Dunno. The two Java projects that I'm very familiar with here at the lab were 50,000 lines of code (an online timesheet thingy that uses servlets, RMI, and JDBC), and Ganymede, which is about 250kLoc. Beyond that, I know I've seen some project boards up on the wall that show Swing graphics for database front ends and the like.
I always had the impression that Java was being used for custom application development, either web based or client-server. Java's "bondage and dominance" aspects make it better for large scale app development than for quick one-off stuff.
What's making Java so hot is not that it is a better systems programming language than C or C++. It clearly is not. What's making it hot is that operating systems, databases, graphics libraries (OpenGL, etc.), and many other high performance C/C++ code modules have been written which less performant Java code can run on top of. The high performance stuff runs with high performance, and the programmer who wants to build something new gets a safe, productive, and reliable programming environment, without having to worry overly much about where their code is going to be deployed.
Everyone wins. And, of course, the people writing the high performance foundational modules are likely to be fewer than those writing applications on top of them, just as there are far fewer Linux kernel hackers than there are programmers writing code for deployment on Linux. So, from that perspective, I can see C and C++ receding somewhat in dominance.
The same thing's been happening in UNIX for the last 10 years with Perl, Python, and Tcl/Tk.
What I want more than anything else from people who use my stuff is to hear from them that they are using what I have written. Free software authors write free software for many reasons, but for many authors the biggest motivation is the thought that they are added something great to the world. Drop the authors a note of thanks and praise and let them know you are actually using their stuff and what you are using it for. You'd be amazed how few people who download a piece of free software do that.
As far as giving money/pizza/beer, sure, if you are so moved, why not? But don't forget that many free software authors are already being paid to write the software they write, even if the software is not, in and of itself, intended as a commercial good.
I fondly remember the Dynamix logo on one of my favorite games for the Amiga, ArcticFox, way back in 1986 or so, back before Dynamix had anything to do with Sierra.
You guys did fine work, and will be missed.
25megs includes full Java JRE distrib
on
Netscape 6.1
·
· Score: 3, Interesting
Which is fairly nice, actually.. finally, a web browser that can run Java 1.2/1.3 applets "natively", using the simple <applet> html syntax for invocation.
The two click system is to keep you on their site for a bit longer, so that their ads will get more face time. This is
related to the concern on Reichard's part, mentioned in the article, about promoting material that would
be hosted on their site rather than going elsewhere.
Of course, I know I tend to go to a LinuxToday story, click through to the external resource, and then come back to LinuxToday for another link to another site.
For me, LinuxToday's greatest value was always the sheer number of links they posted. If I was bored and looking for distraction, I could always hit LinuxToday and read a few interesting links and/or talkback discussions. They have noticeably reduced the number of stories they link to, recently, presumably due to their staff cutbacks.
I've seen 7 probes from Code Red on my home linux box in the space of three and a half hours, and one probe on our work server.
Interestingly enough, we were scanned by what purports to be a network security scanner here at the university last night, using a variant form of the probe. Looks like our network security folks were hunting for open servers before the storm hit.
There were plenty of points made by people with "marquee names" in the discussion that were never acknowledged, let alone substantively responded to by Craig. Part of that is certainly due to the large number of posts the moderators accepted, but I don't think much of anyone was very satisfied with the level of engagement that the Microsoft folks carried out in that discussion.
Craig Mundie responded to maybe two out of dozens of messages posted on that round table. I posted a series of questions in response to Microsoft's specific complaint about the GPL in the University context, and got zero response. It really did seem as though Microsoft was participating because they wanted to iterate their message of the week, and not because they were actually interested in participating in debate about their message.
We DO NOT need to be harassing a Network World columnist for expressing his opinion to some reporter.
A lot of people have made the point that the net needs a better economic model, one that allows for better cost allocations for bandwidth usage. The stuff in the LA Times article is just talking about that, plus Quality Of Service and multicast features that will support investment in things like video on demand.
Nothing terrible here that I can see. If you disagree philosophically, go out and do like Clay Shirky and Jon Gilmore do and write intelligent, thoughtful, non-knee-jerk pieces about the future of the net.
DO NOT harass a commentator and justify the impression that the net is filled with irrational sux0rs (sux0r, n: one who sux.) who are bent on getting everything they want for free, now, dammit.
Brent Glass loathes the GPL. In the SiliconValley.com round table debate a few weeks ago, Brent was by far the most vociferous critic of the GPL on the panel. Far more so than anyone from Microsoft, even.
Asylum wasn't Infocom, it was published by Med Systems, and it was the most amazing thing ever published on the TRS-80. The company later did a IBM PC port that I actually saw once, but it seems to have dropped off of the face of the net.
Asylum had a parser every bit as good as Infocom's, but they added a terrific 3d graphics display on the TRS-80's 128x48 pixel display. Asylum was immersive in a way that very few other games I have ever seen were, and in only 16k. Really one of
the best adventure games ever published.
And it was HARD.
Med Systems also published an excellent adventure game called Lucifer's Realm, in which you had to go to hell and convince the devil to let you go to heaven.
All of these games were in many ways more exciting than the Infocom ones, because they melded graphics and a first-rate adventure parser that really took advantage of the *cough* awesome power of the TRS-80.
Seems this one is pretty popular. I never got any I LOVE YOU mail or anything of that ilk, but I've had a couple of copies already today, both with attachments named after somebody's Excel spreadsheets.
It depends on how Microsoft chooses to implement this choice. From the way they have been promoting the 'download any JVM you want' option, you'd think that they were going to make IE 6 use the OJVM standard for embedding third party JVM's in their web browser, as is supported on the Macintosh using Apple's Macintosh Runtime for Java standard.
I really doubt that this is the case, which means people wanting to use Sun's JVM will have to code their HTML to use the (much more complex) ActiveX/Netscape Plugin based Java Plug-in, rather than the old fashioned <APPLET> tag.
Really, though, for distribution of Java applications to the user's desktop, the best thing going right now is Sun's Java Web Start, which makes it super, super easy and efficient to distribute Java applets and applications to Windows desktops.
I just put support for Java Web Start into Ganymede, and our users are loving it. No more having to start up a full web browser to get the Ganymede client going, no more having the Ganymede client killed off if they forget and quit their browser while the client is running.
Java Web Start is some wonderful stuff for free standing Java applications. If every IBM, Gateway, and Dell PC out there came with it I would be in seventh heaven. Unfortunately, Sun happens to be a hardware competitor to all of those companies, so it's not clear how much they would want to help Sun out with this.
Actually, Sun has provided a couple of different ways to integrate their JVM into IE and Netscape 4. There's the Java Plug-in, which makes it possible to write applets that will be run inside an add-on Sun JVM.
Even better, there is now the Java Web Start application manager utility, which provides great support for deploying Java based applets and applications to people's desktops.
We use these methods to deploy Ganymede to folks here at the laboratory, and everything works great, be it in IE, Netscape 4, or whatever.
The npasswd password history files are kept as a dbm of crypted password choices, so an intruder would have to find and crack that file, and by definition all of the passwords in that file would be hard to crack, as such things go.
The one thing I'm not sure of right now is whether or not npasswd can support the use of md5 passwords or not. If it can, that would add a significant boost to the difficulty of cracking its files.
I tried setting my password to 'mypassword1', and it told me 'Password not acceptable, may be derived from word 'mypassword'.
npasswd may not be able to catch all variants of past passwords, but it is very very picky about what passwords are allowed, and if you choose a password that passes through npasswd, it is going to be a high quality password.
No, a piece of software can't do anything about a user writing their password down on their forehead. But we have managers, and they can discipline or fire users for putting the lab's security at risk, if they do something truly stupid/negligent.
Security is a process, and software's just a tool.
That's why we have npasswd configured to not allow password reuse within a one year period. I have already had people tell me that they had picked out five passwords that they intended to rotate as the last used expire away. Those users can rotate if they like, but after a year I imagine they'll be more likely to pick a genuinely new one, especially since npasswd is such a hard ass about approving password choices.
Ultimately, we hold the users responsible for maintaining reasonable security practices. My job in implementing npasswd was not to force everyone to do the right thing, it was to make it a lot harder to do something stupid. In the end, it comes down to the user.
We do master a lot of systems from our master account database, so the user's single password gets them email, dialup, UNIX, Windows NT, AppleShare, etc. If our users needed to remember a dozen very difficult passwords, we couldn't do this, but with only one password needed for most of our network services, we hope it is not too unreasonable to require them to use decent passwords.
We recently implemented Clyde Hoover's npasswd
password validation program, which does all kinds
of password quality checks and a password history function, to prevent users from re-using their old passwords. We have incorporated npasswd into Ganymede here, along with a password aging function, and boy, what a change for our users. Users really can't have easy passwords any more, they have to change them regularly, and they can't re-use old passwords. The sysadmins in charge of network security here love it, because the odds that our users are using the same password for our network that they are using for Amazon and Slashdot is now dramatically reduced.
Npasswd is very good at what it does. Npasswd supports checks against account information and a wide variety of dictionary files, with character transpositions, reverals, etc. No more 'us3rname' passwords for our users. Here's a partial list of the dictionaries that Ganymede with npasswd checks against in our environment:
Antworth -- Big dictionary, includes many inflected forms
CIS -- Words and names from Current Index to Statistics (partial)
CRL-Words -- Dictionary from Center for Research in Lexicography
Congress -- Names and nicknames of U. S. Congressmen
Domains -- Internet domains
Ethnologue -- Words from the "Ethnologue Database"
Family-Names -- Common family surnames
Given-Names -- Common first names
Jargon -- Words from the Jargon File
Movies -- Characters, actors, and titles from thousands of movies
Python -- Words and names from M. P. scripts
Roget-Words -- Words from 1911 R's Thesaurus
Trek -- Words and names from Star Trek plot summaries
Zipcodes -- Town and city names for all U. S. post offices
If anyone here wants to make sure your users are using strong passwords, run don't walk and get npasswd, I say.
but don't ya think they might be holding back to do the fancy 300mhz 333, 375, 466 etc etc trick we have seen processors do in the past. What do you think?
I think that if they try to put out a processor today at 300, 333, 375, or 466 mhz, they'd probably get laughed at a lot. Unless it's some sooper-low power thing for a Palm Pilot or something.
Seriously, gHz is a lot harder to do than mHz, and there's not an infinite amount of room left for smaller feature size and faster clock speed. Sooner or later it's going to come down to a move to onchip or onboard parallelism. I don't see another 3 orders of magnitude in clock speed being pulled out over the next couple of decades the way it was done over the last two.
Yes, the University of Texas System has explicitly supported the release of software under the GPL when appropriate, and they had a checklist for when it was appropriate to release under the GPL.
I use the past tense because it has been awhile since I have investigated UT policies in this regard. I do know that we released Ganymede under the GPL in compliance with UT system policy. Our release had to be approved by the head of our laboratory, who fits in the UT org chart at the same level as the Dean of the College of Natural Sciences, Engineering, etc.
Slashdot Mirror
Dunno. The two Java projects that I'm very familiar with here at the lab were 50,000 lines of code (an online timesheet thingy that uses servlets, RMI, and JDBC), and Ganymede, which is about 250kLoc. Beyond that, I know I've seen some project boards up on the wall that show Swing graphics for database front ends and the like.
I always had the impression that Java was being used for custom application development, either web based or client-server. Java's "bondage and dominance" aspects make it better for large scale app development than for quick one-off stuff.
See Sun's Swing Sightings Page for a good overview of some more complex stuff being done in Java.
What's making Java so hot is not that it is a better systems programming language than C or C++. It clearly is not. What's making it hot is that operating systems, databases, graphics libraries (OpenGL, etc.), and many other high performance C/C++ code modules have been written which less performant Java code can run on top of. The high performance stuff runs with high performance, and the programmer who wants to build something new gets a safe, productive, and reliable programming environment, without having to worry overly much about where their code is going to be deployed.
Everyone wins. And, of course, the people writing the high performance foundational modules are likely to be fewer than those writing applications on top of them, just as there are far fewer Linux kernel hackers than there are programmers writing code for deployment on Linux. So, from that perspective, I can see C and C++ receding somewhat in dominance.
The same thing's been happening in UNIX for the last 10 years with Perl, Python, and Tcl/Tk.
What I want more than anything else from people who use my stuff is to hear from them that they are using what I have written. Free software authors write free software for many reasons, but for many authors the biggest motivation is the thought that they are added something great to the world. Drop the authors a note of thanks and praise and let them know you are actually using their stuff and what you are using it for. You'd be amazed how few people who download a piece of free software do that.
As far as giving money/pizza/beer, sure, if you are so moved, why not? But don't forget that many free software authors are already being paid to write the software they write, even if the software is not, in and of itself, intended as a commercial good.
I fondly remember the Dynamix logo on one of my favorite games for the Amiga, ArcticFox, way back in 1986 or so, back before Dynamix had anything to do with Sierra.
You guys did fine work, and will be missed.
Which is fairly nice, actually.. finally, a web browser that can run Java 1.2/1.3 applets "natively", using the simple <applet> html syntax for invocation.
The two click system is to keep you on their site for a bit longer, so that their ads will get more face time. This is related to the concern on Reichard's part, mentioned in the article, about promoting material that would be hosted on their site rather than going elsewhere.
Of course, I know I tend to go to a LinuxToday story, click through to the external resource, and then come back to LinuxToday for another link to another site.
For me, LinuxToday's greatest value was always the sheer number of links they posted. If I was bored and looking for distraction, I could always hit LinuxToday and read a few interesting links and/or talkback discussions. They have noticeably reduced the number of stories they link to, recently, presumably due to their staff cutbacks.
I've seen 7 probes from Code Red on my home linux box in the space of three and a half hours, and one probe on our work server.
Interestingly enough, we were scanned by what purports to be a network security scanner here at the university last night, using a variant form of the probe. Looks like our network security folks were hunting for open servers before the storm hit.
There were plenty of points made by people with "marquee names" in the discussion that were never acknowledged, let alone substantively responded to by Craig. Part of that is certainly due to the large number of posts the moderators accepted, but I don't think much of anyone was very satisfied with the level of engagement that the Microsoft folks carried out in that discussion.
- jon
Craig Mundie responded to maybe two out of dozens of messages posted on that round table. I posted a series of questions in response to Microsoft's specific complaint about the GPL in the University context, and got zero response. It really did seem as though Microsoft was participating because they wanted to iterate their message of the week, and not because they were actually interested in participating in debate about their message.
- jon
And, yes, 300 emails, no matter how polite they each may be, counts as harassment. Don't do it, please. Think of the children.
- jon
We DO NOT need to be harassing a Network World columnist for expressing his opinion to some reporter.
A lot of people have made the point that the net needs a better economic model, one that allows for better cost allocations for bandwidth usage. The stuff in the LA Times article is just talking about that, plus Quality Of Service and multicast features that will support investment in things like video on demand.
Nothing terrible here that I can see. If you disagree philosophically, go out and do like Clay Shirky and Jon Gilmore do and write intelligent, thoughtful, non-knee-jerk pieces about the future of the net.
DO NOT harass a commentator and justify the impression that the net is filled with irrational sux0rs (sux0r, n: one who sux.) who are bent on getting everything they want for free, now, dammit.
- jon
Brent Glass loathes the GPL. In the SiliconValley.com round table debate a few weeks ago, Brent was by far the most vociferous critic of the GPL on the panel. Far more so than anyone from Microsoft, even.
- jon
Asylum wasn't Infocom, it was published by Med Systems, and it was the most amazing thing ever published on the TRS-80. The company later did a IBM PC port that I actually saw once, but it seems to have dropped off of the face of the net.
Asylum had a parser every bit as good as Infocom's, but they added a terrific 3d graphics display on the TRS-80's 128x48 pixel display. Asylum was immersive in a way that very few other games I have ever seen were, and in only 16k. Really one of the best adventure games ever published.
And it was HARD.
Med Systems also published an excellent adventure game called Lucifer's Realm, in which you had to go to hell and convince the devil to let you go to heaven.
All of these games were in many ways more exciting than the Infocom ones, because they melded graphics and a first-rate adventure parser that really took advantage of the *cough* awesome power of the TRS-80.
- jon
<>
- jon
Seems this one is pretty popular. I never got any I LOVE YOU mail or anything of that ilk, but I've had a couple of copies already today, both with attachments named after somebody's Excel spreadsheets.
- jon
It depends on how Microsoft chooses to implement this choice. From the way they have been promoting the 'download any JVM you want' option, you'd think that they were going to make IE 6 use the OJVM standard for embedding third party JVM's in their web browser, as is supported on the Macintosh using Apple's Macintosh Runtime for Java standard.
I really doubt that this is the case, which means people wanting to use Sun's JVM will have to code their HTML to use the (much more complex) ActiveX/Netscape Plugin based Java Plug-in, rather than the old fashioned <APPLET> tag.
Really, though, for distribution of Java applications to the user's desktop, the best thing going right now is Sun's Java Web Start, which makes it super, super easy and efficient to distribute Java applets and applications to Windows desktops.
I just put support for Java Web Start into Ganymede, and our users are loving it. No more having to start up a full web browser to get the Ganymede client going, no more having the Ganymede client killed off if they forget and quit their browser while the client is running.
Java Web Start is some wonderful stuff for free standing Java applications. If every IBM, Gateway, and Dell PC out there came with it I would be in seventh heaven. Unfortunately, Sun happens to be a hardware competitor to all of those companies, so it's not clear how much they would want to help Sun out with this.
- jon
Actually, Sun has provided a couple of different ways to integrate their JVM into IE and Netscape 4. There's the Java Plug-in, which makes it possible to write applets that will be run inside an add-on Sun JVM.
Even better, there is now the Java Web Start application manager utility, which provides great support for deploying Java based applets and applications to people's desktops.
We use these methods to deploy Ganymede to folks here at the laboratory, and everything works great, be it in IE, Netscape 4, or whatever.
- jon
The npasswd password history files are kept as a dbm of crypted password choices, so an intruder would have to find and crack that file, and by definition all of the passwords in that file would be hard to crack, as such things go.
The one thing I'm not sure of right now is whether or not npasswd can support the use of md5 passwords or not. If it can, that would add a significant boost to the difficulty of cracking its files.
- jon
I tried setting my password to 'mypassword1', and it told me 'Password not acceptable, may be derived from word 'mypassword'.
npasswd may not be able to catch all variants of past passwords, but it is very very picky about what passwords are allowed, and if you choose a password that passes through npasswd, it is going to be a high quality password.
No, a piece of software can't do anything about a user writing their password down on their forehead. But we have managers, and they can discipline or fire users for putting the lab's security at risk, if they do something truly stupid/negligent.
Security is a process, and software's just a tool.
- jon
That's why we have npasswd configured to not allow password reuse within a one year period. I have already had people tell me that they had picked out five passwords that they intended to rotate as the last used expire away. Those users can rotate if they like, but after a year I imagine they'll be more likely to pick a genuinely new one, especially since npasswd is such a hard ass about approving password choices.
Ultimately, we hold the users responsible for maintaining reasonable security practices. My job in implementing npasswd was not to force everyone to do the right thing, it was to make it a lot harder to do something stupid. In the end, it comes down to the user.
We do master a lot of systems from our master account database, so the user's single password gets them email, dialup, UNIX, Windows NT, AppleShare, etc. If our users needed to remember a dozen very difficult passwords, we couldn't do this, but with only one password needed for most of our network services, we hope it is not too unreasonable to require them to use decent passwords.
- jon
We recently implemented Clyde Hoover's npasswd password validation program, which does all kinds of password quality checks and a password history function, to prevent users from re-using their old passwords. We have incorporated npasswd into Ganymede here, along with a password aging function, and boy, what a change for our users. Users really can't have easy passwords any more, they have to change them regularly, and they can't re-use old passwords. The sysadmins in charge of network security here love it, because the odds that our users are using the same password for our network that they are using for Amazon and Slashdot is now dramatically reduced.
Npasswd is very good at what it does. Npasswd supports checks against account information and a wide variety of dictionary files, with character transpositions, reverals, etc. No more 'us3rname' passwords for our users. Here's a partial list of the dictionaries that Ganymede with npasswd checks against in our environment:
If anyone here wants to make sure your users are using strong passwords, run don't walk and get npasswd, I say.
- jon
Scott is earning a living? From what he said on his site, he in fact does have a day job..
- jon
but don't ya think they might be holding back to do the fancy 300mhz 333, 375, 466 etc etc trick we have seen processors do in the past. What do you think?
I think that if they try to put out a processor today at 300, 333, 375, or 466 mhz, they'd probably get laughed at a lot. Unless it's some sooper-low power thing for a Palm Pilot or something.
Seriously, gHz is a lot harder to do than mHz, and there's not an infinite amount of room left for smaller feature size and faster clock speed. Sooner or later it's going to come down to a move to onchip or onboard parallelism. I don't see another 3 orders of magnitude in clock speed being pulled out over the next couple of decades the way it was done over the last two.
- jon
Not true. The GPL is just one license that the UT system has blessed as being in keeping with the interests of the University.
I don't speak for UT System, of course.
- jon
Yes, the University of Texas System has explicitly supported the release of software under the GPL when appropriate, and they had a checklist for when it was appropriate to release under the GPL.
I use the past tense because it has been awhile since I have investigated UT policies in this regard. I do know that we released Ganymede under the GPL in compliance with UT system policy. Our release had to be approved by the head of our laboratory, who fits in the UT org chart at the same level as the Dean of the College of Natural Sciences, Engineering, etc.
- jon