I have a Mac Pro 17" with Thunderbolt that I mainly use to hook up an external monitor (Thunderbolt->DVI with a KVM switch in between).
I picked up a LaCie Thunderbolt-SATA adapter to mess with. Plugged it in between the laptop and the KVM switch. Oops. Video quality goes to hell. If I pull the KVM it works better, but that kind of screws up my desktop.
It would have been nice if Apple had put two (or more) Thunderbolt ports on the machine but, hey, all you need is one, right, because it's so fast. Until you get something that doesn't play nice with the spec into your chain.
Thunderbolt is gearing up to be the Firewire of the 21st century (and I say this as someone with a whole rack full of Firewire equipment) - cool but not supported well enough to have any long-term longevity.
While cute, this is really overthinking the problem.
If you want to kill lots of people in an aviation related way, send a suicide bomber to the security checkpoint at Thanksgiving.
If you want to get weapons onto the plane, infiltrate someone into the cleaning staff or maybe the caterers. There are lots of people and vehicles who enter the airport without being rigorously searched. Have them leave a weapon for you in the airplane's bathroom or taped under your seat.
Heh - I was selling computers at the UCSD bookstore around that time and I had a customer come in one time and tell me that another store had sold her a "DBase" machine and she wanted to figure out what it was. Turned out to be an Apple II+ with a CP/M card.
No, I'm tired of companies and people trying to assert rights they do not have. BTW, this post is copyrighted by me and if you reply to it you will have to pay me $10 (feel free to call me a jerk).
Implementing your own system that meets your needs is not being a jerk. Asserting rights that you do not have is jerky behavior. Oracle is being the jerk in this instance.
That's just dumb. The security problem is that the sandbox has too large of an attack surface. If you're using the OS to contain untrusted code, rather than the sandbox, Java is just as secure or insecure as C or Perl.
That security is just designed to let Apple spend less effort curating the App Store. Most commercial applications are not trying to do bad things to customer's computers and most commercial applications do not have wide enough distribution to be an effective attack vector. All of that security is just there so that it is hard for people to use the App Store as a malware distribution platform. It doesn't actually provide much benefit for software users and it is a royal pain in the ass for software developers.
And who says the sandbox is secure? Java has had a "secure" sandbox for years - now that it's getting some attention it turns out to be full of holes. The OS X sandbox is not as simple as a chroot'd jail and has lots of "magic" in it to make things happen. There will turn out to be a massive exploit in there somewhere, just watch.
How quickly they forget. When the iPhone was announced, there was no app store and no plans for an SDK. Jobs said that you should make web apps. Maybe there were secret plans for an SDK but that was the official story for some time.
I ran without an adblocker for the longest time because the ads on the side don't bother me. Even the occasional interstitial I could deal with. Then, one of the sites I visit regularly started running that damned Meebo toolbar that manages to cover part of whatever you're looking at. It looks like it's been fixed but for a while it repopped up on every page you went to on the site. So, I installed an adblocker, and I've been a happy camper ever since. I don't even think about it running anymore.
This is sad for the sites who have not been annoying with their ads. However, even those sites that want to keep the ads under control apparently have trouble. The writer at Destructoid said that they try to keep the annoying ads out, like the ones that start running audio as soon as you open the page. Try is the operative word, though, and many other sites do not try, so it's always a possibility that something stupid will start blaring out of your speakers. The industry as a whole needs to stop looking at consumers as sheep to be milked instead of customers to be convinced.
I never said a C programmer can't make a mess of code, I also never still never mentioned anything about the Java sandbox or the Linux kernel.
No, what you said is:
I never mentioned about the Linux kernel being non exploitable, but if it was writen in Java it would be much more exploitable.
The reason I mention the sandbox is because that is where the exploits are. Would you care to bring up another Java language feature that's a security hole?
I've also done enough Java programming to know I'm never going back to it.
You're welcome to use the tools you like. And you're welcome to criticize the tools I like, if your criticism is based on facts. All I ask is that you not spread falsehoods.
If you're going to argue Apple doesn't invent anything because they weren't the first version then none of those count either. Driverless cars were in development before Google got involved. Street View? That's actually just Quicktime VR. I was going to start a project of going around and making Quicktime VR movies in all the intersections of SF back in the mid '90's. Google Glass? Steve Mann has been running around with silly computer augmented glasses for decases.
The sandbox was designed back in the mid '90's. I don't think anyone realized just how hard securing things really is. One of my friends worked with Ed Felten at CMU back then and that team showed a number of exploits for the sandbox. When he showed me how some of them worked I was impressed - because my mind doesn't bend into pretzels that way to figure out exploits.
The best thing Oracle could do at this point would be to just shoot applets in the head (probably not going to happen). Second place would go to running each applet in a separate process and it's own OS contained sandbox the same way everybody else is. The attack surface of the OS is smaller and better tested.
I never mentioned about the Linux kernel being non exploitable, but if it was writen in Java it would be much more exploitable.
All this statement proves is that you aren't qualified to have a opinion on this subject. I brought up Linux kernel exploits because the Linux kernel is coded in C. The Java exploits that I have seen are all related to breakouts from the sandbox. The kernel and the Java sandbox are equivalent because both are supposed to be able to run untrusted code and keep that untrusted code from doing things it is not supposed to. If you wrote a POSIX compliant kernel using Java you would not use the sandbox to keep untrusted code from doing bad things and it would be about as likely to have exploits as a kernel coded in C. The problem with the sandbox is that the attack surface is just too large to be secured effectively.
Some languages, like PHP, have features that actively work against security. Other than the sandbox (don't use the sandbox to contain untrusted code) Java doesn't have many features like that. C does have features that have to be applied carefully or used carefully (unchecked array bounds, int->pointer conversions).
So I'll admit your probably not a hipster, that wasn't fair to say but in the end I just find a good C programmer an invaluable addition to a team over any Java programmer.
You may as well say "good programmer" because lousy C programmers can make a mess incredibly quickly.
Well, then you would both be wrong. C doesn't have a security model to exploit. The security model for loading untrusted code into your C application is "Don't do that" which isn't such a bad idea, really. However, if you remove the stupid idea of trying to run untrusted code in a sandbox within your application, Java is quite secure which is why people write server code in Java. No buffer overflows to start with (a classic exploit of server code written in C)
Unfortunately there is no "stupid" moderation. The issue is the Java sandbox which has the goal of letting you run untrusted code (e.g. applets) on your system without any worries. Unfortunately the attack surface of the sandbox is huge because there are so many different API's that are usable and all it takes is a bug in one of them to give you an exploit.
Turn off Java in your browser and you'll be a happy camper. Stop spreading FUD. The Linux kernel still has exploits (http://www.zdnet.com/linux-kernel-exploit-gets-patched-7000011844/).
Oh, and I spent 10 years as a kernel developer in C and another 10 years as a Java developer so I guess I'm a Real Hipster Programmer.
Not true! HFS+ (the standard Mac file system) is case-preserving but case-insensitive (usually). Causes some real fun with SVN sometimes when people change capitalization on file names.
Well, consider this - the App Store is the ONLY market for iPhone software so those numbers are for all software sales for iPhone. That $7B figure that is tossed around is not for 2012, but since the App Store was created. Electronic Arts alone is making $4B a year in revenue. So, obviously, the iPhone is not supporting the kind of software ecosystem that either Windows or even Mac OS supports.
mjwx is right - it's a rube's game to develop for iPhone. It's certainly not something you can design a major company around.
Apple's revenues were $36B in 4th quarter 2012. Even if we take that $7B as for 2012 alone, with the 30% cut for Apple, that means the total sales were $10B and Apple's share was $3B, or less than $1B per quarter. App Store is simply a hobby for them. It's no wonder they treat the developers so poorly.
Here's where I think they're screwing themselves, though. Traditionally, users spent more on software than on hardware. This creates a certain amount of lock-in when you're upgrading hardware because you have to repurchase all of your applications for a different OS. How much has the average user spent on apps for their iPhone? $50? $100? Whatever it is, it's certainly a lot less than they spent for the hardware. Making the switch to Android is a lot easier, at least from the software upgrade point of view.
I worked full-time as a software engineer and went to school part-time for the last two years of my degree. It was tough, but I did finish out my degree and it's definitely a lot easier when you don't have to start your interviews with "Well, I don't have a degree but I have this experience..."
The problem is that we have novice programmers trying to "whip up" something that scales. It used to be we made novice programmers do maintenance programming until they actually learned something.
Slashdot Mirror
Unfortunately it doesn't "just work".
I have a Mac Pro 17" with Thunderbolt that I mainly use to hook up an external monitor (Thunderbolt->DVI with a KVM switch in between).
I picked up a LaCie Thunderbolt-SATA adapter to mess with. Plugged it in between the laptop and the KVM switch. Oops. Video quality goes to hell. If I pull the KVM it works better, but that kind of screws up my desktop.
It would have been nice if Apple had put two (or more) Thunderbolt ports on the machine but, hey, all you need is one, right, because it's so fast. Until you get something that doesn't play nice with the spec into your chain.
Thunderbolt is gearing up to be the Firewire of the 21st century (and I say this as someone with a whole rack full of Firewire equipment) - cool but not supported well enough to have any long-term longevity.
While cute, this is really overthinking the problem.
If you want to kill lots of people in an aviation related way, send a suicide bomber to the security checkpoint at Thanksgiving.
If you want to get weapons onto the plane, infiltrate someone into the cleaning staff or maybe the caterers. There are lots of people and vehicles who enter the airport without being rigorously searched. Have them leave a weapon for you in the airplane's bathroom or taped under your seat.
Heh - I was selling computers at the UCSD bookstore around that time and I had a customer come in one time and tell me that another store had sold her a "DBase" machine and she wanted to figure out what it was. Turned out to be an Apple II+ with a CP/M card.
No, I'm tired of companies and people trying to assert rights they do not have. BTW, this post is copyrighted by me and if you reply to it you will have to pay me $10 (feel free to call me a jerk).
Or don't use the sandbox. It's an added feature that most languages do not have.
Implementing your own system that meets your needs is not being a jerk. Asserting rights that you do not have is jerky behavior. Oracle is being the jerk in this instance.
That's just dumb. The security problem is that the sandbox has too large of an attack surface. If you're using the OS to contain untrusted code, rather than the sandbox, Java is just as secure or insecure as C or Perl.
That security is just designed to let Apple spend less effort curating the App Store. Most commercial applications are not trying to do bad things to customer's computers and most commercial applications do not have wide enough distribution to be an effective attack vector. All of that security is just there so that it is hard for people to use the App Store as a malware distribution platform. It doesn't actually provide much benefit for software users and it is a royal pain in the ass for software developers.
And who says the sandbox is secure? Java has had a "secure" sandbox for years - now that it's getting some attention it turns out to be full of holes. The OS X sandbox is not as simple as a chroot'd jail and has lots of "magic" in it to make things happen. There will turn out to be a massive exploit in there somewhere, just watch.
How quickly they forget. When the iPhone was announced, there was no app store and no plans for an SDK. Jobs said that you should make web apps. Maybe there were secret plans for an SDK but that was the official story for some time.
I ran without an adblocker for the longest time because the ads on the side don't bother me. Even the occasional interstitial I could deal with. Then, one of the sites I visit regularly started running that damned Meebo toolbar that manages to cover part of whatever you're looking at. It looks like it's been fixed but for a while it repopped up on every page you went to on the site. So, I installed an adblocker, and I've been a happy camper ever since. I don't even think about it running anymore.
This is sad for the sites who have not been annoying with their ads. However, even those sites that want to keep the ads under control apparently have trouble. The writer at Destructoid said that they try to keep the annoying ads out, like the ones that start running audio as soon as you open the page. Try is the operative word, though, and many other sites do not try, so it's always a possibility that something stupid will start blaring out of your speakers. The industry as a whole needs to stop looking at consumers as sheep to be milked instead of customers to be convinced.
I never said a C programmer can't make a mess of code, I also never still never mentioned anything about the Java sandbox or the Linux kernel.
No, what you said is:
I never mentioned about the Linux kernel being non exploitable, but if it was writen in Java it would be much more exploitable.
The reason I mention the sandbox is because that is where the exploits are. Would you care to bring up another Java language feature that's a security hole?
I've also done enough Java programming to know I'm never going back to it.
You're welcome to use the tools you like. And you're welcome to criticize the tools I like, if your criticism is based on facts. All I ask is that you not spread falsehoods.
If you're going to argue Apple doesn't invent anything because they weren't the first version then none of those count either. Driverless cars were in development before Google got involved. Street View? That's actually just Quicktime VR. I was going to start a project of going around and making Quicktime VR movies in all the intersections of SF back in the mid '90's. Google Glass? Steve Mann has been running around with silly computer augmented glasses for decases.
The sandbox was designed back in the mid '90's. I don't think anyone realized just how hard securing things really is. One of my friends worked with Ed Felten at CMU back then and that team showed a number of exploits for the sandbox. When he showed me how some of them worked I was impressed - because my mind doesn't bend into pretzels that way to figure out exploits.
The best thing Oracle could do at this point would be to just shoot applets in the head (probably not going to happen). Second place would go to running each applet in a separate process and it's own OS contained sandbox the same way everybody else is. The attack surface of the OS is smaller and better tested.
I never mentioned about the Linux kernel being non exploitable, but if it was writen in Java it would be much more exploitable.
All this statement proves is that you aren't qualified to have a opinion on this subject. I brought up Linux kernel exploits because the Linux kernel is coded in C. The Java exploits that I have seen are all related to breakouts from the sandbox. The kernel and the Java sandbox are equivalent because both are supposed to be able to run untrusted code and keep that untrusted code from doing things it is not supposed to. If you wrote a POSIX compliant kernel using Java you would not use the sandbox to keep untrusted code from doing bad things and it would be about as likely to have exploits as a kernel coded in C. The problem with the sandbox is that the attack surface is just too large to be secured effectively.
Some languages, like PHP, have features that actively work against security. Other than the sandbox (don't use the sandbox to contain untrusted code) Java doesn't have many features like that. C does have features that have to be applied carefully or used carefully (unchecked array bounds, int->pointer conversions).
So I'll admit your probably not a hipster, that wasn't fair to say but in the end I just find a good C programmer an invaluable addition to a team over any Java programmer.
You may as well say "good programmer" because lousy C programmers can make a mess incredibly quickly.
Well, then you would both be wrong. C doesn't have a security model to exploit. The security model for loading untrusted code into your C application is "Don't do that" which isn't such a bad idea, really. However, if you remove the stupid idea of trying to run untrusted code in a sandbox within your application, Java is quite secure which is why people write server code in Java. No buffer overflows to start with (a classic exploit of server code written in C)
Unfortunately there is no "stupid" moderation. The issue is the Java sandbox which has the goal of letting you run untrusted code (e.g. applets) on your system without any worries. Unfortunately the attack surface of the sandbox is huge because there are so many different API's that are usable and all it takes is a bug in one of them to give you an exploit.
Turn off Java in your browser and you'll be a happy camper. Stop spreading FUD. The Linux kernel still has exploits (http://www.zdnet.com/linux-kernel-exploit-gets-patched-7000011844/).
Oh, and I spent 10 years as a kernel developer in C and another 10 years as a Java developer so I guess I'm a Real Hipster Programmer.
Consider yourself the proud recipient of a Piled Higher and Deeper.
Not true! HFS+ (the standard Mac file system) is case-preserving but case-insensitive (usually). Causes some real fun with SVN sometimes when people change capitalization on file names.
It's not much money for a company. It's great if you can make that for an app that you made in your spare time but that doesn't happen that often.
Well, consider this - the App Store is the ONLY market for iPhone software so those numbers are for all software sales for iPhone. That $7B figure that is tossed around is not for 2012, but since the App Store was created. Electronic Arts alone is making $4B a year in revenue. So, obviously, the iPhone is not supporting the kind of software ecosystem that either Windows or even Mac OS supports.
mjwx is right - it's a rube's game to develop for iPhone. It's certainly not something you can design a major company around.
Apple's revenues were $36B in 4th quarter 2012. Even if we take that $7B as for 2012 alone, with the 30% cut for Apple, that means the total sales were $10B and Apple's share was $3B, or less than $1B per quarter. App Store is simply a hobby for them. It's no wonder they treat the developers so poorly.
Here's where I think they're screwing themselves, though. Traditionally, users spent more on software than on hardware. This creates a certain amount of lock-in when you're upgrading hardware because you have to repurchase all of your applications for a different OS. How much has the average user spent on apps for their iPhone? $50? $100? Whatever it is, it's certainly a lot less than they spent for the hardware. Making the switch to Android is a lot easier, at least from the software upgrade point of view.
I worked full-time as a software engineer and went to school part-time for the last two years of my degree. It was tough, but I did finish out my degree and it's definitely a lot easier when you don't have to start your interviews with "Well, I don't have a degree but I have this experience..."
There's a reason why the mountains are uninhabited - there are very few flat areas! Not really a good place to put solar farms.
I'm not sure if debt collection laws would apply since it's a business, not a personal debt. Fair Debt Collection Practices Act definitely doesn't.
The problem is that we have novice programmers trying to "whip up" something that scales. It used to be we made novice programmers do maintenance programming until they actually learned something.
Well, according to this article, the neighbors don't want that exported electricity and it's causing problems with their grids.