EDT and this post is labeled Flamebait?
/. (or k5 or CNN) about giving NASA more money or spending money on science research in general, there is always someone who says "But what about X here on earth?" From the Left, 'X' is usually hunger, poverty etc. From the right,'X' is usually national debt or government spending or something they care about. So my guess is the (grand)parent of the above post is likely a conservative, since he/she seems to be concerned about the debt.
Come on.
It seems that everytime there is a post on
So the parent post correctly points out that NASA's budget is miniscule compared to the billions of dollars being spent monthly on the war and occupation of Iraq and yet the we've not heard many conservatives concerned about THAT inflating the debt. A war that was waged on dubious grounds - none of the WMD that were an immediate threat to the US and the west have been found despite close to a year of war and occupation. A war that sucked men and resources from that other war...remember Afghanistan? Remember how Dubya promised to rebuild their country so it would never be a haven for terrorists again? Well, considering one of my countrymen was killed by Al Queda about 1 week ago there, I'd say he hasn't kept that promise, has he?
So as I understand it now, it's OK for the US to spend a billion a month in Iraq without irking the fiscal conservatives, but as soon as NASA is targeted to get a few billion TOTAL, suddenly they are worried about the debt? That's Bullsh*t. Peaceful space exploration just isn't as sexy in the political ring as embedded reporters racing across the desert to raise Old Glory above a town after a "live" fire fight.
And that's why the post above should be "+5 insightful" rather than the Flamebait it is labeled as. If I had mod points, that's how I'd do it...
Keep it up danro
...uhmm
Go here and when you done, go here and get it.
When you are done playing, come back and see if your post makes sense.
True enough, but that hardly qualifies them as experts in OpenBSD, NetBSD, FreeBSD, ${any other BSD I don't know about}BSD.
And if that's the case, it shouldn't be too hard fro some smarty-pants *BSD guy to sign the SCSL, get he 1.5 beta source and make a *BSD port from that... or use the Solaris one.
What?
You mean *BSD and Solaris are not binary compatible? You mean they have drifted that far apart? You mean Sun may not actually be experts in any variation of *BSD except Solaris?
Who'd have though...
Well, I stand corrected
Don't whine at Sun my friend...go the the HP site and get the JDK from them...they may have even released a 1.4 version by now...
Oh BTW, since Sun itself only directly supports Linux Solaris and Windows with all of it's other software, you should not be surprised when they don't release a BETA on another platform. *BSD may be good, but Sun are not experts in *BSD. When The 1.5 SDK is final, I'm sure you will see a quick release to *BSD, jsut as there is a 1.4x fro *BSD now (actually maybe only NetBSD but there is one....).
You see, unlike some other software giants, Sun will let other companies and organizations port Java to their platform at their own speed since they are the experts not them...
Telephone - Bell (Scotland) - He was Scottish, but an immagrant to Canada and invented the telephone in Brantford, Ontario, Canada. He did Patent it in New York/Washingto though...
well, yeah, but except for 1 hardware failure, their design HAS been robust.
It's not somuch the language as the person who writes the code...
Dude.
BTW, you aren't andy are you?
Hardly insightful.
I'm afraid it is true. I use both Netbeans and Eclipse on a daily basis (even today...you should try Netbeans 3.5.1 It's quite different than the last time you used it when it was probably Forte 1.0). Eclipse out of the box is really fast to start up. Netbeans is not.
But then, out of the box I can edit XML, JSP, Servlets, have a Tomcat server, do Swing visual editing, have automatic code completion and a bunch of other stuff with Netbeans. Eclipse is not much more than Wordpad with syntax highlighting for Java(and the cool refactoring too, but you don't use it that often). After I download, test and install all the plugins I need Eclipse's start up time is almost identical to Netbeans.
I love Eclipse for it's superior refactoring tools, for it's extensibility and for it's customization. I don't like it's counterintuitive way of creating projects. It is almost impossible to "import" or mount a project with a non-Eclipse-standard directory structure (usually created in another IDE or just by using commandline tools). And Even if you manage to get it up, because you don't follow the Eclispe standard, you can't use all the bells and whistles. Netbeans can even detact when you've mounted and arbitrary directory that is the root of a web app and automagically give you a web app view of the code. In Netbeans you just mount the directory (or the library), just like in *nix...
Netbeans doesn't have as many "plugins" as Eclipse but the ones it does have are of a generally high quality and work with other plugins seamlessly. Eclipse has thousands of plugins, most of which can be described as "mediocre" at best, and even when they are good, do not always play nice with each other (such as the MyEclipseIDE, which only recently got Struts support and EasyStruts - if you have both installed, niether will work properly). There are some excellent ones, but they are touch to find...much tougher than finding good quality ones for Netbeans.
I like both and I would like to see them move a little closer to each other and share functionality. But don't kid your self, Eclipse may be cool,and it may have a bright future and have IBM behind it, but sure hasn't won anything yet.
And as for IBM's GUI, well, it's my personal opinion that it is buck ugly. I would hardly call it elegant. Better looking than Metal? Sure, but I can use JGoodies Plastic (which, incidently, can make Swing look exactly like SWT!), Kunstoff, SkinLF or any other Look and feel libs to pretty up Swing. Can't do that with SWT. And as for performance, well since Eclipse seems to be the only app I've run into build with SWT, it doesn't impress me. I have seen no performance difference between two similar IDEs with similar features installed (Netbeans out-of-the-box and Eclipse with the added plugins to make it match the Netbeans out-of-the-box functionality), either in start up or during development.
So let's enjoy the competition. Eclipse will push Netbeans to add new and improved features and vice-versa. And in the end, we the developers will win. But not if zealots wipe out the competition before it really gets going...
Yeah, because you never have to debug C or C++ programs...they're always perfect the first time around....
BTW, That's sarcasm
"No, I berated you for complaining about something not working on a browser that's 3 point versions back from the newest available (about versions back if you count all the x.x.x, alpha, beta, and RCs). Also, the newest version is not six months old, it's three days old (as of the time of this writing). The version before that, 1.5.1, had been released on November 26th. Did you ever bother to look at the Mozilla web site before making that claim?"
No you called it ancient and proceeded to compare it to a goup of software, the newest of which is about 6 years old - Netscape 2 or 3 I believe was the "newest" software in your list. Moz 1.3, which is only 9 months old or so is not even in he same league with the ones you mentioned.
I don't care if the newest version is 3 days old. I never claimed the newest Moz was 6 months old. I said the version I used was only 9 months old and therefore NOT ancient and on par with "linux 0.1" or "IE 2.0" as you stated.
Now I am willing to admit that maybe I should have tried a different version of Moz. It's likely that there is a bug in Moz 1.3 that messes up imagemaps, if you will admit that a peice of software that is only 9 months old, on ANYBODY's timescale, is not old. After all, the last time I checked, the HTML 4.0 standard hasn't changed in the last 9 months. I have had the sorry pleasure of having to create webapps that are "cross-browser" and I almost always find that IE will render garbage HTML code, when Moz (any version) rightly refuses to do so. It almost always means the use of poorly written and/or non-standard HTML.
Which I thought was funny because at the last HOPE there were seminars on making websites renderable in lynx. LYNX! They want modern sites to be renderable in LYNX but can get it to render in a recent version of Moz, the opensource wet-dream browser.
Now, I feel like a bit of a putz for not having researched whether this is a bug in Moz 1.3 (since I have never before had a rendering problem in 1.3, why would I assume it was a bug in Moz and not a bug in the page). I wrongly assumed that because it didn't render in Moz 1.3, it wouldn't render in Moz period. Worked fine in IE 5.5 though, a much older browser. I will accept that criticism.
But let's be honest, do you think that anybody beyond developers are even going to us Moz if 9 months makes a version obsolete? When It doesn't have an auto update or patching feature? Hey, I might do it but my wife sure as hell won't. She'll stick with IE.
FWIW, I already have upgraded to 1.6...
Well, it has been my experience that in 99% of the time when a page does not render under Moz, it is usually because the page uses non-standard, poorly written, and/or MS-specific tags, not be cause of a bug in Moz. I guess I was all too subtley pointing out the irony that a so-called "hacker" website can only write a page that can be rendered in IE!
"All I said was that if it's not working, you should try upgrading it."
No, you said
"Apparently it doesn't work very well under Linux 0.1 either. Nor does it look quite right with Internet Explorer 2.0 or Netscape 1.0.
Guess what - when you use old/ancient versions of software, some things are not going to work.
"
You beratted me for having "old" "ancient" software and went on to compare my Moz 1.3 (9 months old) with software, the newest of which is 6 years old.
And in case you didn't try, it works fine in IE 5.5 (3 years old). And under Moz 1.3 page 12 renders OK, but none of the others. That tells me that the page is written poorly, incorrectly or with IE specific html extensions. And any of those seem bitterly ironic for a counter-culture hacker site, which is likely to be accessed by a great many people using Moz, many of those who may be using Moz 1.3.
No, I'm not ruling out a bug in Moz 1.3, but that doesn't mean you need to be pissy in your response. Given the qualitly of the code the Moz team generates now, I think it was reasonalbe to think it was the page, not the browser.
Ooooo, my browser is 9 months old! OMFG how can I live down the embarassment. I should be using Mozilla Firebird 0.7 or better yet a nightly build just so I can be cool at Slashdot!
BTW, imagemaps are just about as old as the internet and could be rendered in Netscape 2.0, so either there is a bug in Moz 1.3 OR they aren't using standard html. Funny how it works under IE 5, a program that is 3 years old.
*cough* fuck you *cough*