I have found that a class with sensible default values and a lot of methods is simpler/better than a system of say 5 classes that interact with one another. There are so many potential interactions, the system can be orders of magnitude more complex to use/understand in such a case. That is what I found with some of the Swing classes. In that sense, getting too cute with the design patterns breaks encapsulation, because I need to understand how all the parts of the system interact, instead of having one interface to the system.
Thing is, so many of the java libraries strike such a good balance between usability and functionality, and are so well encapsulated (in the sense that one does not have to know about, say, Vector resizing to use a Vector, though it can be helpful to know about it). I found Swing to be deficient in that area. As if the designer was showing off and wanted everyone to savor the sophistication of the design patterns used.
Design patterns aren't bad. They're good, but only when used to a purpose and not for their own sake. The best APIs I have seen seem like the developers asked themselves each day 'fine, but what can I remove?' In other words, they employed the universal principle of good design: economy of means.
Agreed on Swing and AWT not being low-level(actually I like AWT). I would hope that someone designing a windowing system would want to provide an elegant API which is where I wanted to make the comparison.
I found Swing to have way too many pretty design patterns. In some cases, inheritance hierarchies are used where simple get/sets would have worked as well.
Performance wasn't really a problem, it was just difficult to manage the project. I had to learn everything about the classes I wanted to use and the classes THEY were using to be able to do the customizations I needed (mostly to JTables). This sounds like laziness, but it is not; in other areas under java I have found I can use what I need out of a system without further ado. I found myself reaching the 5-9 items in short-term memory barrier when I needed to understand the class, two or three parents up in the inheritance hierarchy, and then more service classes with their inheritance hierarchies, this just to manage something like changing the color of a table cell or making it editable. I cannot stress enough how important encapsulation is to object oriented systems. IMHO Swing is not properly encapsulated; they chose getting cute with the design patterns over encapsulation.
I would bet the threading lack is due to the cross-platform requirements (I recall some interesting peculiarities with threading under Solaris a while back). They maybe should have bitten the bullet and made some platform-specific extensions. They would have, if java were a platform on its own and not a weapon in the Sun-Microsoft war.. Then again, on its own java would probably be dead by now, since nobody is making money from it directly.
Let's see..
"Although J2EE is designed specifically to run on any platform, given the nature of running under a VM, realistically Unix (or Linux) became the main target. "
Huh? after whining about VB not getting respect for running under a VM?
"alternative means of producing software for the software-starved and innovation stagnant Unix platforms. "
Nice. No need to comment.
"So Java is a new revolutionary language? Errrm, well, NO! Those with a C/C++/BCPL or whatever background find it all VERY familiar"
Totally missing the point that the familiarity is intentional, and the libraries and runtime are key elements in Java's usability and widespread adoption. Focus only on the language and those things go away.
"Many of the Nintendo-playing, JVM-weaned Java-kiddies passionately shout about the evil Microsoft empire, joined by the die-hard Unix guys who are still bitter about the mass-market juggernaut of the Microsoft technologies. "
Nice derisive stuff, illustrating the formidable bias of the author. Note the subtle smear along the lines of "java is a toy language". Reminds me of 1996!
"So many of us are very excited about the.Net. This is probably the next big crusade"
Again, no comment needed.
Typical stuff. Microsoft has an army of resellers and service vendors who will spew this stuff as long as anyone will listen.
Also Swing (in java) and Win32 from MSFT for what NOT to do, heh..
Actually MFC fits there too ('we determined simple inheritance was too straightforward and our implementation was inefficient so you can run these gawdawful preprocessor macros to interface with the message-passing system...)
My point is just, if you do not design with a sandboxed environment in mind from the ground up, you will see a lot of possible points of failure like this.
But you're right, this exploit is not a show-stopping security hole.
"Normally.NET files do not have any platform dependent code, but a small 5 byte stub. This stub executes the mscoree.dll _CorExeMain() function and thus the.NET MISL (intermediate language) gets control if the.NET framework is installed."
"The virus infects.NET executables by attacking the 5 byte jump to the _CorExeMain() function. It replaces this jump, with another one to point into the last section of the executable, it overwrites its.reloc section with itself and nullifies the relocation directory."
Interesting. I predict we will be seeing many, many attacks on.NET somewhat similar to this, since Microsoft kept function pointers (which are unverifiable) in the mix. Good for the checkbox battles, but fatal for security.
Most collectives fail because they become oligarchies. This experiment neatly sidesteps the issue with clever experimental design. I would bet that if you re-ran the experiment but allowed:
(1) individuals to tranfer resources to each other and
(2) communication between the participants and
(3) ran repeated trials, say 10 trials with each test group,
you would wind up with something more akin to what we see in the real world with collectives.
While I agree that the FBI's argument is weak in that respect, it looks to me like the decision is fairly narrow in scope, though IANAL.
If you look in the ruling, you will find this at the beginning:
"The Court shall briefly recite the facts and procedural history of the case. Acting pursuant to federal search warrants, the F.B.I. on January 15, 1999, entered Scarfo and Paolercio's business office, Merchant Services of Essex County, to search for evidence of an illegal gambling and loansharking operation. During their search of Merchant Services, the F.B.I. came across a personal computer and attempted to access its various files. They were unable to gain entry to an encrypted file named "Factors."
Suspecting the "Factors" file contained evidence of an illegal gambling and loansharking operation, the F.B.I. returned to the location and, pursuant to two search warrants, installed what is known as a "Key Logger System" ("KLS") on the computer "
Now, it looks from this as if the police asked for the right to install a sniffer to get the password for a specific encrypted file sitting on the filesystem they had gained access to in pursuing a legitimate search warrant.
I would say this is more closely analogous to getting the key to a locked file cabinet than to monitoring communications. As such, I would agree, the wiretap statute shouldn't apply.
The convenience store is a private establishment. They have the right to secure it as they see fit, within established legal limits of course.
Face scanning as performed by the police then differs in two ways:
(1) It is being performed by public servants.
(2) It is potentially done in any public spaces.
If you don't want to be on a store security camera, don't go to the store. If you don't want to be in the police face-scan database, don't ever go out of your house.
"A related idea is to attribute the current financial pressures on Social Security to a supposed dramatic increase in life expectancy in recent years. Since average life expectancy at birth is now about 76, this is interpreted as implying that people collect benefits for 14 to18 years longer than they used to. However, as Table 1 indicates, the average life expectancy at age 65 (i.e., the number of years a person could be expected to receive unreduced Social Security retirement benefits) has only increased a modest 5 years (on average) since 1940. So, for example, men attaining 65 in 1990 can expect to live for 15.3 years compared to 12.7 years for men attaining 65 back in 1940. So the actual increase in time that males can anticipate receiving Social Security is closer to 3 years than to 14."
"Federal law prohibits the copying of certain documents. In cooperation with various government agency requests to discourage unauthorized copying, the DocuColor Series incorporates a Counterfeit Deterrent Marking System. This system encodes each copy, so that the source copier can be identified if necessary. This code is not visible under normal viewing conditions."
I'm only telling em to beware viruses and trojans.
That said, I've found some good programs totally unavailable elsewhere on these abandonware sites. I have obtained programs which I bought commercially 10 years ago in this way (System Shock 1 and Darklands). There was no other availability. Personally, I don't give a rat's ass about getting permission; that's for schoolkids.
You may want to look around on the Web for 'abandonware' sites, which make such programs available (sometimes without the proper permissions). Simply searching google for the keyword 'abandonware' with the title of the game in question should get you somewhere. The line is pretty blurry between abandonware and warez sometimes though, beware.
There are a couple of books I read a while ago that contributed most to my understanding what the big gains were from OO programming:
Object Oriented Software Construction by Bertand Meyer - don't be put off by examples in Eiffel, this book very thoroughly runs down all the standard OO features and demonstrates/explains why the features are useful. Personally I don't know a lick of Eiffel and have no intention of ever learning it, but found it very easy to follow the examples and map them to my language of choice.
Design Patterns by Gamma et al - This book simply runs through a lot of problems and demonstrates at a nice high level how one might use OO design to solve the problems in elegant ways.
If you read these 2 books, you should 'get' OO programming, and understand where you will and will not reap benefits in using OO techniques.
This isn't even pre-alpha. That's it. I need to cobble together a ragtag gang of laid-off dotcom friends and start a security software company. Let's see...
Polygraphs? No, that's been completely discredited, except for small-town police and EDS pre-employment screenings.
I know.. Phrenology!
'Excuse me, Mr. Jones, to get on this plane, you will need to insert your head into this grey metal box. No, it won't hurt, it's just a measuring machine.
The headline should have been 'Microsoft salesforce instructed to target Linux.' That's more to the point.
What they propose to do isn't illegal, but it is somewhat sleazy. The worst case scenario I can see is: people getting fired because they have 'unauthorized' linux boxes on the network at work which are ferreted out by MS sales reps or an audit conducted at their behest.
As to the veracity of the leak, hard to say, but there is generally confirmation one way or the other after some time. The first e-mail from the guy was pretty embarrasing, so I would see why he would be paranoid about further leaks.. Of course, the first one could have been a hoax too..
You admit 'adaptation based on traits that make the species more hearty, that is scientific and observable.' That's excellent.
However, there's no bright line between this kind of change and 'origin of species'. Occam's razor demands that one not create one. It's 'the only game in town' in the sense that it is the only explanation that fits the facts and does not introduce invisible superheros into the equation.
If we are allowed to introduce superheros, we can come up with an infinity of possible explanations.
Slashdot Mirror
Thing is, so many of the java libraries strike such a good balance between usability and functionality, and are so well encapsulated (in the sense that one does not have to know about, say, Vector resizing to use a Vector, though it can be helpful to know about it). I found Swing to be deficient in that area. As if the designer was showing off and wanted everyone to savor the sophistication of the design patterns used.
Design patterns aren't bad. They're good, but only when used to a purpose and not for their own sake. The best APIs I have seen seem like the developers asked themselves each day 'fine, but what can I remove?' In other words, they employed the universal principle of good design: economy of means.
I found Swing to have way too many pretty design patterns. In some cases, inheritance hierarchies are used where simple get/sets would have worked as well.
Performance wasn't really a problem, it was just difficult to manage the project. I had to learn everything about the classes I wanted to use and the classes THEY were using to be able to do the customizations I needed (mostly to JTables). This sounds like laziness, but it is not; in other areas under java I have found I can use what I need out of a system without further ado. I found myself reaching the 5-9 items in short-term memory barrier when I needed to understand the class, two or three parents up in the inheritance hierarchy, and then more service classes with their inheritance hierarchies, this just to manage something like changing the color of a table cell or making it editable. I cannot stress enough how important encapsulation is to object oriented systems. IMHO Swing is not properly encapsulated; they chose getting cute with the design patterns over encapsulation.
I would bet the threading lack is due to the cross-platform requirements (I recall some interesting peculiarities with threading under Solaris a while back). They maybe should have bitten the bullet and made some platform-specific extensions. They would have, if java were a platform on its own and not a weapon in the Sun-Microsoft war.. Then again, on its own java would probably be dead by now, since nobody is making money from it directly.
Let's see.. .Net. This is probably the next big crusade"
"Although J2EE is designed specifically to run on any platform, given the nature of running under a VM, realistically Unix (or Linux) became the main target. "
Huh? after whining about VB not getting respect for running under a VM?
"alternative means of producing software for the software-starved and innovation stagnant Unix platforms. "
Nice. No need to comment.
"So Java is a new revolutionary language? Errrm, well, NO! Those with a C/C++/BCPL or whatever background find it all VERY familiar"
Totally missing the point that the familiarity is intentional, and the libraries and runtime are key elements in Java's usability and widespread adoption. Focus only on the language and those things go away.
"Many of the Nintendo-playing, JVM-weaned Java-kiddies passionately shout about the evil Microsoft empire, joined by the die-hard Unix guys who are still bitter about the mass-market juggernaut of the Microsoft technologies. "
Nice derisive stuff, illustrating the formidable bias of the author. Note the subtle smear along the lines of "java is a toy language". Reminds me of 1996!
"So many of us are very excited about the
Again, no comment needed.
Typical stuff. Microsoft has an army of resellers and service vendors who will spew this stuff as long as anyone will listen.
Also Swing (in java) and Win32 from MSFT for what NOT to do, heh.. Actually MFC fits there too ('we determined simple inheritance was too straightforward and our implementation was inefficient so you can run these gawdawful preprocessor macros to interface with the message-passing system...)
My point is just, if you do not design with a sandboxed environment in mind from the ground up, you will see a lot of possible points of failure like this.
But you're right, this exploit is not a show-stopping security hole.
"Normally .NET files do not have any platform dependent code, but a small 5 byte stub. This stub executes the mscoree.dll _CorExeMain() function and thus the .NET MISL (intermediate language) gets control if the .NET framework is installed."
"The virus infects .NET executables by attacking the 5 byte jump to the _CorExeMain() function. It replaces this jump, with another one to point into the last section of the executable, it overwrites its .reloc section with itself and nullifies the relocation directory."
Interesting. I predict we will be seeing many, many attacks on .NET somewhat similar to this, since Microsoft kept function pointers (which are unverifiable) in the mix. Good for the checkbox battles, but fatal for security.
Most collectives fail because they become oligarchies. This experiment neatly sidesteps the issue with clever experimental design. I would bet that if you re-ran the experiment but allowed:
(1) individuals to tranfer resources to each other and
(2) communication between the participants and
(3) ran repeated trials, say 10 trials with each test group,
you would wind up with something more akin to what we see in the real world with collectives.
If you look in the ruling, you will find this at the beginning:
"The Court shall briefly recite the facts and procedural history of the case. Acting pursuant to federal search warrants, the F.B.I. on January 15, 1999, entered Scarfo and Paolercio's business office, Merchant Services of Essex County, to search for evidence of an illegal gambling and loansharking operation. During their search of Merchant Services, the F.B.I. came across a personal computer and attempted to access its various files. They were unable to gain entry to an encrypted file named "Factors." Suspecting the "Factors" file contained evidence of an illegal gambling and loansharking operation, the F.B.I. returned to the location and, pursuant to two search warrants, installed what is known as a "Key Logger System" ("KLS") on the computer "
Now, it looks from this as if the police asked for the right to install a sniffer to get the password for a specific encrypted file sitting on the filesystem they had gained access to in pursuing a legitimate search warrant.
I would say this is more closely analogous to getting the key to a locked file cabinet than to monitoring communications. As such, I would agree, the wiretap statute shouldn't apply.
I read it, it wasn't very clear on the legal difference between warrant and wiretap order. Thanks for the clarification.
As long as law enforcement has to get a warrant, I don't really have a problem with this..
Face scanning as performed by the police then differs in two ways: (1) It is being performed by public servants. (2) It is potentially done in any public spaces.
If you don't want to be on a store security camera, don't go to the store. If you don't want to be in the police face-scan database, don't ever go out of your house.
See the difference?
I am under no obligation to accept that as right and good.
Try to mess with my liberty, you're my enemy.
"A related idea is to attribute the current financial pressures on Social Security to a supposed dramatic increase in life expectancy in recent years. Since average life expectancy at birth is now about 76, this is interpreted as implying that people collect benefits for 14 to18 years longer than they used to. However, as Table 1 indicates, the average life expectancy at age 65 (i.e., the number of years a person could be expected to receive unreduced Social Security retirement benefits) has only increased a modest 5 years (on average) since 1940. So, for example, men attaining 65 in 1990 can expect to live for 15.3 years compared to 12.7 years for men attaining 65 back in 1940. So the actual increase in time that males can anticipate receiving Social Security is closer to 3 years than to 14."
Extracted from this link.
You can find it in the spec for lots of copiers by searching the web for Counterfeit Deterrent Marking System.
Check here then.
Moderate UP! I've seen about 10 posts asking for this info!
Valid return address is huge. It allows spammees to compain to their ISP and to the sender's ISP and to anti-fraud enforcement in government.
I'm only telling em to beware viruses and trojans. That said, I've found some good programs totally unavailable elsewhere on these abandonware sites. I have obtained programs which I bought commercially 10 years ago in this way (System Shock 1 and Darklands). There was no other availability. Personally, I don't give a rat's ass about getting permission; that's for schoolkids.
You may want to look around on the Web for 'abandonware' sites, which make such programs available (sometimes without the proper permissions). Simply searching google for the keyword 'abandonware' with the title of the game in question should get you somewhere. The line is pretty blurry between abandonware and warez sometimes though, beware.
Object Oriented Software Construction by Bertand Meyer - don't be put off by examples in Eiffel, this book very thoroughly runs down all the standard OO features and demonstrates/explains why the features are useful. Personally I don't know a lick of Eiffel and have no intention of ever learning it, but found it very easy to follow the examples and map them to my language of choice.
Design Patterns by Gamma et al - This book simply runs through a lot of problems and demonstrates at a nice high level how one might use OO design to solve the problems in elegant ways.
If you read these 2 books, you should 'get' OO programming, and understand where you will and will not reap benefits in using OO techniques.
This isn't even pre-alpha. That's it. I need to cobble together a ragtag gang of laid-off dotcom friends and start a security software company. Let's see...
Polygraphs? No, that's been completely discredited, except for small-town police and EDS pre-employment screenings.
I know.. Phrenology!
'Excuse me, Mr. Jones, to get on this plane, you will need to insert your head into this grey metal box. No, it won't hurt, it's just a measuring machine.
On the impact of seemingly acceptable success rates on large-scale systems here
What they propose to do isn't illegal, but it is somewhat sleazy. The worst case scenario I can see is: people getting fired because they have 'unauthorized' linux boxes on the network at work which are ferreted out by MS sales reps or an audit conducted at their behest.
As to the veracity of the leak, hard to say, but there is generally confirmation one way or the other after some time. The first e-mail from the guy was pretty embarrasing, so I would see why he would be paranoid about further leaks.. Of course, the first one could have been a hoax too..
It is fixed.. your issue is downstream from the Reg...
You admit 'adaptation based on traits that make the species more hearty, that is scientific and observable.' That's excellent. However, there's no bright line between this kind of change and 'origin of species'. Occam's razor demands that one not create one. It's 'the only game in town' in the sense that it is the only explanation that fits the facts and does not introduce invisible superheros into the equation. If we are allowed to introduce superheros, we can come up with an infinity of possible explanations.