How about you back up your claim that the USPTO has simply rubber-stamped this patent because they're clueless? THATs one of the easiest Slashdot karma whore posts to make...
Shouldn't be too hard to do. There was a story on/. just today about how the USPTO keeps recruiting to try and deal with excessive workload, but can't keep the staff once it hires them.
If the workload is that high, it's hard to imagine them giving each application the attention it deserves.
So, not "clueless" precisely, but you could make a fair case for "rubber stamped".
Software patents remain evil, even if it's Google that holds them.
Google on the whole seem to remain a force for good. The cynic in me does wonder how long that can last after going public, but on balance I'm a long way from consigning Google to the Bad Guy List
However, software patents remain evil, even if it's Google that holds them. I just thought that bore repeating.
in certain respects, Microsoft is evil (strongarming companies like dell to only use their operating systems). I talk about open source in this way because I just want to point out that its developers can be just as evil as Microsoft.
Well, can be, certainly. An ordained priest can be as evil as a mass murderer, esp. if the priest is a serial killer in his spare time and the murderer makes a lot of donations to charity. But the way you phrased it seems to suggest a moral equivalence between open source
development and Microsoft at their dirtiest
that I don't think I'm quite ready to embrace.
rather than reading the article and using someone else's opinion, I gave my own on the subject. I was talking about why large commercial firms haven't really started to embrace the open source world.
And far be it from me to stifle your personal right to express yourself. I just thought that the idea that companies won't use open source because of a lack of accountability is difficult to reconcile with evil open source developers forcing honest hardworking software devs into bankrupcy. By your earlier argument, we would expect industry to choose the proprietory offering and the developers to prosper.
competition is a good thing in my opinion, but companies that are successful shouldn't be punished. If a company becomes a monopoly only because they are the best, they shouldn't be forced to break apart.
Well, that's a controversial issue in some quarters, but it's easy to see how monopolies can be abused. With no competition, a monopoly can crank up profit margins as high as it likes. There is no spur to improve the product offered (look at the stagnation of IE since the collapse of Netscape for example) and the monopoly holder can further abuse its power to make and break other companies by withholding goods and services at a whim.
State sanctioned monopolies have been used extensively at various times in Mankind's history, often by monarchs as a reward for loyal supporters. It's rarely, if ever, worked out
well. The laws against monopolies were instituted for good reasons.
Wikipedia
has a good description of the issues involved.
I presume we're talking about Microsoft here.
Why do you suppose breakup would be a bad thing? Who do you see being harmed?
No argument there. These are sensitive issues, but I think they've been deliberately blown out of proportion. To have an election hinge on issues like that doesn't seem like a healthy approach to democracy.
Full Disclosure: UK citizen speaking. I'm not claiming any moral superiority - we have exactly the same problem.
Your point is valid, but Linus doesn't code anymore and hasn't for many years. People give that one person ENTIRELY too much credit. Linux is far, far, far, far, far beyond a single person.
It'd be worth it from Bill's viewpoint just to remove Linus as administrator. I know Alan Cox could probably pick up the reins seamlessly, and probably a few others too.
All the same, Linux has got to where it is, in no small part due to Linus' personality and willingness to build bridges. (I'm taking the Tridge/McVoy/BitMover furore as an abberation for the time being). I think he would be a sore loss to the community.
would be a serious loss to the community.
I think most Democrats and Republicans in Congress are essentially the same side, except for minor differences.
I think they are exactly the same party; two different flavours of Corporate Greed, each with its own brandname to create the illusion of choice. The biggest challenge of the election is finding enough highly emotive non-issues to distract the electorate.
It'd be pitiful, if it wasn't for the fact that it seems to work...
Microsoft IS most definitely based on software, they know it and work it, and do it very well. Why are so many on/. unwilling to give them credit where it is due?
That's an interesting question, really. There's no doubt that MS made a policy of hiring the very best, and we can reasonably assume that they have some quality coding going on in house.
And yet there is considerable perceived suckage in the Microsoft codebase. Ans so a lot of people ask "if so many people dislike this product, why does it remain dominant?"
Good marketing seems a plausible answer. Certainly, Microsoft are extremely good at marketing. Arguably their marketing skills are superior to their coding skills, notwithstading their having a shipload of talent available in the coding department.
And this in turn leads many to characterise MS main business as marketing. It seems to be what they do best. Of course, to describe them as a marking company is an oversimplification, but it is still a useful analysis in terms of the insight it yeilds into the software giant's behaviour.
To consider their behavior in terms of control, while perhaps harder to defend, is similarly interesting. Certain MS activities make no sense in terms of providing what thewir customers want, but make perfect sense if you consider them as control freaks. Their determination to inflict DRM upon their userbase springs to mind here for some reason.
OSS has zip to do with nobility or anything else associated with good. It's rapidly being brought low to the same level as drug abuse due to peer pressure. Better go open source or you'll be seen in the same light as Microsoft. Open source to be cool and hip and accepted.
You reckon? I don't recognise that characterisation at all. Copyleft software creates a commonwealth that enriches us all. Many contribute simply for that reason. Of course, OSS coders are a diverse bunch and each of us probably has a their own unique set of reasons for contributing. Unlike Microsoft, the closet we come to having a corporate agenda is the GPL. And that, I think you'll grant, is a fairly altruistic document.
There is of course the pressure some people are directing at Sun to release Java to the community. Personally I think that would be a good move for Java, but I will conceed that it is Sun's decision. But even if the rhetoric has gone over the top in the course of that particular debate, it's hardly fair to attempt to characterise the entire community in terms of that one discussion.
Oh, and I can't see the drug use connection at all. I'd love for you to explain that one.
Microsoft spent real money, invested real resources, why should they not keep their source closed if they so choose? It's their right to do, as it is theirs.
Just to be clear, I do not dispute this. In fact I don't think anyone disputes this, although a few people belive MS might be better served by going open source. I belive they are entitled to their opinions, just as MS are entitled to ignore them.
I am so sick of this tinfoil hat FUD about Microsoft. Their chief crimes are simple: they sold unfinished, alpha, and beta software as finished product and downplayed the results despite voluminous documention by support professionals and by virtue of the sheer number of patches needed to stabilize it afterwards; their second crime is to abuse the patent system while claiming to desire an end to the same behavior. Lastly, they tend to get overprotective of their market and cross the line in proper and ethical sales and marketing practices.
Is that all? I thought they'd done something bad!;)
Seriously, add to the list that they are also rather scathing in denigrating their opponents, and have a vicious line of FUD themselves. Which would not be so bad if their own offerings represented the pinacle of software development depicted in MS ad campaigns.
and if it's a nice, polished piece of software, people will be more likely to go with the free version over the paid version (which will eventually put the commerical vendor out of business).
If it's a better piece of software, then yes, that is possible. The same would apply if a better commercial offering came along. And yet there is no reason why two competing products should not co-exist in the marketplace, although they may force a more realistic pricing model on some of the competitors.
I've taken the liberty of scanning a few of your recent posts. For instance, you commented on the thread concerning Robert Lefkowitz's Calculating the True Price of Software. I take it that you read the article?
Lefkowitz makes an excellent case for the fact that the most import part of the software price for corporate buyers are teh support and upgrade options. And that, oddly enough is proprietory software's answer to free software. The customer doesn't pay for the software so much as for support and the assurance that upgrades will be available in due course.
You even commented making a similar point:
no licensing fee to a company also means there isn't anyone thaey can blame when something goes wrong. This is why commerical applications are used.
To me that seems oddly inconsistent with your position that a sufficiently polished free software application will automatically eradicate any commercial alternatives. Am I missing something?
yeah, it is competition at work. Do I sense some sarcasm in your statement?
None intended. I'm just getting some mixed signals. You say you're okay with open source, but you equate free software development with Embrace and Extend which is generally reckoned to be one of Microsoft's dirtier tricks. Your comment about using open source in your own development leads me to imagine a small independant software house, and yet you seem to be an ardent apologist for Microsoftv .
Now I wouldn't go so far, (as I know some have) as to accuse you of astroturfing for MS, but you don't fit any of my mental models of slashdot posters. Thus I'm trying to validate a few of my assumptions as I go. For instance, most of slashdotters would agree that competition in the marketplace is a good thing. But rather than assume, I thought I'd better seek confirmation.
I notice you confirmed the "competition" for instance, but didn't say anything about "good". A deliberate omission? Many people would infer a condemnation of competition from that.
but the purpose of OSS is the same: to destroy the commercial counterpart.
I don't think it's anywhere near that monolithic. I think lots of different people write open source software for different reasons. I expect there must be one or two that think "I'm going to totally destroy application X", but I reckon the majority are more along the lines of "Why won't this stupid program work the way I want it to?", "Why can't I read this data?", and "I've got an idea that is just so cool!"
maybe so, but open source can just as easily challenge microsoft by creating a better product with open standards (look at firefox).
And as reported i slashdot today, it sees that Firefox has spurred MS into improving their ageing and unappealing product for the first time in years. That's competition at work, which is supposed to be a good thing, right?
free software developers are just as bad. They put commerical programmers out of business by creating free, open source application that have the exact same function as the commercial counterpart. It's a form of "embrace and extend".
Pshaw. I'm both a commercial and free software developer and I don't see me being put out of business. I can see it being bad for a few software monopolies that charge way too much for their office software, for example, but there'll still be work for programmers.
Embrace = adopt the same functionality as commercial counterpart.
Extend = release it, for free, making it very difficult for a commercial developer to sell it (most people choose free over pay).
Maybe it's just me, but I have difficulty with "embrace" as meaning "write a program to handle a certain generic class of problem, for which commercial offerings may already exist". Call me picky if you will
More to the point, E&E tends to apply to issues of standards and interoperability. We FOSS types tend to like standards so so they can do what they were designed to do. When MS embraces and extends a standard, it does so to destroy it. You'll never see an open source project try and do that,
Anyway, what's your problem? If you want to compete with open source, all you have to do is write better software. Considering how scathing MS has been in the past about the quality of open source code, that wouldn't seem to present an insurmountable challenge, would it?
Not a whole lot. A couple of uni projects. I've got a half written JEdit plugin lying aroound somewhere.
I've not done any J2EE at all.
All the same, it is in the nature of security considerations that they are designed for today's challenges, but must inevitably meet those of tomorrow. There is no silver bullet.
I presume you keep framing this in terms of J2EE because that's part of your vision of the future? Everyone has a machine with a browser and all their files are on a server somewhere else and all their apps are applets?
Obviously it took acumen to hold on to the inital advantage. However, getting asked by the then all-powerful IBM to write the OS? That was a lucky break!
But what would the trojan do? Would it simply run a program just to crash it? That seems kind of pointless. The point isn't that threads don't die. It's that it's impossible for an attacker to use this in any meaningful way.
I was contrasting the current, typical use of Java as an application programming language against its hypothetical use in a Java VM as OS context. In a typical contempary scenario, finding a java 'sploit avails the cracker naught, since he then still has to crack the OS. Contrariwise, on a system where the OS is unified with the Java VM, there is no limit to the damage an exploit can do.
To summarise: one of the main reasons Java is so secure is that it has the system OS as a second line of defence. Unify OS and VM and that advantage is lost.
It HAS been tested in earnest. Applets are an example of an area where the Java security model is in effect.
On the one hand, applets are a very specific and specialised case. The malware artist not only ha t get past java, he also needs to defeat any browser security measures and there is still the OS to contend with.
On the other, current JVMs rely, as you yourself said, upon the OS for a lot of facilities. When those features are migrated into the VM, the complexity increases, and there's no guarantee that security is maintained.
Whoa! Hold up there! The protection is not in the language. It's in the platform. The Java Language is independent from its platform, and provides very little in the way of security features.
And yet I seem to recall you saying that "it is much easier to add this protection in Java than in any other langauge". Perhaps you meant to say that "the Java RTE has features that enable programs which compile into Java bytecode to better implement such protection".
We can use the term "Java" loosely (as we have been) or we can be precise. I don't mind which as long as we both follow the same rules.
If Java is the OS, it WOULD be handling security.
You mean "if the Java Run Time Engine is the OS". We're being precise, remember?
You can have an OS *never* have a root exploit, or even a critical exploit. Java can do that.
Never happen in the real world. That's my prediction.
Think, with all the J2EE servers running out there, and all the webbrowsers with Java installed, how many have experienced major flaws in the Java architecture or VM? The answer is a resounding ONE.
Yes. For a JVM insulated from the bare metal by at least two levels of abstraction, that's not bad going. It's still unproven as a full on, standalone operating system.
And Java's is secure even if the programmer DOESN'T check buffer lengths. "ArrayOutOfBoundsException: Element 100002 does not exist."
You mean the Java Runtime Environment, surely?
As I said above, we're not talking about the Java Language. We're talking about the Java Platform. You have to make a distinction between the two or you'll fall into the same trap you just did.:-)
Let he who is without sin cast the first stone, that's what I say:P
But I'll tell ya what: Let's conduct the remainder of this in terms of
Perl 6 and
Parrot. I'm a Perl fan, sh that'll factor out my admitted bias against Java, and since all you were originally arguing for was managed code, Parrot should do as well as the JVM. Also, I can write "Perl" to mean "Perl" and "Parrot" to mean
"Parrot".
Does that sound fair?
If it isn't handled at all, the current thread dies. If you're using a single threaded program, then your program is dead. However, networked programs are almost never single threaded.
Can't assume an attack's going to be over the network. Could just as easy be a trojan. They do tend to be single threaded. All of which is a bit beside the point.
Never should happen. That's what the Java Security System is for.
Should, certainly. The way I see it, the Java security system is like a theoretical cryptosystem. It works fine on paper, and a fair few gedankenexperiments have been performed. However, until someone tries to crack it in earnest and out in the wild then we can't be sure that nothing has been overlooked.
You're asssuming a single user environment when you shouldn't be. If you extend Java down to the OS level, you have to add standard multi-user protection.
Yes, I get that. It's just that in doing so you forgoe the protection previously afforded by the OS. It's not solving the problem, it's just moving responsibility for the problem.
The key is that it's much easier to add this protection in Java than any other language.
The question is whether the language is the proper place to add such protection. I'll come back to that.
However, C/C++ have no built-in security model. There's no way to check for that other than attempting to build your own security framework on top, and/or relying on the OS to do its job. Both options are far from perfect. Java has no such problems.
Actually, relying on the OS to do its job does seem to me to be the perfect solution. Granted, you need an OS that does its job properly, but then a buggy java runtime would have the same problems as a buggy OS.
I think there's a lot to recommend the idea of letting the OS handle security and leaving the language to describe the logic needed to solve a specific problem. One of the BSDs, OpenBSD I think, demonstrates how well this can work. Currently it has zero outstanding security advisories and a policy of full disclosure.
You can't get much better than that. (And I say this as a linux guy with no axe to grind).
Java's Security model is inescapable as long as it's used and not ignored.
And C's parameter passing mechanism is secure so long as the programmer always checks buffer lengths. Everything is secure if it's done properly. Maybe I'm misunderstanding you here?
Please understand: I think it entirely possible that Java could turn out to be the Best Way To Do Most Things(TM). On the other hand, as must be apparent by now, I also have strong reservations about the wisdom of intergrating OS and language, and I think it's sometimes too easy to get carried away by Sun's hype and Gosling's enthusiasm.
So for me, what it comes down to is:
Java could well turn out to be the answer to our security prayers
On the other hand, it's been shown that conventional techniques can work near perfectly.
I'm going to wait and see how the architecture does in the wild before I get too excited.
That's not actually correct. If a managed environment is correctly implemented, it should be altogether impossible to crash the environment. The worst that an attacker could do is cause an Exception (which travels back up the stack until it's handled in some form or another) or a DDOS.
Or, if it isn't handled at all, the application crashes. At least, that's been my experience of a lot of Java programs, anyway. Still, perhaps I should have said, the best an attacker can hope for is to crash the application.
The Virtual Machine is an OS. The key is that today's VMs rely on the host OS for basic functionality. Add the necessary features to the VM, and you no longer have a need for a host OS.
I understand that. Look, suppose a black hat finds an exploit that lets him tweak the parameters of the Java runtime. In the vast majority of cases all he can do is inconvenience himself. He can't get root access, unless the runtime was running as root, becausehe still has to crack the underlying OS. He can't mess with another user's activities, because that other user is running on a separate VM and changes he makes to his VM have no effect on hers.
Now if the entire OS is a java runtime, then these protections no longer apply. The runtime has access to superuser privileges, and changes made the runtime affect all users.
Also, do not forget about the Java Security System. Any attempts at a breach of security can be easily walled off, trapped, and traced back to the source. This functionality isn't used much today (mostly due to the attempts to make Java programs act like Desktop Apps), but its potential is staggering.
That's great, to the extent that it works as it's supposed to work. It's not, after all as if all those buffer overflows in C were coded in because the coder thought they were cool[1]. The secutity model was designed to be watertight.
In a complex system, and IMHO obviously, there are always going to be exploits.
A lot of the security of having a virtual machine lies in the fact that is is in fact virtual, and that all an attacker can do is crash the proram he's attacking. But if your runtime becomes the OS in fact, then the machine stops being virtual.
Few of these computers came with a standard keyboard...
My point was that the lowering cost of chips was driving the expansion of home computing, not vice versa.
"King's Quest" and "Commander Keen" demonstrated very early on that the MSDOS PC could be a very successful gaming platform. I'll take that as the divide between the PC as a SOHO dedicated office machine and the PC as a general-purpose home computer.
As far as your examples of Commodore et. al, I would hardly call their sales volumes an explosion compared to what happened after DOS and especially after Windows 95.
Yes. Earlier segments of nonlinear growth curves always look insignificant compared to later segements. That doesn't make the growth any less dramatic - you just have to compare it to what was there before.
The point is that seemingly everyone was making home computers. Someone was going to emerge dominant. IBM dropped the ball and MS got lucky. That's all.
Alas, irrelevance is by far the least of my complaints with the ad industry.
And you know what? If I want to find a product to do something, I;'ll google for it.
Personalised or no, most ads are an unwelcome distraction from my daily online business. The ad industry has a lot of other problems to address before I worry too much about poorly targeted advertising.
You're right, I forgot, all you need is fast chips to drive the level of demand required to support the production volumes that enable Moore's law to be practical from a business perspective.
Disentangling your syntax (and disregarding the sarcasm) you seem to be saying that the price of hardware would not have come down it not been for Microsoft offering such quality software.
That makes a fairly major assumption. It could just as easily be true that dropping prices led an explosion in personal computing and that Microsoft owes its success to hitching a ride on the IMB brand name.
Certainly there was an explosion in the field personal computers in the early 80s: Commodore, Acorn, Sinclair to name but a few. All released home computers before the PC. So it seems that the costs were already dropping then, and that increased microprocessor use would have driven the price down anyway.
The reason MS did so well was because they had the OS on the platform that emerged dominant. And the reason for this dominance is that IBM legitimised personal computing with the IBM PC. Business bought PCs, and people bought a home computer to be compatible with work.
As far as the cost of hiring a secretary, that's what it would require for me to create the documents that I'm able to create in Word, Excel, and Powerpoint and to continue to do my work.
That's assuming no other options exist besides a human secretary or MS software.
Generally speaking, a good way to value a product is to compare the pricing of your alternatives.
I entirely agree. OpenOffice is free by the way. Thanks for playing!
Slashdot Mirror
Shouldn't be too hard to do. There was a story on /. just today about how the USPTO keeps recruiting to try and deal with excessive workload, but can't keep the staff once it hires them.
If the workload is that high, it's hard to imagine them giving each application the attention it deserves.
So, not "clueless" precisely, but you could make a fair case for "rubber stamped".
Google on the whole seem to remain a force for good. The cynic in me does wonder how long that can last after going public, but on balance I'm a long way from consigning Google to the Bad Guy List
However, software patents remain evil, even if it's Google that holds them. I just thought that bore repeating.
Well, can be, certainly. An ordained priest can be as evil as a mass murderer, esp. if the priest is a serial killer in his spare time and the murderer makes a lot of donations to charity. But the way you phrased it seems to suggest a moral equivalence between open source development and Microsoft at their dirtiest that I don't think I'm quite ready to embrace.
rather than reading the article and using someone else's opinion, I gave my own on the subject. I was talking about why large commercial firms haven't really started to embrace the open source world.
And far be it from me to stifle your personal right to express yourself. I just thought that the idea that companies won't use open source because of a lack of accountability is difficult to reconcile with evil open source developers forcing honest hardworking software devs into bankrupcy. By your earlier argument, we would expect industry to choose the proprietory offering and the developers to prosper.
competition is a good thing in my opinion, but companies that are successful shouldn't be punished. If a company becomes a monopoly only because they are the best, they shouldn't be forced to break apart.
Well, that's a controversial issue in some quarters, but it's easy to see how monopolies can be abused. With no competition, a monopoly can crank up profit margins as high as it likes. There is no spur to improve the product offered (look at the stagnation of IE since the collapse of Netscape for example) and the monopoly holder can further abuse its power to make and break other companies by withholding goods and services at a whim.
State sanctioned monopolies have been used extensively at various times in Mankind's history, often by monarchs as a reward for loyal supporters. It's rarely, if ever, worked out well. The laws against monopolies were instituted for good reasons. Wikipedia has a good description of the issues involved.
I presume we're talking about Microsoft here. Why do you suppose breakup would be a bad thing? Who do you see being harmed?
Full Disclosure: UK citizen speaking. I'm not claiming any moral superiority - we have exactly the same problem.
It'd be worth it from Bill's viewpoint just to remove Linus as administrator. I know Alan Cox could probably pick up the reins seamlessly, and probably a few others too.
All the same, Linux has got to where it is, in no small part due to Linus' personality and willingness to build bridges. (I'm taking the Tridge/McVoy/BitMover furore as an abberation for the time being). I think he would be a sore loss to the community. would be a serious loss to the community.
So while there may be plenty of brits that think this is a silly idea (me included) it's got bog all to do with GMT.
HTH
I think they are exactly the same party; two different flavours of Corporate Greed, each with its own brandname to create the illusion of choice. The biggest challenge of the election is finding enough highly emotive non-issues to distract the electorate.
It'd be pitiful, if it wasn't for the fact that it seems to work...
That's an interesting question, really. There's no doubt that MS made a policy of hiring the very best, and we can reasonably assume that they have some quality coding going on in house.
And yet there is considerable perceived suckage in the Microsoft codebase. Ans so a lot of people ask "if so many people dislike this product, why does it remain dominant?"
Good marketing seems a plausible answer. Certainly, Microsoft are extremely good at marketing. Arguably their marketing skills are superior to their coding skills, notwithstading their having a shipload of talent available in the coding department.
And this in turn leads many to characterise MS main business as marketing. It seems to be what they do best. Of course, to describe them as a marking company is an oversimplification, but it is still a useful analysis in terms of the insight it yeilds into the software giant's behaviour.
To consider their behavior in terms of control, while perhaps harder to defend, is similarly interesting. Certain MS activities make no sense in terms of providing what thewir customers want, but make perfect sense if you consider them as control freaks. Their determination to inflict DRM upon their userbase springs to mind here for some reason.
OSS has zip to do with nobility or anything else associated with good. It's rapidly being brought low to the same level as drug abuse due to peer pressure. Better go open source or you'll be seen in the same light as Microsoft. Open source to be cool and hip and accepted.
You reckon? I don't recognise that characterisation at all. Copyleft software creates a commonwealth that enriches us all. Many contribute simply for that reason. Of course, OSS coders are a diverse bunch and each of us probably has a their own unique set of reasons for contributing. Unlike Microsoft, the closet we come to having a corporate agenda is the GPL. And that, I think you'll grant, is a fairly altruistic document.
There is of course the pressure some people are directing at Sun to release Java to the community. Personally I think that would be a good move for Java, but I will conceed that it is Sun's decision. But even if the rhetoric has gone over the top in the course of that particular debate, it's hardly fair to attempt to characterise the entire community in terms of that one discussion.
Oh, and I can't see the drug use connection at all. I'd love for you to explain that one.
Microsoft spent real money, invested real resources, why should they not keep their source closed if they so choose? It's their right to do, as it is theirs.
Just to be clear, I do not dispute this. In fact I don't think anyone disputes this, although a few people belive MS might be better served by going open source. I belive they are entitled to their opinions, just as MS are entitled to ignore them.
I am so sick of this tinfoil hat FUD about Microsoft. Their chief crimes are simple: they sold unfinished, alpha, and beta software as finished product and downplayed the results despite voluminous documention by support professionals and by virtue of the sheer number of patches needed to stabilize it afterwards; their second crime is to abuse the patent system while claiming to desire an end to the same behavior. Lastly, they tend to get overprotective of their market and cross the line in proper and ethical sales and marketing practices.
Is that all? I thought they'd done something bad! ;)
Seriously, add to the list that they are also rather scathing in denigrating their opponents, and have a vicious line of FUD themselves. Which would not be so bad if their own offerings represented the pinacle of software development depicted in MS ad campaigns.
As it is, you can expect folks to be a bit
If it's a better piece of software, then yes, that is possible. The same would apply if a better commercial offering came along. And yet there is no reason why two competing products should not co-exist in the marketplace, although they may force a more realistic pricing model on some of the competitors.
I've taken the liberty of scanning a few of your recent posts. For instance, you commented on the thread concerning Robert Lefkowitz's Calculating the True Price of Software. I take it that you read the article? Lefkowitz makes an excellent case for the fact that the most import part of the software price for corporate buyers are teh support and upgrade options. And that, oddly enough is proprietory software's answer to free software. The customer doesn't pay for the software so much as for support and the assurance that upgrades will be available in due course.
You even commented making a similar point:
To me that seems oddly inconsistent with your position that a sufficiently polished free software application will automatically eradicate any commercial alternatives. Am I missing something?yeah, it is competition at work. Do I sense some sarcasm in your statement?
None intended. I'm just getting some mixed signals. You say you're okay with open source, but you equate free software development with Embrace and Extend which is generally reckoned to be one of Microsoft's dirtier tricks. Your comment about using open source in your own development leads me to imagine a small independant software house, and yet you seem to be an ardent apologist for Microsoftv .
Now I wouldn't go so far, (as I know some have) as to accuse you of astroturfing for MS, but you don't fit any of my mental models of slashdot posters. Thus I'm trying to validate a few of my assumptions as I go. For instance, most of slashdotters would agree that competition in the marketplace is a good thing. But rather than assume, I thought I'd better seek confirmation.
I notice you confirmed the "competition" for instance, but didn't say anything about "good". A deliberate omission? Many people would infer a condemnation of competition from that.
I don't think it's anywhere near that monolithic. I think lots of different people write open source software for different reasons. I expect there must be one or two that think "I'm going to totally destroy application X", but I reckon the majority are more along the lines of "Why won't this stupid program work the way I want it to?", "Why can't I read this data?", and "I've got an idea that is just so cool!"
maybe so, but open source can just as easily challenge microsoft by creating a better product with open standards (look at firefox).
And as reported i slashdot today, it sees that Firefox has spurred MS into improving their ageing and unappealing product for the first time in years. That's competition at work, which is supposed to be a good thing, right?
Good. It's been MS turn to contribute something for a while now
Pshaw. I'm both a commercial and free software developer and I don't see me being put out of business. I can see it being bad for a few software monopolies that charge way too much for their office software, for example, but there'll still be work for programmers.
Embrace = adopt the same functionality as commercial counterpart.
Extend = release it, for free, making it very difficult for a commercial developer to sell it (most people choose free over pay).
Maybe it's just me, but I have difficulty with "embrace" as meaning "write a program to handle a certain generic class of problem, for which commercial offerings may already exist". Call me picky if you will
More to the point, E&E tends to apply to issues of standards and interoperability. We FOSS types tend to like standards so so they can do what they were designed to do. When MS embraces and extends a standard, it does so to destroy it. You'll never see an open source project try and do that,
Anyway, what's your problem? If you want to compete with open source, all you have to do is write better software. Considering how scathing MS has been in the past about the quality of open source code, that wouldn't seem to present an insurmountable challenge, would it?
All the same, it is in the nature of security considerations that they are designed for today's challenges, but must inevitably meet those of tomorrow. There is no silver bullet.
I presume you keep framing this in terms of J2EE because that's part of your vision of the future? Everyone has a machine with a browser and all their files are on a server somewhere else and all their apps are applets?
Obviously it took acumen to hold on to the inital advantage. However, getting asked by the then all-powerful IBM to write the OS? That was a lucky break!
I was contrasting the current, typical use of Java as an application programming language against its hypothetical use in a Java VM as OS context. In a typical contempary scenario, finding a java 'sploit avails the cracker naught, since he then still has to crack the OS. Contrariwise, on a system where the OS is unified with the Java VM, there is no limit to the damage an exploit can do.
To summarise: one of the main reasons Java is so secure is that it has the system OS as a second line of defence. Unify OS and VM and that advantage is lost.
It HAS been tested in earnest. Applets are an example of an area where the Java security model is in effect.
On the one hand, applets are a very specific and specialised case. The malware artist not only ha t get past java, he also needs to defeat any browser security measures and there is still the OS to contend with.
On the other, current JVMs rely, as you yourself said, upon the OS for a lot of facilities. When those features are migrated into the VM, the complexity increases, and there's no guarantee that security is maintained.
Whoa! Hold up there! The protection is not in the language. It's in the platform. The Java Language is independent from its platform, and provides very little in the way of security features.
And yet I seem to recall you saying that "it is much easier to add this protection in Java than in any other langauge". Perhaps you meant to say that "the Java RTE has features that enable programs which compile into Java bytecode to better implement such protection".
We can use the term "Java" loosely (as we have been) or we can be precise. I don't mind which as long as we both follow the same rules.
If Java is the OS, it WOULD be handling security.
You mean "if the Java Run Time Engine is the OS". We're being precise, remember?
You can have an OS *never* have a root exploit, or even a critical exploit. Java can do that.
Never happen in the real world. That's my prediction.
Think, with all the J2EE servers running out there, and all the webbrowsers with Java installed, how many have experienced major flaws in the Java architecture or VM? The answer is a resounding ONE.
Yes. For a JVM insulated from the bare metal by at least two levels of abstraction, that's not bad going. It's still unproven as a full on, standalone operating system.
And Java's is secure even if the programmer DOESN'T check buffer lengths. "ArrayOutOfBoundsException: Element 100002 does not exist."
You mean the Java Runtime Environment, surely?
As I said above, we're not talking about the Java Language. We're talking about the Java Platform. You have to make a distinction between the two or you'll fall into the same trap you just did. :-)
Let he who is without sin cast the first stone, that's what I say :P
But I'll tell ya what: Let's conduct the remainder of this in terms of Perl 6 and Parrot. I'm a Perl fan, sh that'll factor out my admitted bias against Java, and since all you were originally arguing for was managed code, Parrot should do as well as the JVM. Also, I can write "Perl" to mean "Perl" and "Parrot" to mean "Parrot". Does that sound fair?
What? So MS can embrace and extend that too?
I'm all for creating something better, but I think we have a right to complain when we do and MS piss all over it.
Can't assume an attack's going to be over the network. Could just as easy be a trojan. They do tend to be single threaded. All of which is a bit beside the point.
Never should happen. That's what the Java Security System is for.
Should, certainly. The way I see it, the Java security system is like a theoretical cryptosystem. It works fine on paper, and a fair few gedankenexperiments have been performed. However, until someone tries to crack it in earnest and out in the wild then we can't be sure that nothing has been overlooked.
You're asssuming a single user environment when you shouldn't be. If you extend Java down to the OS level, you have to add standard multi-user protection.
Yes, I get that. It's just that in doing so you forgoe the protection previously afforded by the OS. It's not solving the problem, it's just moving responsibility for the problem.
The key is that it's much easier to add this protection in Java than any other language.
The question is whether the language is the proper place to add such protection. I'll come back to that.
However, C/C++ have no built-in security model. There's no way to check for that other than attempting to build your own security framework on top, and/or relying on the OS to do its job. Both options are far from perfect. Java has no such problems.
Actually, relying on the OS to do its job does seem to me to be the perfect solution. Granted, you need an OS that does its job properly, but then a buggy java runtime would have the same problems as a buggy OS.
I think there's a lot to recommend the idea of letting the OS handle security and leaving the language to describe the logic needed to solve a specific problem. One of the BSDs, OpenBSD I think, demonstrates how well this can work. Currently it has zero outstanding security advisories and a policy of full disclosure.
You can't get much better than that. (And I say this as a linux guy with no axe to grind).
Java's Security model is inescapable as long as it's used and not ignored.
And C's parameter passing mechanism is secure so long as the programmer always checks buffer lengths. Everything is secure if it's done properly. Maybe I'm misunderstanding you here?
Please understand: I think it entirely possible that Java could turn out to be the Best Way To Do Most Things(TM). On the other hand, as must be apparent by now, I also have strong reservations about the wisdom of intergrating OS and language, and I think it's sometimes too easy to get carried away by Sun's hype and Gosling's enthusiasm.
So for me, what it comes down to is:
Or, if it isn't handled at all, the application crashes. At least, that's been my experience of a lot of Java programs, anyway. Still, perhaps I should have said, the best an attacker can hope for is to crash the application.
The Virtual Machine is an OS. The key is that today's VMs rely on the host OS for basic functionality. Add the necessary features to the VM, and you no longer have a need for a host OS.
I understand that. Look, suppose a black hat finds an exploit that lets him tweak the parameters of the Java runtime. In the vast majority of cases all he can do is inconvenience himself. He can't get root access, unless the runtime was running as root, becausehe still has to crack the underlying OS. He can't mess with another user's activities, because that other user is running on a separate VM and changes he makes to his VM have no effect on hers.
Now if the entire OS is a java runtime, then these protections no longer apply. The runtime has access to superuser privileges, and changes made the runtime affect all users.
Also, do not forget about the Java Security System. Any attempts at a breach of security can be easily walled off, trapped, and traced back to the source. This functionality isn't used much today (mostly due to the attempts to make Java programs act like Desktop Apps), but its potential is staggering.
That's great, to the extent that it works as it's supposed to work. It's not, after all as if all those buffer overflows in C were coded in because the coder thought they were cool[1]. The secutity model was designed to be watertight.
In a complex system, and IMHO obviously, there are always going to be exploits.
[1] OK, maybe one or two.
A lot of the security of having a virtual machine lies in the fact that is is in fact virtual, and that all an attacker can do is crash the proram he's attacking. But if your runtime becomes the OS in fact, then the machine stops being virtual.
Few of these computers came with a standard keyboard...
My point was that the lowering cost of chips was driving the expansion of home computing, not vice versa.
"King's Quest" and "Commander Keen" demonstrated very early on that the MSDOS PC could be a very successful gaming platform. I'll take that as the divide between the PC as a SOHO dedicated office machine and the PC as a general-purpose home computer.
No argument there
Disregarding the belligerent tone, you appear to agree with me. Did you perhaps mean to respond to the GP?
Yes. Earlier segments of nonlinear growth curves always look insignificant compared to later segements. That doesn't make the growth any less dramatic - you just have to compare it to what was there before.
The point is that seemingly everyone was making home computers. Someone was going to emerge dominant. IBM dropped the ball and MS got lucky. That's all.
And you know what? If I want to find a product to do something, I;'ll google for it.
Personalised or no, most ads are an unwelcome distraction from my daily online business. The ad industry has a lot of other problems to address before I worry too much about poorly targeted advertising.
That makes a fairly major assumption. It could just as easily be true that dropping prices led an explosion in personal computing and that Microsoft owes its success to hitching a ride on the IMB brand name.
Certainly there was an explosion in the field personal computers in the early 80s: Commodore, Acorn, Sinclair to name but a few. All released home computers before the PC. So it seems that the costs were already dropping then, and that increased microprocessor use would have driven the price down anyway.
The reason MS did so well was because they had the OS on the platform that emerged dominant. And the reason for this dominance is that IBM legitimised personal computing with the IBM PC. Business bought PCs, and people bought a home computer to be compatible with work.
As far as the cost of hiring a secretary, that's what it would require for me to create the documents that I'm able to create in Word, Excel, and Powerpoint and to continue to do my work.
That's assuming no other options exist besides a human secretary or MS software.
Generally speaking, a good way to value a product is to compare the pricing of your alternatives.
I entirely agree. OpenOffice is free by the way. Thanks for playing!
Sir, I stand corrected.