Each of the two projects has its unique qualities and advantages over the other. But there has been a tremendous exchange of ideas and concepts between the two projects that has benefitted both of them. This is one of the side effects of OpenSource competition; as opposed to commercial competition, which promotes individual activity.
Let me tell you which one is superior, of kde and gnome. They BOTH are! Initially I was just as unhappy with gnome as with kde (that was a couple of years ago), and now I can see both projects grew and both are successful.
BTW, obviously you're not an active memeber of either community.
I think that elecronic eavesdropping is used to obtain information about data while inside a machine. Imagine two computers using an ethernet connection to transmit encrypted data between them. While tapping on the ethernet connection will get you nowhere, peeping at what one computer is doing or what it holds in its RAM might help a lot deal.
I know intelligence services claim they own the technology to do just that.
So, it's not a matter of connection, it's a matter of electromagnetic shielding.
Hope this situation gets fixed. And I hope this was an accient merely. If it isn't, then we're facing a problem.
The community cannot possibly get any respect from the world if it's members do not respect plain simple licences. We need to obey other people's licencing habbits.
Oh, thx! Finally somebody telling the whole story right... I grew tired of telling people that it's not the lack of user base that makes Linux less susceptible to viruses. Everybody seems to think that viruses are something inevitable for any OS or platform and nobody seems to care that if they stop using that damn Outlook those documents will not end up being emailed to their contacts:(
My point exactly:)
No, you are right, the fact that Abi is very light can be a good thing. However it lacks some quite basic things - like tables. I've heard debates that tables are not essential to word processors and my personal tastes encourage me to disagree with that opinion.
I am very fond of the Gnome approach to divide the office problem as opposed to (ex StarDivison's) Sun's and KDE's monolithic solutions. Good choice, IMHO. Good implementation too (Abi).
PS: I've just crashed my Win version of Abi:) No comment, I will not begin to debate about stability until I see the Linux version crashing hard:)
My limited experience with AbiWord was a bit frustrating, a few releases ago. Not because it's slow or bloated or unstable -- it isn't, but it seemed quite feature poor. StarOffice and KOffice are much richer that Abi (or at least were...) and you cannot possibly compare MS Office with Abi, can you.
However Abi seemed very light and it requires very few resources to run and I am sure that if work continues it will be the no 1 choise for many.
You still haven't answered any of the questions I had asked. There may be a problem with "definite blanket statements" I "have no basis for certainty on" (for which I had stated my basis of probability actually) which are "demonstrably false" (which you haven't yet proved at all), but I had not made any definite statements either.
About the verifier -- I know what the verifier DOES, but I can't see how it is part of the architecture at all, rather I can see how it's a piece of environment restriction. Never mind, you ought to read my post again and you should see my questions crystal clear. The Java machine is NOT more security-aware (or class-aware for that matter, BTW) than any other machine. The code loader and some of the basic libraries that are provided give it more security. Then WHY do people say that JVM is more secure and better implemented than any other real or virtual machine?!
Then again, never mind, I don't think any of the Java gurus are gonna give me any answers -- their time and knowledge seem too important to be shared (cynicism intended).
Ok, first of all thx for the link you have provided. It has proven useful and I have found a lot of answers there.
Apart from that I cannot be very happy with the tone of your answer. I can understand your frustration, and I am sorry I am not as aware about the subj as you would expect, but every man/woman has to choose his/her areas of interest.
My supposition that classes are abstract high level entities is based on my knowledge of computer architecture wich is not as scarce as my knowledge of the SPECIFIC architecture named JVM. I never said that I don't know anything about JVM, I just said that my knowledge does not excel in this particular area. I never had the opportunity (and admittedly neither the inclination) to study any specs or docs about Java (the machine).
Further on, may I point out my finings resulting from the reading of these specifications.
I have specifically looked for security mechanisms within the specifications and I have found the following:
[Introduction]
For the sake of security, the Java Virtual Machine imposes strong format and structural constraints on the code in a class file.
More precisely:
[Java Concepts]
The class RuntimeException is a subclass of class Exception. The subclasses of RuntimeException are unchecked exception classes. Package java.lang defines the following standard unchecked runtime exceptions:
......
SecurityException: A security violation was detected.
[Structure of the Java Virtual Machine]
These restrictions on operand stack manipulation are enforced, in the Sun implementation, by the class file verifier
May I point that these seem to be the only references to security mechanisms within the specifications (which I take to be the official ones) for the JVM.
Now, as I understand,.class files are bytecode containers. The more specific javalang.class has no role in defining the machine architecture rather it seems it helps define a special enviroment (how could bytecode contribute to defining the machine it is supposed to run on? does the Linux segfault code contribute to i386 architecture?). In this particular case - a secure enviroment. If these observations are correct then the logical conclusion is that security exceptions are a feature of the enviroment rather than the machine. The same stands true for any security-aware OS.
The class file verifier -- now this is something more abstract and I find it difficult to understand the verifier's place in the whole mechanism. We know the verifier is run during the loading process. Code loding for any physical machine is done via internal code specific to that machine. For any virtual machine the loading code can be external -- specific to the host machine/enviroment -- or internal as well. Whatever the case -- it seems to me that the verifier is not part of the Java architecture but part of the enviroment, be it the one specific to the machine or to the host. One could easily imagine OSes fitted with various sorts of code verifiers in their code loaders -- similar to what I have deducted Java is doing.
Now, I restate that my knowledge of Java is only scarce and these are first hand observations of a spec I have just encountered these days. Thx for the observation anonymous has kindly provided, but please understand that I am not trying to be cynical rather I am trying to see the bits I am missing from the whole picture.
First of all I admit that anything I may say or might have said can be erronous -- I never got too close to this Java thing. But I will ask you to explain me some of your assertions.
"Secure VM defines bytecodes and object operations in a way that it can easily verify"
How is that? Do you mean that the Java processor defines concepts like "object"? As in "member of a class"? I'm quite sure that classes are high-level language abstract concepts that have nothing to do with the processor architecture. If what you are trying to say is that pointer operations can be easily be verified in a secure machine -- again I must ask you how is that different from the common page segmentations we see in all modern 32-bit and 64-bit processors?
"...you have to design VM similar to modern OS: trusted kernel + untrusted isolated user process"
So, I understand that architectures like i386, sparc, etc are not considered "secure" machines. Is that right? If this is the case and if the security of a machine as defined by the Java folks is so important, then why don't we see any "secure" physical machines?
Then again, I restate that my knowledge of Java is quite scarce. But the JVM does not run any sort of OS to control parallel processes and stuff. You cannot run multiple processes on the same JVM. Can you? If you cannot have multiple processes, then why bother about security at all?
Finally, you are stating that the security JVM provides is substituted in modern OSes via kernel restrictions as opposed to hardware architecture restrictions. So, is the Java security issue a matter of "software" restriction via "hardware" restriction? If I build myself a Java processor and run some application on it -- am I more "secure" than if I ported the app to Linux/C++ and ran it on my i386/Linux box? If these two setups are similar in terms of security then what's the point? We all are running secure OSes, aren't we.
Oh God, you are soo wrong... How come you say "inherent design decisions in the way C programs work inhibit" security? Is not the "security" factor a thing that depends on the virtual machine itself rather than programming language? Do you really think that a badly implemented Java machine isn't a threat to security?
Let's face it, the Java language is ONE thing, the Java virtual machine is ANOTHER thing! The fact that they share the same name is a historical incident. One could very well be programming assebley for the JVM as well as C as long as there is an assembler/C-compiler for this JVM.
You keep talking here about the advantages of Java over C and C++ but you really don't seem to get the point: JVM is NOT a programming language! The IVM is NOT a replacement for Java but for JVM. The aspects of Java virsus C and/or C++ is something different and the so-called "security" issues of Java seem irrelevant for the JVM actually.
to break US laws. One may be a criminal and never even know it.
Should I tkink twice before steeping on that plane to Chicago? Who knows what strange thing (maybe even this/. post) I have done that makes me convictable under US law...
What if, as a response to the Sklyarov case, Moscow made a law that put Bill Gates and the whole Microsoft outsite legality? Like, make it illegal to sell software for money unless assuming responsability for that software's stability (see the MS Windows EULA)
Then, charge Bill Gates for violating this law and declare him and any other MS representative persona non grata on Russian land?
Now, beside the mere fact that nobody could politically afford such a thing (imagine the falldown in diplomatic relations this would imply), I also fear that nobody in Russia really cares about this whole case. I have read somewhere that the government has banned some demonstrations in support of Dimitry Sklyarov... but again I may be wrong (seen a lot of news about "general Ivan Sklyarov" and more than once confused those to be related to Dimitry's case:))
Back to the topic; can anyone living in Russia tell us what kinds of reactions does the population or the authorities have?
I have seen a lot of talk lately about SMP boards for Athlon. Yet I haven't seen such a board anywhere yet (Epox hasn't got any SMP's for athlon, just the old PII/PIII boards).
SMP is a great advantage for a production server. I have tested Linux on some Athlon computers and it's very fast and stable. Add some SMP to that and you get an incredible amount of computing power.:)
So, when are we going to see SMP for Athlon, guys?
Basically I am stating that making a machine aware of ANY enviroment is a huge achievement. I think that if you can make Hal sense the ASCII charset then making him "see" our world via a videocamera or "hear" it via a set of microphones isn't that hard. It will require more computing power, obviously, but that's why I think starting with a simplified interaction model is such a good idea.
I think that, once you get to this kind of questions, you have to redefine terms like "world", or "interaction", or "meaning":)
Don't you think that Hal's world could be just as "real" as ours? Of course he interacts with objects -- we were just told that he can interact with a console and has the ability to distinguish between 128 different objects (7-bit ASCII).
This leads me to another question; how much human neural capacity is spent on sensorial and motion interaction and how many neurons do we actually use for abstract thinking? Doesn't a simplified interaction model of an intelligent being reqire less neural capacity than the average human? If so, mabe the neural net approach isn't that hazardous.
And I thought others had freedom of speech restrictions...
Maybe I should not say this, but all these "revelations" I've had since I've joined Slashdot make me think twice before conisdering a trip to the US.
BTW, don't YOU guys fear that all these will ultimately affect Slashdot itself? I mean - it goes without saying - BigBrother must be reading this forum, right?
Slashdot Mirror
He is not in any business, except the one called "Life".
yeah right but KDE is more enchanced. :-)
Each of the two projects has its unique qualities and advantages over the other. But there has been a tremendous exchange of ideas and concepts between the two projects that has benefitted both of them. This is one of the side effects of OpenSource competition; as opposed to commercial competition, which promotes individual activity.
Good one, troll...
Let me tell you which one is superior, of kde and gnome. They BOTH are! Initially I was just as unhappy with gnome as with kde (that was a couple of years ago), and now I can see both projects grew and both are successful.
BTW, obviously you're not an active memeber of either community.
georgebI think that elecronic eavesdropping is used to obtain information about data while inside a machine. Imagine two computers using an ethernet connection to transmit encrypted data between them. While tapping on the ethernet connection will get you nowhere, peeping at what one computer is doing or what it holds in its RAM might help a lot deal.
I know intelligence services claim they own the technology to do just that.
So, it's not a matter of connection, it's a matter of electromagnetic shielding.
Hope this situation gets fixed. And I hope this was an accient merely. If it isn't, then we're facing a problem.
The community cannot possibly get any respect from the world if it's members do not respect plain simple licences. We need to obey other people's licencing habbits.
Oh, thx! Finally somebody telling the whole story right... I grew tired of telling people that it's not the lack of user base that makes Linux less susceptible to viruses. Everybody seems to think that viruses are something inevitable for any OS or platform and nobody seems to care that if they stop using that damn Outlook those documents will not end up being emailed to their contacts :(
My point exactly :)
:) No comment, I will not begin to debate about stability until I see the Linux version crashing hard :)
No, you are right, the fact that Abi is very light can be a good thing. However it lacks some quite basic things - like tables. I've heard debates that tables are not essential to word processors and my personal tastes encourage me to disagree with that opinion.
I am very fond of the Gnome approach to divide the office problem as opposed to (ex StarDivison's) Sun's and KDE's monolithic solutions. Good choice, IMHO. Good implementation too (Abi).
PS: I've just crashed my Win version of Abi
My limited experience with AbiWord was a bit frustrating, a few releases ago. Not because it's slow or bloated or unstable -- it isn't, but it seemed quite feature poor. StarOffice and KOffice are much richer that Abi (or at least were...) and you cannot possibly compare MS Office with Abi, can you.
However Abi seemed very light and it requires very few resources to run and I am sure that if work continues it will be the no 1 choise for many.
You still haven't answered any of the questions I had asked. There may be a problem with "definite blanket statements" I "have no basis for certainty on" (for which I had stated my basis of probability actually) which are "demonstrably false" (which you haven't yet proved at all), but I had not made any definite statements either.
About the verifier -- I know what the verifier DOES, but I can't see how it is part of the architecture at all, rather I can see how it's a piece of environment restriction. Never mind, you ought to read my post again and you should see my questions crystal clear. The Java machine is NOT more security-aware (or class-aware for that matter, BTW) than any other machine. The code loader and some of the basic libraries that are provided give it more security. Then WHY do people say that JVM is more secure and better implemented than any other real or virtual machine?!
Then again, never mind, I don't think any of the Java gurus are gonna give me any answers -- their time and knowledge seem too important to be shared (cynicism intended).
georgeb
Apart from that I cannot be very happy with the tone of your answer. I can understand your frustration, and I am sorry I am not as aware about the subj as you would expect, but every man/woman has to choose his/her areas of interest. My supposition that classes are abstract high level entities is based on my knowledge of computer architecture wich is not as scarce as my knowledge of the SPECIFIC architecture named JVM. I never said that I don't know anything about JVM, I just said that my knowledge does not excel in this particular area. I never had the opportunity (and admittedly neither the inclination) to study any specs or docs about Java (the machine).
Further on, may I point out my finings resulting from the reading of these specifications.
I have specifically looked for security mechanisms within the specifications and I have found the following:
[Introduction]
For the sake of security, the Java Virtual Machine imposes strong format and structural constraints on the code in a class file.
More precisely:
[Java Concepts]
The class RuntimeException is a subclass of class Exception. The subclasses of RuntimeException are unchecked exception classes. Package java.lang defines the following standard unchecked runtime exceptions:
[Structure of the Java Virtual Machine]
These restrictions on operand stack manipulation are enforced, in the Sun implementation, by the class file verifier
May I point that these seem to be the only references to security mechanisms within the specifications (which I take to be the official ones) for the JVM.
Now, as I understand,
The class file verifier -- now this is something more abstract and I find it difficult to understand the verifier's place in the whole mechanism. We know the verifier is run during the loading process. Code loding for any physical machine is done via internal code specific to that machine. For any virtual machine the loading code can be external -- specific to the host machine/enviroment -- or internal as well. Whatever the case -- it seems to me that the verifier is not part of the Java architecture but part of the enviroment, be it the one specific to the machine or to the host. One could easily imagine OSes fitted with various sorts of code verifiers in their code loaders -- similar to what I have deducted Java is doing.
Now, I restate that my knowledge of Java is only scarce and these are first hand observations of a spec I have just encountered these days. Thx for the observation anonymous has kindly provided, but please understand that I am not trying to be cynical rather I am trying to see the bits I am missing from the whole picture.
First of all I admit that anything I may say or might have said can be erronous -- I never got too close to this Java thing. But I will ask you to explain me some of your assertions.
"Secure VM defines bytecodes and object operations in a way that it can easily verify"
How is that? Do you mean that the Java processor defines concepts like "object"? As in "member of a class"? I'm quite sure that classes are high-level language abstract concepts that have nothing to do with the processor architecture. If what you are trying to say is that pointer operations can be easily be verified in a secure machine -- again I must ask you how is that different from the common page segmentations we see in all modern 32-bit and 64-bit processors?
"...you have to design VM similar to modern OS: trusted kernel + untrusted isolated user process"
So, I understand that architectures like i386, sparc, etc are not considered "secure" machines. Is that right? If this is the case and if the security of a machine as defined by the Java folks is so important, then why don't we see any "secure" physical machines?
Then again, I restate that my knowledge of Java is quite scarce. But the JVM does not run any sort of OS to control parallel processes and stuff. You cannot run multiple processes on the same JVM. Can you? If you cannot have multiple processes, then why bother about security at all?
Finally, you are stating that the security JVM provides is substituted in modern OSes via kernel restrictions as opposed to hardware architecture restrictions. So, is the Java security issue a matter of "software" restriction via "hardware" restriction? If I build myself a Java processor and run some application on it -- am I more "secure" than if I ported the app to Linux/C++ and ran it on my i386/Linux box? If these two setups are similar in terms of security then what's the point? We all are running secure OSes, aren't we.
Oh God, you are soo wrong... How come you say "inherent design decisions in the way C programs work inhibit" security? Is not the "security" factor a thing that depends on the virtual machine itself rather than programming language? Do you really think that a badly implemented Java machine isn't a threat to security?
Let's face it, the Java language is ONE thing, the Java virtual machine is ANOTHER thing! The fact that they share the same name is a historical incident. One could very well be programming assebley for the JVM as well as C as long as there is an assembler/C-compiler for this JVM.
You keep talking here about the advantages of Java over C and C++ but you really don't seem to get the point: JVM is NOT a programming language! The IVM is NOT a replacement for Java but for JVM. The aspects of Java virsus C and/or C++ is something different and the so-called "security" issues of Java seem irrelevant for the JVM actually.
"Is adult entertainment killing our children - or is killing our children entertaining adults?" -- Marilyn Manson
to break US laws. One may be a criminal and never even know it.
Should I tkink twice before steeping on that plane to Chicago? Who knows what strange thing (maybe even this /. post) I have done that makes me convictable under US law...
What if, as a response to the Sklyarov case, Moscow made a law that put Bill Gates and the whole Microsoft outsite legality? Like, make it illegal to sell software for money unless assuming responsability for that software's stability (see the MS Windows EULA)
Then, charge Bill Gates for violating this law and declare him and any other MS representative persona non grata on Russian land?
Now, beside the mere fact that nobody could politically afford such a thing (imagine the falldown in diplomatic relations this would imply), I also fear that nobody in Russia really cares about this whole case. I have read somewhere that the government has banned some demonstrations in support of Dimitry Sklyarov... but again I may be wrong (seen a lot of news about "general Ivan Sklyarov" and more than once confused those to be related to Dimitry's case :))
Back to the topic; can anyone living in Russia tell us what kinds of reactions does the population or the authorities have?
I have seen a lot of talk lately about SMP boards for Athlon. Yet I haven't seen such a board anywhere yet (Epox hasn't got any SMP's for athlon, just the old PII/PIII boards).
SMP is a great advantage for a production server. I have tested Linux on some Athlon computers and it's very fast and stable. Add some SMP to that and you get an incredible amount of computing power. :)
So, when are we going to see SMP for Athlon, guys?
Basically I am stating that making a machine aware of ANY enviroment is a huge achievement. I think that if you can make Hal sense the ASCII charset then making him "see" our world via a videocamera or "hear" it via a set of microphones isn't that hard. It will require more computing power, obviously, but that's why I think starting with a simplified interaction model is such a good idea.
I think that, once you get to this kind of questions, you have to redefine terms like "world", or "interaction", or "meaning" :)
Don't you think that Hal's world could be just as "real" as ours? Of course he interacts with objects -- we were just told that he can interact with a console and has the ability to distinguish between 128 different objects (7-bit ASCII).
This leads me to another question; how much human neural capacity is spent on sensorial and motion interaction and how many neurons do we actually use for abstract thinking? Doesn't a simplified interaction model of an intelligent being reqire less neural capacity than the average human? If so, mabe the neural net approach isn't that hazardous.
And I thought others had freedom of speech restrictions...
Maybe I should not say this, but all these "revelations" I've had since I've joined Slashdot make me think twice before conisdering a trip to the US.
BTW, don't YOU guys fear that all these will ultimately affect Slashdot itself? I mean - it goes without saying - BigBrother must be reading this forum, right?
georgeb