best language for 3D manipulation over web ?

Attila Feher Attila.Feher at lmf.ericsson.se
Tue Jun 5 10:55:01 CEST 2001


TGOS wrote:
> Look, I'm no cracker. I have very little knowledge about how to corrupt a
> system, but on my university I'm trying to get root rights for two years now,
> without anything even close to success. On a WinNT system of a company (for
> that I was doing some network installation is part time job), it took me less
> than 24h.

No SPs applied...  I did the same (not here) when we were supposed to
install a Visual C++ but nobody knew the pwd of admin.  BTW that was NT4
with some ancient SP.

> > Crackers _does_ start on unices, the easiest to crack
> > systems.
> 
> All crackers I know started with Windows, because they say that hacking a
> private Windows system is a lot more interesting than getting access to most
> UNIX systems. Especially when hacking Win9x, as once you are in, there are no
> security mechanisms anymore.

Don't take here win9x.  It is another kind of animal: DOS with bells and
whistles.  It is not meant to be a secure system (just think about the
filesystem).

> If you take a look at hacker-pages on the WEB, you'll get hundreds of tools
> that corrupt Windows systems (DoS, Nukers, password file cracker, backdoor
> access software, etc.) and not even a handful of those tools for UNIX. IOW
> everyone can crack a Windows system (even people who don't have the knowledge),
> because there are easy to use tools that will do all the work for you.

Yep, and good NT admins know what to install to disallow the use of
those.  Same as with Linux: install right out of the box, connect to the
internet and you get cracked within 2 hours.

> >  If you think they start on VMS, you are alone.
> 
> So are you trying to say that VMS is so secure because it's an unknown system?
> Could it be the case, that VMS isn't as secure as you (and many other people
> believe) and it's just doesn't get hacked because there are way too little
> hackers who try it? How secure a system really is will only get proved if there
> are thousands of hacker who try to hack it daily. Since that seems not to be
> the case for VMS, you can't make any predictions regarding its security

No.  It is secure, because it is designed to be secure.  There are VMSes
on universities and don't think people don't try to get into them :-)))

> Despite that, I certainly won't claim that UNIX is more secure than VMS, since
> I don't know enough about this system. If VMS main goal during development was
> to make it as secure as possible, it's most likely more secure than UNIX,
> Windows, Linux and some other systems. Therefor I'm sure it has other
> disadvantages.

Yep.  It is as user friendly as a pitbull on his worse day. :-)))

> > The Unix systems are _designed_ to be wide open.
> 
> Usenet was designed for text messages, but it gets used for binary exchange as
> well. In reality it plays no role for what something was designed, but rather
> for it is used. There are thousands of examples where things are used for
> completely different purpose than for what they got designed.

I am not talking about the usenet, but the Unix networking, users etc. 
You know the "format string" attacks (don't remember the correct name)
etc.  These are possible, because the design had no stress on this kind
of issues - there was no need to.  BTW the small number of UNIX like
systems, where designers did take security seriously it is different.

> > So you _do_ need an expert to close them.
> 
> I see, something we can both agree to.
> And those experts are named "UNIX system administrator".
> Who is hiring a UNIX system admin without the necessary qualification has a
> problem, that's no secret.

Same with NT.  I have seen NT setup taking few thousand steps to make
and which was solid as a rock.   It was directly connected to the
internet and noone has ever cracked into it.  Of course: it was a pain
in the ass if you wanted to use for anything else. :-))))

> > Not such with VMS.
> 
> I don't know why you always have to mention VMS (probably you are working for
> Compaq), but  this discussion isn't about which system is more secure, it's
> about cross-platform solutions versus single system solutions. Despite that,
> since POSIX was added to VMS, it became a lot similar to UNIX and there's even
> a GNU project for VMS.

No I am not, but I am interested :-))))

YES, YOU ARE RIGHT.  I never told cross platform development is bad.
:-))  All I have tried to express was: it is not as easy as to say:
Windows is better, UNIX is better etc.  There is always a market, a set
of possible users (payers), a required time to get to the market etc.
and that makes it either feasible to be cross platfrom or not.  And
unfortunately how it goes today is that the big gap is between UNIX and
Windows.  I guess Mac new OS is more UNIX than it was before...   So the
primary decision is: is my target group UNIX or Windows or both.  How
can I get to the market the fastest, get my share of it etc.  It is many
cases Windows.  But of course if there is no hurry, (or no GUI :-)) you
_must_ go for corss platform as much as feasible.  Different Unices and
Windows (NT usually, since these are usually server processes).  And
here we agree, very much so.  I just fed up that there is no other easy
cross platform way than Java with its huge (and incompatible) VMs.
:-((((

> > Creating a perfectly secured Unix system is equally extremely hard.
> 
> Never said it is easy, but in case of Windows it's sometimes impossible.

Hm.  I have no such deep knowledge but usually the stuff goes anyway by
having a separate FW and then the server...  On different machine.

> > It is not enough on Windows NT to be an ordinary user to do a crack.
> 
> I only was an ordinary user, which was enough to run a crack.

Yep, w/o the latest SP (was it 5??) for NT4 it was possible.  _If_ you
were sitting next to it.  Still, it is _very_ rare that a simple user
can sit next to an NT Domain Controller and start whatever he wants. 
And if you can crack into an NT workstation...  It is still possible
that the IT guys on the wire get alarm about every admin login :-)))

> > You don't even seem to know the diff between hack and crack...
> 
> | A hacker is a clever programmer.  A "good hack" is a clever solution to
> | a programming problem and "hacking" is the act of doing it.
>         - Source: "The New Hacker's Dictionary"

And the best is: Bill Gates is (_was_) a hacker. :-)))

> To hack a system means to
> 
> | A cracker is someone who breaks into someone else's computer system,
> | often on a network; bypasses passwords or licenses in computer programs;
> | or in other ways intentionally breaches computer security.
>         - Source: "Whatis.com"
>
> But in IMHO that's not quite correct. Hackers also break into computer system,
> just without malicious intentions and without doing any harm to that system.


Yep, let's take the nice example of the calls I get at least twice each
year: Attila, do you remember the supervisor password of the Novell at
Jaszwhatever?  No I say, no.  But since the console isn't locked use the
cracker NLM and you will get the password supervisor and can go in.
:-)))  Now that is hacking (altough I did not write this NLM).  People
lost their password and you still need to open up the system.  But the
act of using this NLM is a crack, I even hear the sound as the Novell
nut cracks :-)))

> Hackers are often confused with crackers. Uninformed users usually use "hacking
> a system" as synonym for breaking into a system from an external source (via
> network) and "cracking a system" as synonym for manipulating software on that
> system or circumventing security mechanism within the system. But in fact
> that's not really correct. Actually both is cracking.

Yep, I agree.

> > And on (a well secured) NT it is not enough to get in as an
> > ordinary user to crack it.  Same as with Unix. :-)
> 
> But the problem is that the majority of WinNT system are a lot less secured
> than UNIX system, simply because everyone can administrate a WinNT system (or
> at least everyone believes that). And when there's a problem with some software
> on your WinNT system (e.g. third party software), you don't have to possibility
> to look at the source code, fix it and then recompile it.

Yes, it is the fact.  Some crackers in Hungary were fed up with it and
cracked all the major ISPs in one day and placed a deface listing what
SPs and hotfixes they did not install.  But... there was Linux included,
too.  Plain, outofthebox sth.

> Not to mention that the user right settings are very problematic on WinNT. In a
> really secure system, users don't have enough rights for most tasks what leads
> to problems (as I was once told by a company: "We can't use WinNT, because then
> we would have to give all users full access and that would destroy any security
> concept. Without that all software would have to get rewritten.").

Aha.  I have never met this problem but yes.  Windows programming is
like football, raising children and politics.  Everyone thinx they know
how to do it... and they do.  At least a badly configured NT will not
start to shoot its schoolmates. :-(((

> <snip>
> 
> > Not really.  Windows code is seen by thousands before release.  The fact
> > you were not invited to this circle of privileged non-MS people does not
> > mean it does not exist.
> 
> But that's exactly the problem: MS choose a few privileged who can see their
> code (and they aren't allowed to edit it, just having a look!). Despite that
> this isn't valid for all their code.

Hm.  Secrecy can be good or bad.

> So the quality of this "code viewing" depends a lot on "who MS chooses" and how
> many. I still say that more people see UNIX code than MS code (I won't even
> mention LINUX here, what is seen even by normal users). And the people who are
> really interesting (hackers and crackers) will not be able to inspect the code
> of Micro$oft and point out possible problems.

Maybe, maybe not good that many can see the source.  You _never_ know
that a guy seeing it and finding something (which has about 1E-10 chance
w/o the soruces) will turn to you or start dialing and make some
money...

[SNIP]
> Yes and wanna bet that I can find someone who can crack such a terminal in less
> than two hours. I bet if this terminal would run with Linux or maybe with
> FreeBSD that wouldn't be that easy.

And?  You have cracked the terminal.  So you can start up the UNIX/VAX
terminal window and try to log in :-)))

> The terminals at central station also run with Windows and guess how many
> pictures I've already seen where those terminals show a "blue screen"?

Blue Screen cannot come from user SW.  That NT runs on a faulty or
non-supported HW or uses a badly written driver.  Do any of this with a
UNIX and will get the same, but called kernel panic.

> One of my friends is working in a computer company, which are offering and they
> run a WinNT web server and he told me that it crashes at least once a month,
> usually more often. The Solaris server at our university is now running for
> years and it never crashed even once. It only was rebooted to add new hardware.

Than you must have a real good luck.  I use Solaris here and I know what
I am talking about :-)))  Reboot is once per day on a test machine where
"badly behaving" SW can run.

> If VMS is really as secure as you always say, it should be no problem to limit
> access rights of the JVM via system configuration in such a way that it can't
> cause any damage to the system. Despite that you can also write your own
> Security Manager for Java and that way further limit access rights.

I have no problem with the security manager, I have problem with the
Java VM code.  It isn't "old enough" and mostly not open source to
convince a security-fanatic.  There is one guy in Hungary, working for
Westel (mobile operator).  There is no Java running on anything what
people can access from the outside world. :-)))

> >> Again, I never said that UNIX is used in all the places you described above.
> >
> > You implied.
> 
> I did not, I just said Windows ins't used there.


Not as server, this is sure.  But I also have seen bank which used
CA-Clipper solution and a BBS for credit card handling :-)))

> My post is about the fact that every user should be free to chouse his/her
> favorite OS according to his her personal needs and nobody should be forced to
> accept the flaws of a certain OS, just because some shit-head programmers left
> him/her no other choice.

That is right.  And I would say also that no shit-had programmer should
be forced to write cross platform code if he cannot.  For the Alaska
guys (real good guys) it took years to create the first decent version
of XBase++ for Windows (NT).  They were OS/2 programmers mainly.  I
would rather use a "Solaris only" thing here working than a "portable"
stuff which in turn bound to 1111 GNU things (gawk etc.).  But that is
not the point.  The point is that small businesses will never be able to
do the first versions of their product to be fully portable.  I am
talking about GUI stuff.  Of course if they do Java and their customer
base can support such HW requirements as: min. 1GHz Pentium III and 2
buckets of memory...

> >>> And about Windows being a shit: Just try to look around and find a
> >>> portable async gethostbyname or a standard gethostbyname_r for
> >>> Unices...  Good luck.  BTW you can find numerous workarounds which fail
> >>> in numerous environments.
> > >
> > > And the fact that this function (which I personally have never needed up to
> > > now) doesn't exist on UNIX is the proof that Windows isn't shit? Funny, but
> > > that makes no sense to me.
> >
> > Did I say it exists in Windows?
> 
> No. Did I?

No.  We did not say anything :-)))  BTW it does exist on Windows.  The
only "good" point which I like in Win and _very_much_ miss in Unix is
the messaging opportunity.  Unix has few signals, and that's it.  Sad.

> But I know that async gethoutbyname exists in Windows.
> (I'm doing my homework before replying to a post)

:-)))  Maladyetz

> UNIX is very stable (when not using BETA versions). A crashed thread usually
> won't take down the whole system, what happens pretty often in Windows
> (especially when a hardware driver crashes). Linux is even better here. I can
> even intentionally crash hardware drivers and the system survives it (as long
> as I don't crash drivers that the system needs to survive.

:-))))  So Solaris 7 is apparently not UNIX. :-))  It does not crash
usually, simply stops working.

> And UNIX is very well though out, an easy concept that is strictly upheld. It's
> like a house build out of LEGO blocks, with clear data paths. Windows is rather
> like throwing all blocks into a back, shaking it twenty times and throwing them
> onto a table. Data paths are very unclear to normal users.

Yep, Windows, it's registry, it's changing (screwed up) APIs, renamed
and dumped concepts etc are awful.  Still: I very much miss the good
message system under UNIX. :-)))

>  I admit, you need more knowledge to be a UNIX admin than being a Windows admin
> (Windows hides its chaos behind a neat, easy to use GUI), but as UNIX admin you
> also have a lot more power over the system. And that makes Windows more
> insecure, because users often aren't able to see security holes until it's too
> late.

I would say to be a _good_ NT admin is not easier than being a UNIX
one...  Only thing is that this kind of guy is rare :-))

> There is no absolute security, it's always just relative.
> (How was that? "A PC is only secure when you cut all cables, lock it into a
> safe and sink it in the middle of the Atlantic.")

Hm.  Even than, if you don't have the latest service packs and security
fixes.... :-))

> If 20% of your other market is mainly using 4 other platforms and you aren't
> able to server all of them, you might have the wrong job.
> And your boss might also have the wrong job, because if I were your boss, I'd
> look form someone who's able to server 95% of the market.

May be.  And maybe you can get the 80% of the market if you are out with
a solution in 2 month.  And spend the next 2 for the other platforms...

> Why? What are you developing that the Linux, OS/2, MacOS, BeOS, AIX, HP-UX,
> Solaris, BSD, FreeBSD and the users of over 50 other OSes aren't interested in?
> And how do you know, have you asked every single user on this planet?

Nope.  I did not.  Let's say I design a very system specific thing, an
internet dialer for example. :-)))  Let's not go into this.  Everyone is
on his own to decide whether it is feasible to make 1st release cross
platform or not.

> Java itself runs on all those systems and it's offering enough elements for
> your GUI. Swing is offering enough elements to write your own MS Office.
> Only mouse wheel support is currently missing, but Java1.4 will also add mouse
> wheel support (right now I'm just playing around with the BETA version).

Yes.  Still: I have been working with a guy using Java from it's
birth... and I did not hear many good things about VM portability,
performance etc.  Max. size still working (talking about normal WS) Java
applet was around 70K.  Then performance degraded so much, that is was
useless.

BTW I wanted to use Java, I have even installed it.  But with my 64M
PII266 notebook it took 3 minutes to open a source file in the
Forte...   Thx.

> Despite that, you can write 90% of your application in Java and then add the
> missing 10% via C++ or even native assembler code (for speed reasons or to add
> special OS features that Java doesn't support at the moment). That has the
> advantage that you always only need to rewrite 10% of your application for
> every new platform. And platforms you don't support directly can still use your
> application, in that case just without those special features or without the
> additional speed boost.

Yep.  And have a customer with Crays on every desktop if they want speed
:-(((

> For C++, try using Qt.
> It exists for:
> - AIX
> - BSDI/OS
> - DG/UX
> - HP-UX
> - Irix
> - Linux
> - OS/2 (but only with an installation of XFree86)
> - QNX
> - SCO UNIX
> - Solaris
> - Tru64
> - Windows 95
> - Windows 98
> - Windows NT and 2000

Tried.  They don't have an unlimited trial version for Win and I have no
way now to install a Linux at home. :-(((

> I think there's even a Palmtop version, maybe other embedded systems will
> follow. This will make your GUI run-able on quite a lot of platforms in native
> speed, with lots of features (like "skin support"). The free version is of
> course limited (I think no 3D support, no network and IO libraries), but a
> company that plans to increase their market by 15% of users might as well pay
> for the commercial version.

Qt is great is what I have heard.  I wanted to learn it, but no bonus. 
If I get a 30 days trial I may have 2 days when I can really look at it
:-(((

[SNIP]

> For what a C++ programmer needs 3 hours is done in one hour by a Java
> programmer, not to mention that Java is more than 200% easier to debug in case
> of errors. Don't forget you can use Java also server side and there you are
> free to use the latest version of it.

Yep.  And I am also free to see 1 unhandled exception per minute - at
least with the Java apps I have tried to use. :-(((

> You are even allowed to bundle a JRE (Java Runtime Environment) with your Java
> application, meaning the target PC doesn't even need to have an installation of
> Java.

Yep.  First I gave up trying to use Java when I have installed the the
JRE and it crashed my whole Windows 95.  I had to reinstall.

> And depending on task, other programming languages are even more efficient than
> Java. A single line of code in some programming languages will do more than 20
> lines of Java, which usually are better than 60 lines of C++.

I know one Online Casino SW and it is written in Clipper with Clip4Win
:-)))   They believe they can port it to Java...  I still wait to see
the first version which runs in less than 128MBs with acceptable speed.
:-)))

> China, one billion people. Computer shops in China sell Linux 200 times more
> often than Windows. The Chinese government plans to increase the usage of Linux
> even more (they don't trust Micro$oft, open source rules, as they can make sure
> there's no spyware inside). BTW downloaded distributions aren't counted here.

Why don't they trust MS? :-)))  I cannot imagine...

> You must watch beyond your limited horizon or one day this attitude will break
> your neck (or the neck of your company). Others will jump into that gap and
> then they will have the market you never had as well as parts of the market you
> _do_ have.

I program on Solaris and will port to Linux withing few month.  :-)))  I
am not a "Windows only guy".  There are still things which I like (love)
from Windows and hate in UNIX and vice versa.

> If you only want to provide your software *locally* you are limited your market
> in two ways (only users of a certain OS and only within one area). What's next?
> Only users with a specific first name?

:-)))  Don't get that far.  If one can develop a package for small
businesses using MS SW (Program next to Office?) in few weeks and sell
it, why not???  The same design (I mean the UML or whatever) can then be
used to make the Linux (Unix) version of it, probably based on some
other stuff...  There can be many cases in business and I am quite sure
you don't know them all - like me.

> Over web means inside a webpage, IOW inside the browser.
> So either within a plugin, server-side or Java.

Or ActiveX or C# :-))))  (Just kidding)

> Why should 3d access "over web" to a database be limited to x86 or Windows
> users? Why can't it be for everyone? Why aren't people in China allowed to use
> it? Because you believe that you can save 5 minutes through a win-only solution
> (what is not even true)?

Windows NT is not limited to x86...

About China - you should ask their government.  They filter the Web
:-)))

> > Online application is not necessarily "within the browser".  "Withing
> > the browser" is Java, ActiveX or C# or goodbye.
> 
> C# ????
> My browser doesn't run C#, not even my system as a whole can run C#.
> No system which I ever was using during my whole life was able to run C# up to
> now.

Yes.  And you could say the same when Java was new :-)))  Anyway I could
trust Java more if it would be a standard language like C++ and Sun
would have less influence on it...

> And ActiveX...come on, ActiveX is the same as installing a browser plug-in,
> there's no difference (there is for the programmer, but not for the user). So
> you can as well use any other kind of plug-in.

Yeppp.

> > Java is still a very unstable
> 
> Hasn't crashed my PC a single time and I use it daily.
> I currently develop exclusively in Java and my programming IDE is written
> itself in Java. Everything always runs fine and I have no idea what you mean by
> unstable.

How much memory?  512Ms?  Just curious.  What CPU?  What speed?

> > and unsecure stuff where VMs are incompatible etc.
> 
> VMs aren't incompatible in general (leaving bugs aside).
> I always test my software on at least 5 different platforms and never ran into
> a single problem.

Hm.  U R a lucky one or you do totally different task than my friend
was...

[SNIP]

> But better supporting only a few platforms (5 to 10) than supporting only a
> single platform. You will never be able to support every platform that exists,
> but limiting your solution to a single platform right from the start (for
> reasons that you weren't even able to make clear up to now) is certainly no
> good approach towards a solution.


Yep, U R right.  Probaly with right decoupling the client/server tasks
you may support more client OSs with less effort...  Of course, you will
have a different GUI for a Java 1.1 only beard-trimmer :-))

A



More information about the Python-list mailing list