best language for 3D manipulation over web ?

[TGOS]

On Mon, 04 Jun 2001 08:09:57 +0300, Attila Feher <Attila.Feher at lmf.ericsson.se>
wrote:

> TGOS wrote:

<snip>

>>> Just to inform you: the worlds easiest to hack and crack systems are the
>>> UNIX systems.
>> 
>> That's absolutely incorrect.
> 
> That is _absolutely_ correct.  There is no system like unices, full with
> security holes.

Look, I'm no cracker. I have very little knowledge about how to corrupt a
system, but on my university I'm trying to get root rights for two years now,
without anything even close to success. On a WinNT system of a company (for
that I was doing some network installation is part time job), it took me less
than 24h.

> Crackers _does_ start on unices, the easiest to crack
> systems.

All crackers I know started with Windows, because they say that hacking a
private Windows system is a lot more interesting than getting access to most
UNIX systems. Especially when hacking Win9x, as once you are in, there are no
security mechanisms anymore.

If you take a look at hacker-pages on the WEB, you'll get hundreds of tools
that corrupt Windows systems (DoS, Nukers, password file cracker, backdoor
access software, etc.) and not even a handful of those tools for UNIX. IOW
everyone can crack a Windows system (even people who don't have the knowledge),
because there are easy to use tools that will do all the work for you.

>  If you think they start on VMS, you are alone.

So are you trying to say that VMS is so secure because it's an unknown system?
Could it be the case, that VMS isn't as secure as you (and many other people
believe) and it's just doesn't get hacked because there are way too little
hackers who try it? How secure a system really is will only get proved if there
are thousands of hacker who try to hack it daily. Since that seems not to be
the case for VMS, you can't make any predictions regarding its security

Despite that, I certainly won't claim that UNIX is more secure than VMS, since
I don't know enough about this system. If VMS main goal during development was
to make it as secure as possible, it's most likely more secure than UNIX,
Windows, Linux and some other systems. Therefor I'm sure it has other
disadvantages.
 
> The Unix systems are _designed_ to be wide open.

Usenet was designed for text messages, but it gets used for binary exchange as
well. In reality it plays no role for what something was designed, but rather
for it is used. There are thousands of examples where things are used for
completely different purpose than for what they got designed.

> So you _do_ need an expert to close them.

I see, something we can both agree to.
And those experts are named "UNIX system administrator".
Who is hiring a UNIX system admin without the necessary qualification has a
problem, that's no secret.

> Not such with VMS.

I don't know why you always have to mention VMS (probably you are working for
Compaq), but  this discussion isn't about which system is more secure, it's
about cross-platform solutions versus single system solutions. Despite that,
since POSIX was added to VMS, it became a lot similar to UNIX and there's even
a GNU project for VMS.
 
> Creating a perfectly secured Unix system is equally extremely hard.

Never said it is easy, but in case of Windows it's sometimes impossible.
 
> It is not enough on Windows NT to be an ordinary user to do a crack.

I only was an ordinary user, which was enough to run a crack.
 
> You don't even seem to know the diff between hack and crack...

| A hacker is a clever programmer.  A "good hack" is a clever solution to
| a programming problem and "hacking" is the act of doing it.
	- Source: "The New Hacker's Dictionary"

To hack a system means to 

| A cracker is someone who breaks into someone else's computer system,
| often on a network; bypasses passwords or licenses in computer programs;
| or in other ways intentionally breaches computer security.
	- Source: "Whatis.com"

But in IMHO that's not quite correct. Hackers also break into computer system,
just without malicious intentions and without doing any harm to that system.

Hackers are often confused with crackers. Uninformed users usually use "hacking
a system" as synonym for breaking into a system from an external source (via
network) and "cracking a system" as synonym for manipulating software on that
system or circumventing security mechanism within the system. But in fact
that's not really correct. Actually both is cracking.

> And on (a well secured) NT it is not enough to get in as an
> ordinary user to crack it.  Same as with Unix. :-)

But the problem is that the majority of WinNT system are a lot less secured
than UNIX system, simply because everyone can administrate a WinNT system (or
at least everyone believes that). And when there's a problem with some software
on your WinNT system (e.g. third party software), you don't have to possibility
to look at the source code, fix it and then recompile it.

Not to mention that the user right settings are very problematic on WinNT. In a
really secure system, users don't have enough rights for most tasks what leads
to problems (as I was once told by a company: "We can't use WinNT, because then
we would have to give all users full access and that would destroy any security
concept. Without that all software would have to get rewritten.").
 
<snip>

> Not really.  Windows code is seen by thousands before release.  The fact
> you were not invited to this circle of privileged non-MS people does not
> mean it does not exist.

But that's exactly the problem: MS choose a few privileged who can see their
code (and they aren't allowed to edit it, just having a look!). Despite that
this isn't valid for all their code.

So the quality of this "code viewing" depends a lot on "who MS chooses" and how
many. I still say that more people see UNIX code than MS code (I won't even
mention LINUX here, what is seen even by normal users). And the people who are
really interesting (hackers and crackers) will not be able to inspect the code
of Micro$oft and point out possible problems.

> You put it as a favour to UNIX!

I'm not in favor for UNIX.
I say that UNIX is better than Windows in many cases, but I don't say that it's
perfect. I personally am no defender of the idea that the whole word shall
start using UNIX, I only pointed out that a lot of people are using UNIX right
now.

> Implying that UNIX is.

Never argue on the base of what people might imply, you can only argue on the
base of what they are saying.
 
>> PLEASE, don't put words into my mouth that I never used!
>> I suggest you read my post a second time.
> 
> Don't be a politician!!!  You know if I start defend UNIX based on that
> Windows _is_not_ secure (WHICH ONE?????) than people automatically think
> UNIX is.

What people think and what I say are two pair of shoes.

> You imply that Unices are used in banks and secure places
> which is not true either, at least not for most.

I never said so. Not in this post and not in my last two posts.
To repeat myself: I only said that Windows is NOT used there.

> Yes. Your whole post was a defense of Unix (Linux) with comments about
> why Windows is bad.

My post wasn't a defense of UNIX. My post was just pointing out that plenty of
people don't use Windows and they have good reasons why they don't use it.

> BTW I have not seen any airport where the terminals were non-Windows...

Yes and wanna bet that I can find someone who can crack such a terminal in less
than two hours. I bet if this terminal would run with Linux or maybe with
FreeBSD that wouldn't be that easy.

The terminals at central station also run with Windows and guess how many
pictures I've already seen where those terminals show a "blue screen"?

One of my friends is working in a computer company, which are offering and they
run a WinNT web server and he told me that it crashes at least once a month,
usually more often. The Solaris server at our university is now running for
years and it never crashed even once. It only was rebooted to add new hardware.

>> And speaking about cross-platform development:
>> OS/2 is a very good Java platform. I don't know anything about VMS, but it's
>> certainly not impossible to port a Java Virtual Machine for this system as
>> well.
> 
> No.  And I guess it exists.  And I guess it is a security risk as all
> Java VMs are.

If VMS is really as secure as you always say, it should be no problem to limit
access rights of the JVM via system configuration in such a way that it can't
cause any damage to the system. Despite that you can also write your own
Security Manager for Java and that way further limit access rights.
 
>> Again, I never said that UNIX is used in all the places you described above.
>
> You implied.

I did not, I just said Windows ins't used there.
 
>> I never did that, you are currently doing that because you assume ... well, I
>> have no idea what you are assuming.
> 
> What your post was about. :-)

My post is about the fact that every user should be free to chouse his/her
favorite OS according to his her personal needs and nobody should be forced to
accept the flaws of a certain OS, just because some shit-head programmers left
him/her no other choice.
 
>>> And about Windows being a shit: Just try to look around and find a
>>> portable async gethostbyname or a standard gethostbyname_r for
>>> Unices...  Good luck.  BTW you can find numerous workarounds which fail
>>> in numerous environments.
> > 
> > And the fact that this function (which I personally have never needed up to
> > now) doesn't exist on UNIX is the proof that Windows isn't shit? Funny, but
> > that makes no sense to me.
> 
> Did I say it exists in Windows?

No. Did I?

But I know that async gethoutbyname exists in Windows.
(I'm doing my homework before replying to a post)

> _If_ you never needed it how do you know by hearth it does
> exists as a service in WinSock and does not in Unix???

You said "find [...] for Unices", so I went to Google and started searching for
it. And I found an async version working with multiple threads for UNIX/Linux
systems. But I'm sorry, I haven't bookmarked the link.

>> 1) I never said that UNIX is better than Windows (correct me if you can!), I
>> only said that Windows is unstable, insecure and not very well thought out.
> 
> Just like Unix in general.

UNIX is very stable (when not using BETA versions). A crashed thread usually
won't take down the whole system, what happens pretty often in Windows
(especially when a hardware driver crashes). Linux is even better here. I can
even intentionally crash hardware drivers and the system survives it (as long
as I don't crash drivers that the system needs to survive.

And UNIX is very well though out, an easy concept that is strictly upheld. It's
like a house build out of LEGO blocks, with clear data paths. Windows is rather
like throwing all blocks into a back, shaking it twenty times and throwing them
onto a table. Data paths are very unclear to normal users.

 I admit, you need more knowledge to be a UNIX admin than being a Windows admin
(Windows hides its chaos behind a neat, easy to use GUI), but as UNIX admin you
also have a lot more power over the system. And that makes Windows more
insecure, because users often aren't able to see security holes until it's too
late.
 
>> 2) I never said that UNIX is secure, neither in my last post nor  in this post.
> 
> You implied

There is no absolute security, it's always just relative.
(How was that? "A PC is only secure when you cut all cables, lock it into a
safe and sink it in the middle of the Atlantic.")
 
<snip>

> Yep, U R right in that.  Only disadvantage is if your market size for
> Win32 platforms is the 80% of your market and you spend too much time to
> serve 15% of the rest (you will never have a fully PI SW) and so you
> loose that whole 80%, too.

If 20% of your other market is mainly using 4 other platforms and you aren't
able to server all of them, you might have the wrong job.
And your boss might also have the wrong job, because if I were your boss, I'd
look form someone who's able to server 95% of the market.

> All I was pointing out is that a Windows solution might cover 60-90% of
> your existing market.

Why? What are you developing that the Linux, OS/2, MacOS, BeOS, AIX, HP-UX,
Solaris, BSD, FreeBSD and the users of over 50 other OSes aren't interested in?
And how do you know, have you asked every single user on this planet?

<snip>

> Business logic can be portable easily.  GUI.... maybe if it is HTML
> based...

Java itself runs on all those systems and it's offering enough elements for
your GUI. Swing is offering enough elements to write your own MS Office.
Only mouse wheel support is currently missing, but Java1.4 will also add mouse
wheel support (right now I'm just playing around with the BETA version).

Despite that, you can write 90% of your application in Java and then add the
missing 10% via C++ or even native assembler code (for speed reasons or to add
special OS features that Java doesn't support at the moment). That has the
advantage that you always only need to rewrite 10% of your application for
every new platform. And platforms you don't support directly can still use your
application, in that case just without those special features or without the
additional speed boost.

For C++, try using Qt.
It exists for:
- AIX
- BSDI/OS
- DG/UX
- HP-UX
- Irix
- Linux
- OS/2 (but only with an installation of XFree86)
- QNX
- SCO UNIX
- Solaris
- Tru64
- Windows 95
- Windows 98
- Windows NT and 2000

I think there's even a Palmtop version, maybe other embedded systems will
follow. This will make your GUI run-able on quite a lot of platforms in native
speed, with lots of features (like "skin support"). The free version is of
course limited (I think no 3D support, no network and IO libraries), but a
company that plans to increase their market by 15% of users might as well pay
for the commercial version. 

>> It means developing a base version that can run everywhere and then only
>> fine-tune this base version for different systems. That's cross-platform
>> development.
> 
> There is no such thing.  If you believe in that...  Maybe for very
> simple applications where it is enough to use what the GUI meant 10
> years ago.

Nonsense. What kind of GUI element do you intent to use that Java doesn't
support? Java has even build-in anti-aliasing, alpha transparency and texture
support. Also build-in support for common picture formats and HTML rendering.

That's additional to all the GUI elements Swing provides. Those are at least as
many as you will find in Visual C++, if not even more:
- Buttons
- Borders
- Boxes
- CheckBoxes
- ColorChooser
- ComboBoxes
- DialogBoxes
- InternalFrames
- Labels
- Lists
- Menus
- Panels
- PopupMenus
- ProgressBars
- RadioButtons
- ScrollBars
- Seperators
- SlideBars
- Tables
- TextAreas
- TextFields
- TextPanes
- ToolBars
- Trees
- Windows

Also the predefined Windows exist, like FileChooser, as well as some other I
forgot to mention and non-GUI stuff  (like Timers). And every element currently
exist in three versions (Windows, Metal and Motif ... others like Macintosh may
follow in future Swing versions) and you can switch between those different
versions on the fly and even implement own versions, e.g. simply use a picture
for every element (so your applet can have a full skin support).

>> To get back to your question: Would the casino SW developers also survive when
>> creating software that can run on Windows, Linux, Solaris, Irix and OS/2?
>> Certainly! Maybe even better than they are doing right now.
> 
> Certainly not.  They would be about to finish the first beta version of
> their SW, when the market is already shared between the players.

For what a C++ programmer needs 3 hours is done in one hour by a Java
programmer, not to mention that Java is more than 200% easier to debug in case
of errors. Don't forget you can use Java also server side and there you are
free to use the latest version of it.

You are even allowed to bundle a JRE (Java Runtime Environment) with your Java
application, meaning the target PC doesn't even need to have an installation of
Java.

And depending on task, other programming languages are even more efficient than
Java. A single line of code in some programming languages will do more than 20
lines of Java, which usually are better than 60 lines of C++.

<snip>

> Why not?  Because the market compared to the Windows one (depending on
> your area) might be too small or too far to be worth the effort.  Same
> thing can happen for areas where Windows users have no need but Unix
> users/systems.

Look:

China, one billion people. Computer shops in China sell Linux 200 times more
often than Windows. The Chinese government plans to increase the usage of Linux
even more (they don't trust Micro$oft, open source rules, as they can make sure
there's no spyware inside). BTW downloaded distributions aren't counted here.

You must watch beyond your limited horizon or one day this attitude will break
your neck (or the neck of your company). Others will jump into that gap and
then they will have the market you never had as well as parts of the market you
_do_ have.

If you only want to provide your software *locally* you are limited your market
in two ways (only users of a certain OS and only within one area). What's next?
Only users with a specific first name?

To not loose the topic (as I think you are completely losing the point of this
discussion), take a look at the subject of this post:
"3D manipulation over web"

Over web means inside a webpage, IOW inside the browser.
So either within a plugin, server-side or Java.

Why should 3d access "over web" to a database be limited to x86 or Windows
users? Why can't it be for everyone? Why aren't people in China allowed to use
it? Because you believe that you can save 5 minutes through a win-only solution
(what is not even true)?

> Online application is not necessarily "within the browser".  "Withing
> the browser" is Java, ActiveX or C# or goodbye.

C# ????
My browser doesn't run C#, not even my system as a whole can run C#.
No system which I ever was using during my whole life was able to run C# up to
now.

And ActiveX...come on, ActiveX is the same as installing a browser plug-in,
there's no difference (there is for the programmer, but not for the user). So
you can as well use any other kind of plug-in.

> Java is still a very unstable

Hasn't crashed my PC a single time and I use it daily.
I currently develop exclusively in Java and my programming IDE is written
itself in Java. Everything always runs fine and I have no idea what you mean by
unstable.

> and unsecure stuff where VMs are incompatible etc.

VMs aren't incompatible in general (leaving bugs aside).
I always test my software on at least 5 different platforms and never ran into
a single problem.

>  ActiveX is Windows only.

ActiveX means that the browser downloads and installs a plug-in which then is
controlled by script code within the page. Then you can as well offer a real
plug-in and you can write that for more than one platform (Flash exists for
UNIX, Linux and MacOS for example).

But of course Java will save you a lot of work here.

>> The cross-platform solution is there, all you need to do is using it!
> 
> I have been working together with _the_ Java evangelist of Hungary, who
> was been using, promoting, supporting Java, making large systems for all
> the years Java existed.  If you believe in effortless Java code
> portability, you did not work enough with Java... esp. between different
> VMs.

All Java code that I was using up to now did at least run on:
Win98, WinNT, Linux, Solaris and Irix.
(I don't have access to more platforms, otherwise I would test it on those
platforms as well)

If it will work in a cell phone with Java support is questionable, but such
already a way too specific devices. A set top box for your TV will maybe not
have a problem if it supports the correct Java version.

But better supporting only a few platforms (5 to 10) than supporting only a
single platform. You will never be able to support every platform that exists,
but limiting your solution to a single platform right from the start (for
reasons that you weren't even able to make clear up to now) is certainly no
good approach towards a solution.

-- 
TGOS