Indeed, on my machine a freshly launched Mozilla uses _less_ RAM than Galeon:
sumner 23726 22.4 9.8 35376 25052 pts/0 R 05:00 0:03/usr/lib/mozilla/mozilla-bin
sumner 23722 0.0 11.7 43232 29896 pts/0 S 04:51 0:00/usr/bin/galeon-bin
29MB for galeon vs. 25MB for mozilla. It's tough to tell how much is shared under 2.4 kernels, sadly.
Both have 4 threads, so stack utilization should be similar.
Still, I like the fact that Galeon uses the same widgets as everything else (blends with my themes, etc) and it seems faster psychologically. I've not done objective timings.
1. The compatibility argument here is spurious. Because all of these browsers use the same rendering engine (Gecko), web pages will look the same between all of them. Essentially, they're just UI distinctions which web designers by and large don't need to worry about.
2. The security argument is interesting, but bear in mind that unified platforms are like unified gene pools--a single virus or other agent can target them all. More diverse systems are more difficult to target; a galeon-specific virus won't affect mozilla or k-meleon. Of course, a generic Gecko virus is possible but that doesn't increase vulnerability over a mozilla-only world. And because Galeon is designed to be small, there's much less code to audit.
- You can disable Mozilla's JS window.open() A nice feature, true, but what happens when you go to click on a "help" icon and it can't open a new window?
The mozilla anti-popup feature disables popups on window open, page load, and window close (and timers). So obnoxious auto-pops don't happen, but e.g. The Onion's horoscopes still work.
I can't find the whole thing, but there's
a summary at linux weekly news, and googling for "days recess security focus microsoft linux" or similar might help (days of recess is a measure of response time).
A C++ compiler won't give anything approaching the same results as a C compiler.
Example:
sizeof('a')
is 4 on Intel/C, and 1 on Intel/C++. More generally, it's the same as sizeof(int) in C and it's sizeof(char) in C++.
Example:
char *a = malloc (10);
Should issue a diagnostic in any conforming C++ compiler, requiring a cast of the malloc() return value to (char *) to suppress the warning (which results in a lot of dangerous casts in C++ code that things like lclint will be confused by).
There are tons of such things, which make it nearly impossible to compile any reasonable large C project with a C++ compiler and get correct behavior. And that's assuming that you don't have variables named "new" or your own "bool" type or anything obvious like that.
Maintenance and development of a Python web site are both likely to be significantly faster than for the equivalent site written in Java if for no other reason than that the Python code is going to be substantially shorter; less lines to both write and maintain, and they're clear, readable lines (unlike say an awk or poorly-written Perl program).
Also, Java is more of a class oriented language than a truly object-oriented language; Python closer to being a fully object-oriented language (like Smalltalk but unlike, say, C++). Read e.g. the comp.object FAQ and pay attention to things like dynamic inheritance, meta-class programming (which Java supports only in a very limited way; e.g, you can't get the meta-class of a meta-class), and multiple polymorphism.
Heck, functions aren't even objects in Java; you can't keep a vector (or other container) full of functions (or methods). The type-class dichotomy in Python is a bit of a wort (though it's even worse in Java), but there's a unification coming in Python 2.2.
Java is primarily statically typed while Python is primarily dynamically typed; that's the major difference between the two from a programming languages standpoint, and Java vs. Python boils down essentially to the same old Pascal vs. Lisp or Ada vs. Smalltalk debate on that level. Python certainly isn't untyped (unlike, say, tcl or in some ways perl).
Also, the speed argument is pretty bogus in this arena; Python is slower than Java for heavy computation, but it's substantially faster for file and network I/O (areas which are quite important in web site development).
Which is not to say that Java isn't the right tool for some web sites, but Python is an extremely good tool even for large multi-developer web sites where maintenance is an important issue.
My wife uses our Mac at home. She clutters her desktop with icons, rarely empties the trash can unless I tell her it's essential
Wow. My wife gets mad at me because I clutter my desktop with papers and rarely empty the trash unless she yells at me to do it.
Sumner
Re:Memory leak detection
on
Memory Leaks
·
· Score: 1
You can use LD_PRELOAD to wrap malloc, assuming they're dynamically linked against libc (almost definitely). If they use GNU libc and don't dynamically link, they're required by the LGPL to distribute object files so you can relink against your own libc.
If you don't have the source, fixing a leak is tough but you can rebuild the garbage-collecting malloc in a redirect mode so their app uses it instead of libc's malloc. Then LD_PRELOAD it. I used to do this with netscape-communicator back when it leaked like mad; worked great, though as I mentioned there is a chance that gcc's optimizations could confuse the gc. In practice it seemed to work okay, for any app where a very rare crash isn't the end of the world (netscape crashed all the time anyway) and where the app is already leaking anyway, it's worth a try.
The escape key must be positioned more convieniently on the keyboard you use.
Yep. In the same way that Emacs users remap a PC keyboard to make Caps Lock be a CTRL key, I (and other vi users) remap Caps Lock to ESC. Even without that, Ctrl-[ is ESC anyway.
I started with Emacs and switched to vi because it's so much less wear and tear on the wrists and it's faster for me.
I did some commercial work with GA's for a while. They're ok, the only effective way we currently know of to solve certain classes of problem, but I now sincerely doubt that darwinism is correct. I don't think evolution from Apes to humans in 1000000 years with the kind of population that existed is feasible using a GA approach. There's something else going on that hasn't been identified yet
Be careful using Boehm in production code; the web pages has the caveat:
C compilers may not hide pointers in the generated object code. In our experience, standard commercial compilers obey this restriction in unoptimized code. Most aggressive optimizing compilers do not obey this restriction for all optimized code. For details and examples see papers/pldi96.ps.gz. However, it is difficult to construct examples for which they violate it, especially for single-threaded code. In our experience, the only examples we have found of a failure with the current collector, even in multi-threaded code, were contrived.
However, the gcc developers claim the gcc does in fact violate this constraint. So using Boehm gc with gcc may not be safe in production code. The gcc mailing list has had a couple of threads on how to make gcc garbage-collector friendly in the future (once again, Java is one impetus for this). Until then, I'd stick to manual mm and use the gc only to help find leaks.
The Boehm-Weiser garbage-collecting malloc() can be built in a leak-detection mode. Every time an object is leaked, it prints out the address of the memory in question. Do that. Then it's 15 lines of python to correlate that back with the malloc() calls; I wrapped malloc/realloc to print out the line number and filename, e.g.
with similar for realloc (and make free do GC_free).
Then run the proggy, redirecting stderr through a simple python script: (leading spaces have been replaced with underscores since slashdot doesn't do PRE)
import sys
a={}
for line in sys.stdin.readlines():
__line=line.strip()
__num=line[line.find("0x"):]
__try:
____num=num[0: num.index(" ")]
__except:
____pass
When I run my program this way I get the following output:
Leaked object: Line 43 of leak_stuff.c/(): 0x806efe0
Leaked object: Line 43 of leak_stuff.c/(): 0x806eff0
Leaked object: Line 55 of leak_stuff.c/(): 0x806dfd8
Which tells me which lines to look for the initial allocations of leaked objects at.
The garbage-collecting malloc is really cool; it's at:
http://www.hpl.hp.com/personal/Hans_Boehm/gc/
for now, but rumor has it that gcc will become the official source for it at some point (it's needed for the Java compiler).
If everyone else on the internet suffers from the "Slashdot Effect"
They don't. I used to work with the usage analysis group at a large internet company; we were linked to from the front page of slashdot one day, and out of curiousity decided to measure the slashdot effect. Even in the first hour after the article was posted, less than 5% of our page views were referrals from slashdot (overall traffic was lower than the previous day).
The Slashdot effect only applies to sites that are unable to handle/. levels of traffic; sites that are larger than/. are (basically) unaffected, as are sites that can handle spikey traffic loads.
My ipaq can serve 800 requests/second of the dynamic content server I work on (an 800mhz PIII can do 10000/sec), which is an awful lot of traffic (more than/. does for sure). It's the bandwidth that'd get you, but you can put 100 mbps ethernet on these things which should be more than enough.
Scenario a: GPL challenge fails. Infringer has to GPL all derived work of original GPL code that he wants to distribute. Presumably he didn't want to do this, otherwise he wouldn't have taken it to court...
No, the infringer has to stop violating the GPL. This could be done be ceasing all distribution of the code in question. The infringer may have to pay penalties for past violations (this may happen even if the infringer now chooses to GPL its code). The infringer is never forced to give up its code under the GPL.
I am not a lawyer. This is not legal advice.
Sumner
Re:1995: Who needs Java when we have C?
on
Why not Ruby?
·
· Score: 1
And why do we need another virtual machine language? Wasn't Icon first?
Pascal. P-Code. Almost 40 years ago.
Re:What, and Python doesn't?
on
Why not Ruby?
·
· Score: 1
You misunderstand. In Python, the * operator invokes the __mul__ function. So if you override __mul__, * will do the right thing. That's why he said "Try checking out the __add__...methods in Python".
"If you're going to bash a language, you really should make it a point to at least learn the language first."
Yes, you are correct about this. Why? Because ODBMS's are currently all non-free. I only work with free software. My point was partially that it would be nice to see such a thing GPLd because then I (and a million others) could learn the concepts, and in the purest vein of free software development, improve it.
There are plenty of free ODBMS's. Nobody uses them because most ODBMS's suck and most applications are written around RDBMS's. Shore (from UW-Madison) is probably the best free one (MIT/X style license, probably GPL-compatible but ask a lawyer) http://www.cs.wisc.edu/shore/. Zodb is also an object database (part of Zope, http://www.zope.org) that with ZEO even does distributed objects.
But ODBMS's are mostly like threads: good in very limited applications, but it's really easy to go overboard and think you have an elegant super-ODBMS design when you're really digging an unmaintainable, nonperformant mess. And for large applications (esp. once you get into the hundreds/thousands of GB+ range) ODBMSs really aren't there (yet?). Like STREAMS, nobody's ever come up with an efficient implementation and it's not because they haven't tried. Might be a clue...
And the chances of qmail or djbdns having holes in is...? Anybody...? Approximately zero, I'd say. For people that don't know, the author guarantees cash rewards to anybody finding exploitable code in his software.
There are known DOSes in qmail that have been there for (literally) years with no attempt made to address them. DJB's response is always that DOSes aren't real holes and that it's impossible to be DOS-proof; there's an inkling of merit to that, but a DOS which allows an attacker with a substantially smaller pipe to swamp a server with overwhelming resources _should_ be fixed.
Use exim instead of qmail. Not only does it have no known security holes, but you can actually fix them if you find them.
Well, Virginia is a Commonwealth, as any Virginian knows, so that might be part of the problem!
VA can call itself whatever it wants to, but under the US Constitution it's a state--and the Constitution is the supreme law of the land, accepted by VA over 250 years ago.
Slashdot Mirror
If they no longer sell it, and no longer support it, technically it's abandonware, right?
There is no legal definition of abandonware (nor any legal concept of it).
Have there been any court decisions on abandonware and whether it's legally okay to trade it/hack it/despoil it in general?
Copyright does not require support of the copyrighted work.
Has MS been enforcing MS-DOS licenses?
Yes. SPA and other copyright enforcement goons still catalog and penalize illegal copies of MS-DOS.
If not, will that make Win95 sort of a free-for-all too?
No.
Nope. Downloaded the RPMs of both. "file" reveals that both are stripped.
Indeed, on my machine a freshly launched Mozilla uses _less_ RAM than Galeon:
/usr/lib/mozilla/mozilla-bin
/usr/bin/galeon-bin
sumner 23726 22.4 9.8 35376 25052 pts/0 R 05:00 0:03
sumner 23722 0.0 11.7 43232 29896 pts/0 S 04:51 0:00
29MB for galeon vs. 25MB for mozilla. It's tough to tell how much is shared under 2.4 kernels, sadly.
Both have 4 threads, so stack utilization should be similar.
Still, I like the fact that Galeon uses the same widgets as everything else (blends with my themes, etc) and it seems faster psychologically. I've not done objective timings.
This is with Galeon 1.0 and mozilla 9.6.
Sumner
1. The compatibility argument here is spurious. Because all of these browsers use the same rendering engine (Gecko), web pages will look the same between all of them. Essentially, they're just UI distinctions which web designers by and large don't need to worry about.
2. The security argument is interesting, but bear in mind that unified platforms are like unified gene pools--a single virus or other agent can target them all. More diverse systems are more difficult to target; a galeon-specific virus won't affect mozilla or k-meleon. Of course, a generic Gecko virus is possible but that doesn't increase vulnerability over a mozilla-only world. And because Galeon is designed to be small, there's much less code to audit.
Choice is good.
Sumner
- You can disable Mozilla's JS window.open()
A nice feature, true, but what happens when you go to click on a "help" icon and it can't open a new window?
The mozilla anti-popup feature disables popups on window open, page load, and window close (and timers). So obnoxious auto-pops don't happen, but e.g. The Onion's horoscopes still work.
Sumner
egroups isn't dead; it was bought by Yahoo! and it's now groups.yahoo.com -- you can still set up free mailing lists there.
(All Python code, too, as are maps.yahoo.com and mail.yahoo.com)
Sumner
Securityfocus did this sort of study.
I can't find the whole thing, but there's
a summary at linux weekly news, and googling for "days recess security focus microsoft linux" or similar might help (days of recess is a measure of response time).
Sumner
A C++ compiler won't give anything approaching the same results as a C compiler.
Example:
sizeof('a')
is 4 on Intel/C, and 1 on Intel/C++. More generally, it's the same as sizeof(int) in C and it's sizeof(char) in C++.
Example:
char *a = malloc (10);
Should issue a diagnostic in any conforming C++ compiler, requiring a cast of the malloc() return value to (char *) to suppress the warning (which results in a lot of dangerous casts in C++ code that things like lclint will be confused by).
There are tons of such things, which make it nearly impossible to compile any reasonable large C project with a C++ compiler and get correct behavior. And that's assuming that you don't have variables named "new" or your own "bool" type or anything obvious like that.
Sumner
Maintenance and development of a Python web site are both likely to be significantly faster than for the equivalent site written in Java if for no other reason than that the Python code is going to be substantially shorter; less lines to both write and maintain, and they're clear, readable lines (unlike say an awk or poorly-written Perl program).
Also, Java is more of a class oriented language than a truly object-oriented language; Python closer to being a fully object-oriented language (like Smalltalk but unlike, say, C++). Read e.g. the comp.object FAQ and pay attention to things like dynamic inheritance, meta-class programming (which Java supports only in a very limited way; e.g, you can't get the meta-class of a meta-class), and multiple polymorphism.
Heck, functions aren't even objects in Java; you can't keep a vector (or other container) full of functions (or methods). The type-class dichotomy in Python is a bit of a wort (though it's even worse in Java), but there's a unification coming in Python 2.2.
Java is primarily statically typed while Python is primarily dynamically typed; that's the major difference between the two from a programming languages standpoint, and Java vs. Python boils down essentially to the same old Pascal vs. Lisp or Ada vs. Smalltalk debate on that level. Python certainly isn't untyped (unlike, say, tcl or in some ways perl).
Also, the speed argument is pretty bogus in this arena; Python is slower than Java for heavy computation, but it's substantially faster for file and network I/O (areas which are quite important in web site development).
Which is not to say that Java isn't the right tool for some web sites, but Python is an extremely good tool even for large multi-developer web sites where maintenance is an important issue.
Sumner
My wife uses our Mac at home. She clutters her desktop with icons, rarely empties the trash can unless I tell her it's essential
Wow. My wife gets mad at me because I clutter my desktop with papers and rarely empty the trash unless she yells at me to do it.
Sumner
You can use LD_PRELOAD to wrap malloc, assuming they're dynamically linked against libc (almost definitely). If they use GNU libc and don't dynamically link, they're required by the LGPL to distribute object files so you can relink against your own libc.
If you don't have the source, fixing a leak is tough but you can rebuild the garbage-collecting malloc in a redirect mode so their app uses it instead of libc's malloc. Then LD_PRELOAD it. I used to do this with netscape-communicator back when it leaked like mad; worked great, though as I mentioned there is a chance that gcc's optimizations could confuse the gc. In practice it seemed to work okay, for any app where a very rare crash isn't the end of the world (netscape crashed all the time anyway) and where the app is already leaking anyway, it's worth a try.
Sumner
And you hit the escape key with your nose?
The escape key must be positioned more convieniently on the keyboard you use.
Yep. In the same way that Emacs users remap a PC keyboard to make Caps Lock be a CTRL key, I (and other vi users) remap Caps Lock to ESC. Even without that, Ctrl-[ is ESC anyway.
I started with Emacs and switched to vi because it's so much less wear and tear on the wrists and it's faster for me.
Sumner
Monoliths.
Sumner
C compilers may not hide pointers in the generated object code. In our experience, standard commercial compilers obey this restriction in unoptimized code. Most aggressive optimizing compilers do not obey this restriction for all optimized code. For details and examples see papers/pldi96.ps.gz. However, it is difficult to construct examples for which they violate it, especially for single-threaded code. In our experience, the only examples we have found of a failure with the current collector, even in multi-threaded code, were contrived.
However, the gcc developers claim the gcc does in fact violate this constraint. So using Boehm gc with gcc may not be safe in production code. The gcc mailing list has had a couple of threads on how to make gcc garbage-collector friendly in the future (once again, Java is one impetus for this). Until then, I'd stick to manual mm and use the gc only to help find leaks.
Sumner
The Boehm-Weiser garbage-collecting malloc() can be built in a leak-detection mode. Every time an object is leaked, it prints out the address of the memory in question. Do that. Then it's 15 lines of python to correlate that back with the malloc() calls; I wrapped malloc/realloc to print out the line number and filename, e.g.
void *our_malloc(size_t howbig, int line, char * file)
{
void *p;
p=GC_malloc(howbig);
fprintf(stderr, "Line %d of %s/%s(): %p\n", line, file, p);
return p;
}
#define malloc(x) our_malloc(x, __LINE__, __FILE__)
with similar for realloc (and make free do GC_free).
Then run the proggy, redirecting stderr through a simple python script: (leading spaces have been replaced with underscores since slashdot doesn't do PRE)
import sys
a={}
for line in sys.stdin.readlines():
__line=line.strip()
__num=line[line.find("0x"):]
__try:
____num=num[0: num.index(" ")]
__except:
____pass
__if line[1]=="i":
____a[num]=line
__else:
____print "Leaked object: "+a[num]
When I run my program this way I get the following output:
Leaked object: Line 43 of leak_stuff.c/(): 0x806efe0
Leaked object: Line 43 of leak_stuff.c/(): 0x806eff0
Leaked object: Line 55 of leak_stuff.c/(): 0x806dfd8
Which tells me which lines to look for the initial allocations of leaked objects at.
The garbage-collecting malloc is really cool; it's at:
http://www.hpl.hp.com/personal/Hans_Boehm/gc/
for now, but rumor has it that gcc will become the official source for it at some point (it's needed for the Java compiler).
Sumner
If everyone else on the internet suffers from the "Slashdot Effect"
They don't. I used to work with the usage analysis group at a large internet company; we were linked to from the front page of slashdot one day, and out of curiousity decided to measure the slashdot effect. Even in the first hour after the article was posted, less than 5% of our page views were referrals from slashdot (overall traffic was lower than the previous day).
The Slashdot effect only applies to sites that are unable to handle /. levels of traffic; sites that are larger than /. are (basically) unaffected, as are sites that can handle spikey traffic loads.
Sumner
Sumner
No, the infringer has to stop violating the GPL. This could be done be ceasing all distribution of the code in question. The infringer may have to pay penalties for past violations (this may happen even if the infringer now chooses to GPL its code). The infringer is never forced to give up its code under the GPL.
I am not a lawyer. This is not legal advice.
Sumner
Pascal. P-Code. Almost 40 years ago.
"If you're going to bash a language, you really should make it a point to at least learn the language first."
Yes, you are correct about this. Why? Because ODBMS's are currently all non-free. I only work with free software. My point was partially that it would be nice to see such a thing GPLd because then I (and a million others) could learn the concepts, and in the purest vein of free software development, improve it.
There are plenty of free ODBMS's. Nobody uses them because most ODBMS's suck and most applications are written around RDBMS's. Shore (from UW-Madison) is probably the best free one (MIT/X style license, probably GPL-compatible but ask a lawyer) http://www.cs.wisc.edu/shore/. Zodb is also an object database (part of Zope, http://www.zope.org) that with ZEO even does distributed objects.
But ODBMS's are mostly like threads: good in very limited applications, but it's really easy to go overboard and think you have an elegant super-ODBMS design when you're really digging an unmaintainable, nonperformant mess. And for large applications (esp. once you get into the hundreds/thousands of GB+ range) ODBMSs really aren't there (yet?). Like STREAMS, nobody's ever come up with an efficient implementation and it's not because they haven't tried. Might be a clue...
Sumner
There are known DOSes in qmail that have been there for (literally) years with no attempt made to address them. DJB's response is always that DOSes aren't real holes and that it's impossible to be DOS-proof; there's an inkling of merit to that, but a DOS which allows an attacker with a substantially smaller pipe to swamp a server with overwhelming resources _should_ be fixed.
Use exim instead of qmail. Not only does it have no known security holes, but you can actually fix them if you find them.
http://packetstorm.securify.com/9901-exploits/qmai l-DoS-anonymous.txt
has a message from DJB on the subject from January. Excerpt: "Denial-of-service attacks have always been excluded from the qmail security guarantee"
RLX sells 3u machines that have 24 independent blades in them (Crusoe, 1/2 to 1 gig RAM, 2 laptop drives). That's 8 machines per 1U.
But google uses Rackable setups, 2 machines/1U. Their cage is right across the aisle from ours in VA, and man is it pretty.
Sumner
Try this.
from sys import*;from string import*;a=argv;[s,p,q]=filter(lambda x:x[:1]!=
'-',a);d='-d'in a;e,n=atol(p,16),atol(q,16);l=(len(q)+1)/2;o,inb=
while s:s=stdin.read(inb);s and map(stdout.write,map(lambda i,b=pow(reduce(
lambda x,y:(x>8*i&255),range(o-1,-1,-1)))
It's Andrew Kutchlings, from http://www.cypherspace.org/~adam/rsa/python.html
Sumner
VA can call itself whatever it wants to, but under the US Constitution it's a state--and the Constitution is the supreme law of the land, accepted by VA over 250 years ago.
And the link you gave was to www.STATE.va.us...
Sumner