I think that the Java compiler is pretty close to maximum efficiency, because there have been lots of people working on it. So yes, Java code should be faster than C++, except that Java sucks and is being interpreted by the JVM, so there's a massive overhead which more than counters the better-compiled code.
What I want to know is, when are they going to support the latest version of C? The standard's been out what, 5 or 6 years? It's the primary language of the compiler. And yet I still can't pass complex numbers to functions and expect it to work. Please, someone get C99 support working.
I think the logic is that solaris exists for SPARC and, with it being opened up, can pretty much do everything linux can, wheras linux is the primary choice for an itanium system.
Debian has a choice of netbsd, linux or hurd kernels. The platform applications are written for is "debian", i.e. the debian filesystem layout and base system. C applications which interface with the kernel still need recompiling though, of course, and there are a lot of C applications around which aren't going to be moved to java any time soon. Plus if the executable format is different, e.g. 32/64 bits or endianness, then obviously everything needs recompiling if you're going to take advantage of that.
But then things don't work for them. They know they need to click yes to play games on their favourite sites, so they learn to always click yes at that dialog.
No, the point of the browser is to browse, to display *pages*. No way it should be allowing remote programs to access the local filesystem. There are programs to do that if that's what you want.
That's not enough warning. The exclamation marks look big because they're being displayed alone, but on a screen they'd be quite small. They're the same exclamation marks the user sees every time they leave a SSL connection, or enter an SSL connection, or submit a form, and they have to click yes there too. So it's no surprise the users will click yes to this.
It displays them all in the same dialog though. And it's horrible swing so no-one is going to read it, just looking at it for a couple of seconds is enough to make me hate it. Clicking "yes" no longer counts as affirmative user action, they're too used to being bombarded with things they don't understand to say yes to. For a start, not letting you click yes for a few seconds like firefox does might make the user pause to think. But really, it should require some action to make them think. Maybe typing out a permission notice or something.
They just want to display popup ads. My guess is they already had the code to do this with IE lying around, and since you can't remove IE on a windows box, decided to use that rather than writing a new payload.
A signature or a single warning window isn't enough. It should require clear deliberate action on the part of the user, clicking yes on a box isn't enough since they do that all the time to get rid of the boxes. Requiring the user to type out something like "I want to give this program complete control of my computer" is the sort of thing it should require.
So once I get a signature from verisign, I can do anything I want to my users' machines? Surely that's a hole you can drive a truck through. I mean, the cert would get revoked pretty quickly once I started using it, but if I've burnt 2000 users' motherboards by then that's a serious problem.
They could have said "all other browsers", but since Firefox is the most popular one why not mention it? Lots of articles that will work for any music player mention the ipod, for example.
No, because the attack happens when browsing with firefox, or in fact anything using Sun's JVM, but firefox is the only popular alternative. So even if you're running firefox for your pr0n surfing and only using IE for trusted sites like your bank that require it, you're vulnerable. Which is newsworthy.
Am I the only one thinking letting a web application modify arbitrary files on the local filesystem, even if it pops a permission dialog first, is an inherently stupid idea?
The user has seen enough web dialogs to know that when you see one, you click yes. If you try to read them all you'll go mad, if you click no that cool game bob told you about doesn't work. So you click yes on everything.
It's good enough with global locks. Yes, it isn't as efficiently paralleliseable, but generally that isn't why I've written threads in the first place. I've written them because I have something blocking to do, or something else that needs me to have threads. Because I know they're a nightmare to do properly. So for what I do, multithreading is easy. Because if it isn't, I'll do something easier instead.
But be honest, if you were negotiating with someone and thought you could get away with tying them to you for the next phase, you'd do it, wouldn't you? The government should have insisted on owning all the software, but when they didn't, you can't blame the coders for taking advantage of it. Wild guess: perhaps they offered to do it cheaper if they could keep ownership of the software? We know how governments go for the low bidder and don't look too closely about how they're making that low bid.
This always happens with government projects, but I don't understand why, since a contract is a contract. Government should tell those companies, you'll finish it for the price you told us, or you can leave it as is and not get one cent. That should sort these things out.
Would LLVM let me write a BF backend for GCC? That would be so leet.
I think that the Java compiler is pretty close to maximum efficiency, because there have been lots of people working on it. So yes, Java code should be faster than C++, except that Java sucks and is being interpreted by the JVM, so there's a massive overhead which more than counters the better-compiled code.
What I want to know is, when are they going to support the latest version of C? The standard's been out what, 5 or 6 years? It's the primary language of the compiler. And yet I still can't pass complex numbers to functions and expect it to work. Please, someone get C99 support working.
I think the underscore confused the package filenames, or made them look aesthetically ugly, or both. Certainly it was heavily debated.
I think the logic is that solaris exists for SPARC and, with it being opened up, can pretty much do everything linux can, wheras linux is the primary choice for an itanium system.
Debian has a choice of netbsd, linux or hurd kernels. The platform applications are written for is "debian", i.e. the debian filesystem layout and base system. C applications which interface with the kernel still need recompiling though, of course, and there are a lot of C applications around which aren't going to be moved to java any time soon. Plus if the executable format is different, e.g. 32/64 bits or endianness, then obviously everything needs recompiling if you're going to take advantage of that.
No, the spyware they use the hole to install targets IE. So it's like saying "Windows vulnerable to iTunes exploit" or something.
But then things don't work for them. They know they need to click yes to play games on their favourite sites, so they learn to always click yes at that dialog.
No, the point of the browser is to browse, to display *pages*. No way it should be allowing remote programs to access the local filesystem. There are programs to do that if that's what you want.
That's not enough warning. The exclamation marks look big because they're being displayed alone, but on a screen they'd be quite small. They're the same exclamation marks the user sees every time they leave a SSL connection, or enter an SSL connection, or submit a form, and they have to click yes there too. So it's no surprise the users will click yes to this.
It displays them all in the same dialog though. And it's horrible swing so no-one is going to read it, just looking at it for a couple of seconds is enough to make me hate it. Clicking "yes" no longer counts as affirmative user action, they're too used to being bombarded with things they don't understand to say yes to. For a start, not letting you click yes for a few seconds like firefox does might make the user pause to think. But really, it should require some action to make them think. Maybe typing out a permission notice or something.
They just want to display popup ads. My guess is they already had the code to do this with IE lying around, and since you can't remove IE on a windows box, decided to use that rather than writing a new payload.
A signature or a single warning window isn't enough. It should require clear deliberate action on the part of the user, clicking yes on a box isn't enough since they do that all the time to get rid of the boxes. Requiring the user to type out something like "I want to give this program complete control of my computer" is the sort of thing it should require.
Because the current exploit attacks IE.
So once I get a signature from verisign, I can do anything I want to my users' machines? Surely that's a hole you can drive a truck through. I mean, the cert would get revoked pretty quickly once I started using it, but if I've burnt 2000 users' motherboards by then that's a serious problem.
They could have said "all other browsers", but since Firefox is the most popular one why not mention it? Lots of articles that will work for any music player mention the ipod, for example.
Erm, it took about a week for a trojan which intercepted the ctrl-alt-del to come out.
Just goes to show Java should be open source.
No, because the attack happens when browsing with firefox, or in fact anything using Sun's JVM, but firefox is the only popular alternative. So even if you're running firefox for your pr0n surfing and only using IE for trusted sites like your bank that require it, you're vulnerable. Which is newsworthy.
Am I the only one thinking letting a web application modify arbitrary files on the local filesystem, even if it pops a permission dialog first, is an inherently stupid idea?
Konqueror asks permission for every single file an applet modifies. Although a good idea, in practice this is so annoying I had to turn it off.
The user has seen enough web dialogs to know that when you see one, you click yes. If you try to read them all you'll go mad, if you click no that cool game bob told you about doesn't work. So you click yes on everything.
It's good enough with global locks. Yes, it isn't as efficiently paralleliseable, but generally that isn't why I've written threads in the first place. I've written them because I have something blocking to do, or something else that needs me to have threads. Because I know they're a nightmare to do properly. So for what I do, multithreading is easy. Because if it isn't, I'll do something easier instead.
But be honest, if you were negotiating with someone and thought you could get away with tying them to you for the next phase, you'd do it, wouldn't you? The government should have insisted on owning all the software, but when they didn't, you can't blame the coders for taking advantage of it. Wild guess: perhaps they offered to do it cheaper if they could keep ownership of the software? We know how governments go for the low bidder and don't look too closely about how they're making that low bid.
This always happens with government projects, but I don't understand why, since a contract is a contract. Government should tell those companies, you'll finish it for the price you told us, or you can leave it as is and not get one cent. That should sort these things out.