Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: Re:lol, Java (Score 1) 79

by epyT-R (#48873599) Attached to: Oracle Releases Massive Security Update

Obviously, the efficiency of the C lib functions will vary by hardware and by author competence, but here's no way virtualized code could run faster and with less cpu and ram overhead than well written (or compiler generated) native code on given hardware.

An interesting bench done with 7 year old software and hardware (perhaps things are better today?).
http://zi.fi/shootout/

While it's gotten a lot better since the 90s, ~35-50% slower is still significant (assuming you discount the 'compiled away' situations). The strings bench is near the bottom. Unfortunately, he did not measure memory footprint or calling overhead. This is too bad because this is another area where managed runtimes come up short.

For example, the installer for freespace2 SCP is java based, and it takes 50MB of ram on startup, and grows from there as it downloads files from the network. I use tinywall on my windows box, and currently that's sitting at over 100 MB..for something that just inserts rules into the system firewall based on PID/name. That's nuts for such simple programs.

Most managed programs call out to C libraries through shims when speed is needed because the vm carries too much overhead, even when the executable is targeted for specific hardware. For example, modern game engines do this a lot. The fact that virtualized logic can touch unmanaged space breaks the security model, making it pointless to expect any additional security from the virtualization.

stack smashing, buffer overflows, invalid pointer dereference, malloc failures, code overwriting done by a program written in pure Java?

Properly written C does not cause those. Buggy C certainly does, just like buggy vms. The fact that oracle has been patching java exploits for years suggests its security isn't much better than a typical unmanaged C++ program at least as far as the user's concerned.

I mentioned the UI/system integration before. For me this is reason enough to avoid managed/interpreted runtime programs unless I have no choice. The shimming and overhead is prone to breakage and there're usually native alternatives that behave better.

Comment: Re:Bad idea (Score 1) 382

by epyT-R (#48872103) Attached to: FBI Seeks To Legally Hack You If You're Connected To TOR Or a VPN

I only meant to imply that such law would basically require a license and key disclosure in order to setup a vpn. Your employer would have a license for this because they're a corp that can afford it.. your home vpn would require a separate license, complete with key disclosure of course.

I never said this was a good idea. It's terrible.

Comment: Re:lol, Java (Score 1) 79

by epyT-R (#48871693) Attached to: Oracle Releases Massive Security Update

A large percentage works just fine even with holes, and with greater performance and less overhead. The supposed claim to fame for java was that, while slower and resource intensive, it prevented programmers from writing exploitable code. Today, we know it's possible to make a shitpile with any tool, leaving java and other runtimes to sacrifice much of the potential for lean, high performance software for small gains in security (the latter with a growing list of caveats). I'm not a fan of such mediocrity but it has become the norm these days. It also doesn't help that java comes with a browser plugin that opens a complete runtime environment to drivebys. Microsoft abandoned activex for this reason.

GREAT MOMENTS IN HISTORY (#7): April 2, 1751 Issac Newton becomes discouraged when he falls up a flight of stairs.

Working...