Java creator trying to win the stupidest statement award of the year
-
My friend (pro-Linux) sent this URL to our class mailing list :- Huge security hole in .NET: Java creator [^] This was my reply :- What else would you expect a Java person to say :-) I primarily specialize in C++/CLI (formerly Managed C++) and the reason it's the most powerful .NET language is that it supports 3 compiler modes :- * pure managed (this produces IL is same as what C# or VB.NET or J# will produce and is safe/secure etc) * unmanaged (or native) - does not target the .NET runtime - produces PE executables and native DLLs * mixed mode - has managed and unmanaged code in the same assembly - the managed portions will run under .NET security, while the unmanaged components will run under normal Windows security. What Gosling is trying to say is probably that a mixed mode app/DLL is unsafe because it has portions of code that will run outside the security model of the CLR. But then the developer (when he's using unmanaged code) is taking responsibility for what he's doing. He'll have to make sure his native code blocks don't have any gaping holes. I don't believe any sane person can assume that this is a .NET issue - it's just that C++ offers one the option to shoot yourself in the foot. Java won't let you do that - Java is probably meant for babies and little children***(see below). C++ is targetted at tougher people - or rather tougher programmers. What's more, C# and VB.NET can use .NET code access security features to make sure that unmanaged transitions are disallowed. This means that when a C# program accesses a C++ generated DLL that may contain unmanaged code, the unmanaged code won't be allowed to execute - instead, a security exception gets thrown. I myself always look out for security holes and other issues with .NET and the CLR (since knowing them increases my market potential), but meaningless shit like what this Gosling fellow throws out makes me wanna puke. If he wants to make grand statements like that, he could at least have got the facts right. Nish Regards Nish *** [edit]I replaced
pregnant womenwithlittle childrenas I felt the usage ofpregnant womenwould give the impression that I am looking down upon women.[/edit] -
My friend (pro-Linux) sent this URL to our class mailing list :- Huge security hole in .NET: Java creator [^] This was my reply :- What else would you expect a Java person to say :-) I primarily specialize in C++/CLI (formerly Managed C++) and the reason it's the most powerful .NET language is that it supports 3 compiler modes :- * pure managed (this produces IL is same as what C# or VB.NET or J# will produce and is safe/secure etc) * unmanaged (or native) - does not target the .NET runtime - produces PE executables and native DLLs * mixed mode - has managed and unmanaged code in the same assembly - the managed portions will run under .NET security, while the unmanaged components will run under normal Windows security. What Gosling is trying to say is probably that a mixed mode app/DLL is unsafe because it has portions of code that will run outside the security model of the CLR. But then the developer (when he's using unmanaged code) is taking responsibility for what he's doing. He'll have to make sure his native code blocks don't have any gaping holes. I don't believe any sane person can assume that this is a .NET issue - it's just that C++ offers one the option to shoot yourself in the foot. Java won't let you do that - Java is probably meant for babies and little children***(see below). C++ is targetted at tougher people - or rather tougher programmers. What's more, C# and VB.NET can use .NET code access security features to make sure that unmanaged transitions are disallowed. This means that when a C# program accesses a C++ generated DLL that may contain unmanaged code, the unmanaged code won't be allowed to execute - instead, a security exception gets thrown. I myself always look out for security holes and other issues with .NET and the CLR (since knowing them increases my market potential), but meaningless shit like what this Gosling fellow throws out makes me wanna puke. If he wants to make grand statements like that, he could at least have got the facts right. Nish Regards Nish *** [edit]I replaced
pregnant womenwithlittle childrenas I felt the usage ofpregnant womenwould give the impression that I am looking down upon women.[/edit]Unfortunately, it sounds like Mr. Gosling is making statements based upon money and politics rather than technical accuracy. I guess that's what happens when you become a star, blinded by your own light.
Software Zen:
delete this; -
My friend (pro-Linux) sent this URL to our class mailing list :- Huge security hole in .NET: Java creator [^] This was my reply :- What else would you expect a Java person to say :-) I primarily specialize in C++/CLI (formerly Managed C++) and the reason it's the most powerful .NET language is that it supports 3 compiler modes :- * pure managed (this produces IL is same as what C# or VB.NET or J# will produce and is safe/secure etc) * unmanaged (or native) - does not target the .NET runtime - produces PE executables and native DLLs * mixed mode - has managed and unmanaged code in the same assembly - the managed portions will run under .NET security, while the unmanaged components will run under normal Windows security. What Gosling is trying to say is probably that a mixed mode app/DLL is unsafe because it has portions of code that will run outside the security model of the CLR. But then the developer (when he's using unmanaged code) is taking responsibility for what he's doing. He'll have to make sure his native code blocks don't have any gaping holes. I don't believe any sane person can assume that this is a .NET issue - it's just that C++ offers one the option to shoot yourself in the foot. Java won't let you do that - Java is probably meant for babies and little children***(see below). C++ is targetted at tougher people - or rather tougher programmers. What's more, C# and VB.NET can use .NET code access security features to make sure that unmanaged transitions are disallowed. This means that when a C# program accesses a C++ generated DLL that may contain unmanaged code, the unmanaged code won't be allowed to execute - instead, a security exception gets thrown. I myself always look out for security holes and other issues with .NET and the CLR (since knowing them increases my market potential), but meaningless shit like what this Gosling fellow throws out makes me wanna puke. If he wants to make grand statements like that, he could at least have got the facts right. Nish Regards Nish *** [edit]I replaced
pregnant womenwithlittle childrenas I felt the usage ofpregnant womenwould give the impression that I am looking down upon women.[/edit][quote]Java won't let you do that - Java is probably meant for babies and pregnant women. C++ is targetted at tougher people - or rather tougher programmers.[/quote] Have u understood the sense of java? Do you think your no.300 clone of tic-tac-toe in your DOSbox means that your rule all those java coders out there? Ever thought of taking the best language in the right situation instead of trying to drag-and-drop your new gui in visual studio? And btw. whats the sense of bytecode if its bound to windows again? Safety? - why? - because of the cute c++ programmers that wont be able to code responsibly?
-
[quote]Java won't let you do that - Java is probably meant for babies and pregnant women. C++ is targetted at tougher people - or rather tougher programmers.[/quote] Have u understood the sense of java? Do you think your no.300 clone of tic-tac-toe in your DOSbox means that your rule all those java coders out there? Ever thought of taking the best language in the right situation instead of trying to drag-and-drop your new gui in visual studio? And btw. whats the sense of bytecode if its bound to windows again? Safety? - why? - because of the cute c++ programmers that wont be able to code responsibly?
Who spat in your test tube?
Do you want to know more? WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and Forums
-
[quote]Java won't let you do that - Java is probably meant for babies and pregnant women. C++ is targetted at tougher people - or rather tougher programmers.[/quote] Have u understood the sense of java? Do you think your no.300 clone of tic-tac-toe in your DOSbox means that your rule all those java coders out there? Ever thought of taking the best language in the right situation instead of trying to drag-and-drop your new gui in visual studio? And btw. whats the sense of bytecode if its bound to windows again? Safety? - why? - because of the cute c++ programmers that wont be able to code responsibly?
JasonKnox wrote: Have u understood the sense of java? The point is that Gosling hasn't understood the concept of C++/CLI and how it relates to the .NET framework. Gosling is doing the political dance. Which is sad, because he's a pretty skilled engineer. And, by the way, "you" is spelled "you" in English. Is it really that hard to remember, or are you too lazy to type it? -- My name in Katakana is ヨルゲン. My name in German is Jörgen. I blog too now[^]
-
My friend (pro-Linux) sent this URL to our class mailing list :- Huge security hole in .NET: Java creator [^] This was my reply :- What else would you expect a Java person to say :-) I primarily specialize in C++/CLI (formerly Managed C++) and the reason it's the most powerful .NET language is that it supports 3 compiler modes :- * pure managed (this produces IL is same as what C# or VB.NET or J# will produce and is safe/secure etc) * unmanaged (or native) - does not target the .NET runtime - produces PE executables and native DLLs * mixed mode - has managed and unmanaged code in the same assembly - the managed portions will run under .NET security, while the unmanaged components will run under normal Windows security. What Gosling is trying to say is probably that a mixed mode app/DLL is unsafe because it has portions of code that will run outside the security model of the CLR. But then the developer (when he's using unmanaged code) is taking responsibility for what he's doing. He'll have to make sure his native code blocks don't have any gaping holes. I don't believe any sane person can assume that this is a .NET issue - it's just that C++ offers one the option to shoot yourself in the foot. Java won't let you do that - Java is probably meant for babies and little children***(see below). C++ is targetted at tougher people - or rather tougher programmers. What's more, C# and VB.NET can use .NET code access security features to make sure that unmanaged transitions are disallowed. This means that when a C# program accesses a C++ generated DLL that may contain unmanaged code, the unmanaged code won't be allowed to execute - instead, a security exception gets thrown. I myself always look out for security holes and other issues with .NET and the CLR (since knowing them increases my market potential), but meaningless shit like what this Gosling fellow throws out makes me wanna puke. If he wants to make grand statements like that, he could at least have got the facts right. Nish Regards Nish *** [edit]I replaced
pregnant womenwithlittle childrenas I felt the usage ofpregnant womenwould give the impression that I am looking down upon women.[/edit]Well said Nish, but it's also worth repeating what I saw in the second comment there: Java suffers from the same problem. Anyone read sun's docs on calling native methods or doing JNI? Under .NET, there is a clear separation between safe and unsafe code. So this guy has a language that also supports shooting yourself in the foot and he's bashing .NET. :rolleyes::| Regards, Alvaro
-
My friend (pro-Linux) sent this URL to our class mailing list :- Huge security hole in .NET: Java creator [^] This was my reply :- What else would you expect a Java person to say :-) I primarily specialize in C++/CLI (formerly Managed C++) and the reason it's the most powerful .NET language is that it supports 3 compiler modes :- * pure managed (this produces IL is same as what C# or VB.NET or J# will produce and is safe/secure etc) * unmanaged (or native) - does not target the .NET runtime - produces PE executables and native DLLs * mixed mode - has managed and unmanaged code in the same assembly - the managed portions will run under .NET security, while the unmanaged components will run under normal Windows security. What Gosling is trying to say is probably that a mixed mode app/DLL is unsafe because it has portions of code that will run outside the security model of the CLR. But then the developer (when he's using unmanaged code) is taking responsibility for what he's doing. He'll have to make sure his native code blocks don't have any gaping holes. I don't believe any sane person can assume that this is a .NET issue - it's just that C++ offers one the option to shoot yourself in the foot. Java won't let you do that - Java is probably meant for babies and little children***(see below). C++ is targetted at tougher people - or rather tougher programmers. What's more, C# and VB.NET can use .NET code access security features to make sure that unmanaged transitions are disallowed. This means that when a C# program accesses a C++ generated DLL that may contain unmanaged code, the unmanaged code won't be allowed to execute - instead, a security exception gets thrown. I myself always look out for security holes and other issues with .NET and the CLR (since knowing them increases my market potential), but meaningless shit like what this Gosling fellow throws out makes me wanna puke. If he wants to make grand statements like that, he could at least have got the facts right. Nish Regards Nish *** [edit]I replaced
pregnant womenwithlittle childrenas I felt the usage ofpregnant womenwould give the impression that I am looking down upon women.[/edit]With C++/CLI, you can pick one of three models. In order of safety:
- Safe (/clr:safe). Emits only verifiable IL
- Pure (/clr:pure). Emits only IL, no native code
- Mixed (/clr). Tries to emit IL as far as possible, falls back on native code for constructs not possible in IL.
The verifiable flag is important. If verification is enabled (which it is, by default, for all non-local code) the JIT will throw an exception (a
VerificationException, IIRC) if any construct is encountered which is not verifiable. The same applies to C#unsafeblocks. A difference here is that the programmer must explicitly opt in to non-verifiable code in C# (by writing anunsafeblock and using the/unsafeswitch to the compiler), while in C++/CLI you must opt out. The rules about what code is allowed to execute unverifiable IL are part of the current security policy. You could editmachine.configto remove unverifiable code permission from the default machine policy set, for example. You could also edit the Internet zone policy to allow unverifiable code but this would be a seriously bad idea. So the difference is that Java does not allow you to execute non-verifiable code directly in the virtual machine. It's not clear to me what protections are offered against loading native, unmanaged code using JNI. Since JNI code runs in-process in the VM, it can do anything - in the same way that P/Invoke code can do anything in the CLR. Stability. What an interesting concept. -- Chris Maunder -
My friend (pro-Linux) sent this URL to our class mailing list :- Huge security hole in .NET: Java creator [^] This was my reply :- What else would you expect a Java person to say :-) I primarily specialize in C++/CLI (formerly Managed C++) and the reason it's the most powerful .NET language is that it supports 3 compiler modes :- * pure managed (this produces IL is same as what C# or VB.NET or J# will produce and is safe/secure etc) * unmanaged (or native) - does not target the .NET runtime - produces PE executables and native DLLs * mixed mode - has managed and unmanaged code in the same assembly - the managed portions will run under .NET security, while the unmanaged components will run under normal Windows security. What Gosling is trying to say is probably that a mixed mode app/DLL is unsafe because it has portions of code that will run outside the security model of the CLR. But then the developer (when he's using unmanaged code) is taking responsibility for what he's doing. He'll have to make sure his native code blocks don't have any gaping holes. I don't believe any sane person can assume that this is a .NET issue - it's just that C++ offers one the option to shoot yourself in the foot. Java won't let you do that - Java is probably meant for babies and little children***(see below). C++ is targetted at tougher people - or rather tougher programmers. What's more, C# and VB.NET can use .NET code access security features to make sure that unmanaged transitions are disallowed. This means that when a C# program accesses a C++ generated DLL that may contain unmanaged code, the unmanaged code won't be allowed to execute - instead, a security exception gets thrown. I myself always look out for security holes and other issues with .NET and the CLR (since knowing them increases my market potential), but meaningless shit like what this Gosling fellow throws out makes me wanna puke. If he wants to make grand statements like that, he could at least have got the facts right. Nish Regards Nish *** [edit]I replaced
pregnant womenwithlittle childrenas I felt the usage ofpregnant womenwould give the impression that I am looking down upon women.[/edit]At least, have him heard of JNI? AFAIK, it's a "security hole" as big as .NET native code. Yes, even I am blogging now!
-
JasonKnox wrote: Have u understood the sense of java? The point is that Gosling hasn't understood the concept of C++/CLI and how it relates to the .NET framework. Gosling is doing the political dance. Which is sad, because he's a pretty skilled engineer. And, by the way, "you" is spelled "you" in English. Is it really that hard to remember, or are you too lazy to type it? -- My name in Katakana is ヨルゲン. My name in German is Jörgen. I blog too now[^]
The only problem im having at this point is that i cant go conform with "java is for pregnent women". So is .NET for lesbians? If hes earning his money with MS i appreciate that but i dislike those crusades. Whats the point in telling me how to spell something? Is this some sort of an argument?
-
The only problem im having at this point is that i cant go conform with "java is for pregnent women". So is .NET for lesbians? If hes earning his money with MS i appreciate that but i dislike those crusades. Whats the point in telling me how to spell something? Is this some sort of an argument?
JasonKnox wrote: The only problem im having at this point is that i cant go conform with "java is for pregnent women". It was perhaps not the most wisely chosen words, but it does give IMO an accurate picture of the Java language. It also describes VB and C# (2.0 with generics seems like a great step forward, but it still feels like a nanny language). JasonKnox wrote: So is .NET for lesbians? Last time I checked, Lauren didn't seem too hot on .NET :-D JasonKnox wrote: Whats the point in telling me how to spell something? Is this some sort of an argument? People will take you seriously. -- My name in Katakana is ヨルゲン. My name in German is Jörgen. I blog too now[^]
-
At least, have him heard of JNI? AFAIK, it's a "security hole" as big as .NET native code. Yes, even I am blogging now!
Can one block assemblies containing "unsafe" code in .NET? I believe you can block JNI stuff in Java. -- My name in Katakana is ヨルゲン. My name in German is Jörgen. I blog too now[^]
-
[quote]Java won't let you do that - Java is probably meant for babies and pregnant women. C++ is targetted at tougher people - or rather tougher programmers.[/quote] Have u understood the sense of java? Do you think your no.300 clone of tic-tac-toe in your DOSbox means that your rule all those java coders out there? Ever thought of taking the best language in the right situation instead of trying to drag-and-drop your new gui in visual studio? And btw. whats the sense of bytecode if its bound to windows again? Safety? - why? - because of the cute c++ programmers that wont be able to code responsibly?
JasonKnox wrote: Have u understood the sense of java? Possibly, though its impossible to know for sure because I can't really "understood" what "u" mean JasonKnox wrote: whats the sense of bytecode if its bound to windows again? Umm... not sure if you are refering to .NET cause bytecode is java. .NET gets compiled to IL JasonKnox wrote: because of the cute c++ programmers that wont be able to code responsibly? I have yet to see a "cute" c++ programmer so I don't see the relevance of your statement, then again I don't really understand most of what you said. Matt Newman
Even the very best tools in the hands of an idiot will produce something of little or no value. - Chris Meech on Idiots
-
JasonKnox wrote: Have u understood the sense of java? Possibly, though its impossible to know for sure because I can't really "understood" what "u" mean JasonKnox wrote: whats the sense of bytecode if its bound to windows again? Umm... not sure if you are refering to .NET cause bytecode is java. .NET gets compiled to IL JasonKnox wrote: because of the cute c++ programmers that wont be able to code responsibly? I have yet to see a "cute" c++ programmer so I don't see the relevance of your statement, then again I don't really understand most of what you said. Matt Newman
Even the very best tools in the hands of an idiot will produce something of little or no value. - Chris Meech on Idiots
[MSA] Matt Newman wrote: JasonKnox wrote: whats the sense of bytecode if its bound to windows again? Umm... not sure if you are refering to .NET cause bytecode is java. .NET gets compiled to IL name it like you want. [MSA] Matt Newman wrote: I don't see the relevance of your statement read my second posting in this thread.
-
Who spat in your test tube?
Do you want to know more? WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and Forums
I think you mean an 'h' instead of a 'p' in spat.
Software Zen:
delete this; -
[MSA] Matt Newman wrote: JasonKnox wrote: whats the sense of bytecode if its bound to windows again? Umm... not sure if you are refering to .NET cause bytecode is java. .NET gets compiled to IL name it like you want. [MSA] Matt Newman wrote: I don't see the relevance of your statement read my second posting in this thread.
JasonKnox wrote: name it like you want. I'd rather stick with the proper definition - that way no one gets confused. If there is one thing that really hurts productivity in a project, that could very easily be fixed, is when people use different appellations for the same thing.
Do you want to know more? WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and Forums
-
[MSA] Matt Newman wrote: JasonKnox wrote: whats the sense of bytecode if its bound to windows again? Umm... not sure if you are refering to .NET cause bytecode is java. .NET gets compiled to IL name it like you want. [MSA] Matt Newman wrote: I don't see the relevance of your statement read my second posting in this thread.
-
The only problem im having at this point is that i cant go conform with "java is for pregnent women". So is .NET for lesbians? If hes earning his money with MS i appreciate that but i dislike those crusades. Whats the point in telling me how to spell something? Is this some sort of an argument?
-
I think you mean an 'h' instead of a 'p' in spat.
Software Zen:
delete this;Gary R. Wheeler wrote: I think you mean an 'h' instead of a 'p' in spat. This is the Lounge - and I didn't want to get too scatalogical. I figured that substituting an act of expectoration would keep within the Lounge's PG guidelines.
Do you want to know more? WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and Forums
-
Can one block assemblies containing "unsafe" code in .NET? I believe you can block JNI stuff in Java. -- My name in Katakana is ヨルゲン. My name in German is Jörgen. I blog too now[^]
Yes, unsafe code is blocked by default if run remotely. That's the purpose of 'unsafe' blocks. Christian I have several lifelong friends that are New Yorkers but I have always gravitated toward the weirdo's. - Richard Stringer
-
[quote]Java won't let you do that - Java is probably meant for babies and pregnant women. C++ is targetted at tougher people - or rather tougher programmers.[/quote] Have u understood the sense of java? Do you think your no.300 clone of tic-tac-toe in your DOSbox means that your rule all those java coders out there? Ever thought of taking the best language in the right situation instead of trying to drag-and-drop your new gui in visual studio? And btw. whats the sense of bytecode if its bound to windows again? Safety? - why? - because of the cute c++ programmers that wont be able to code responsibly?
Looks like the Java guy lost the contest. Christian I have several lifelong friends that are New Yorkers but I have always gravitated toward the weirdo's. - Richard Stringer
