OSNews

And you’d rather Apple choose which Apps are “secure” and which ones are not?

I’d rather have all this stuff in the open where anybody can prod and poke it and _find_ and _reveal_ the real security holes.

BTW, the recent Firefox security flaw (for which 3.6.2 was issued) was because of a lack of security testing on the font library that was pulled in, that was never designed to handle files randomly coming off the web; so the concern is definitely legitimate, but then Mozilla let that slip because of weak security testing of a new component and hopefully they will learn from that.

Oh,Hell no. I want that like I want a kick to the groin.


Just hoping that this stuff is being reviewed by security researchers at the design phase.

I think we've seen enough evidence that these reviews don't stand the test of time. It might get passed now but for sure there'll be some form of security breach with any complex technology and this is certainly going to be very complex.

Any thoughts of security in the design phase of a spec, are better than none. Nothing is perfect, but that doesn't stop anyone from doing their best.

Aha ! The same bullshit argument saying that because everybody can see the code, it's more safe.

I have a news for you, as everybody can see the code, it's also easier for a bad hacker to find security holes and don't tell anybody about what he found...

Anybody can see the code on a closed source application, also.

It's not like 'binary' is this mystical mush that is undescipherable to human-like.

Machine code, like source code... is just that: code. Removing access to the human-written source code makes things more difficult, but it does not make it even remotely impossible or impractical to find flaws in it.

It just makes it impossible and impractical to fix problems that get found unless your the original developer.

Just look at the most popular ways people's computers are hacked. Internet Explorer, Adobe Flash, Adobe Reader, etc etc... Not having the source code has not slowed anybody down much when it comes to "owning" your computer.

Yeah and you can say the same for Linux. Just as the last big security holes which was present on all linux kernel from 2.4 to 2.6 all releases ...
It wasn't faster to find the security hole which has been there since many years.

And it's much easier to read source code than binary.

If you say the contrary:
1. you are in bad fait
2. then prove it and stop using high level languages (C, C++, Python etc ...) to make your software ...

Just as the last big security holes which was present on all linux kernel from 2.4 to 2.6 all releases ...

All OSes have bugs, you know? There is not a SINGLE OS on the whole planet without a bug somewhere. And besides, Windows too has quite big bugs there but being closed source has not stopped anyone from finding them; quite the contrary, it only stops people from patching them.

There is actually a bugfree OS. I dont remember the name of the company that created it but I think it was australian. They mathematically verified it to be bugfree. It can be done by using special language semantics that makes it side-effect free (it basically means that given a set of input it will always reply with the same output). Functional programming languages like Standard ML and Haskell are very good at that.

And that is the thing; with more testing, more stress testing of technologies - hopefully the weaknesses are exposed early so they can be addressed. Take ActiveX, by itself, it is a great piece of technology but it took at least 10 years before Microsoft finally locked down ActiveX.

Oh dear Lord, did you just say active X *is* great? As the creator of many active X controls, I'd have to disagree. It *was* the best solution, when you were dealing with a MS only environment in the late 90's early 00's, but its dead Jim. And, I really think Microsoft could have done something better. It really didn't become secure, until it was obsolete because the priority of security at microsoft didn't really exist until 2004 or so.

I suppose Native Client will help those who don’t want to provide the source. It’ll be faster to boot too; I can’t see it getting adoption outside of Chrome though. The last thing Apple wants is native code being delivered outside of the App Store.

Server-side processing with output to HTML5 would do the trick. This also means that the game engine wouldn't have to be coded in javascript.

Developers would flock to such a framework because it would be cross-platform and insulted from piracy.

Or even better, cgi or .net on server side with H.264 output.

edit:

It's not good to run code on the server: imagine what if some 100 000 users want to play same time?

The best way is using java or silverlight.

Edited 2010-04-02 18:01 UTC

I think a mix is probably the best, have a client to share some of the processing but make it useless to pirate.

But if we're talking about replacing 2D iphone games a single dedicated server can handle plenty of players.

So hypothetically speaking when it comes to native code, Microsoft could have a native code back end for Microsoft Office and then the output would appear as HTML5? I remember hearing about COM support being added to Silverlight - is that the possible future, the front end being delivered to the end user via Silverlight with the native processing occurring on a server farm at Microsoft HQ?

It's hard to tell if your all being sarcastic or just being ignorant.

Microsoft has exposed the COM to expose 'native code' to the internet.

It's called ActiveX and it sucks huge donkey dick. It's just a really bad idea and causes all sorts of horrificly bad things to go on in the web.

I am sure that Chrome's 'native code' is not as horrible as ActiveX (as Google engineers are not huge f-ng morons like the ActiveX architects were), but there is no need to do anything like that.

ECMAscript is ugly and it's not fun, but it's a complete programming language that is just about as capable as any other high-level programming language anybody would care to embed in the browser.

It's now relatively fast with modern JIT compiling technics and whatnot and it's been around, in one form or another, for decades now and is supported and used by not only browsers, but a ton of different applications.

so that is why that if people had a chance to do it all over they would choose something else ecmascript is still a win for web-based applications.

That is a likely future but I doubt they would use COM. They'd probably rewrite large parts of the office engine to run on the server and then build the interface in Silverlight. It would likely be a subscription service as well.

Edited 2010-04-03 19:22 UTC

"Javascript also isn't highly valued by web developers."

That is so true. I think the issue is the level of understanding amongst web developers of what JavaScript can really do. Most don't think past DHTML.

I has taken me over 10 years of professional web development to realise how powerful JavaScript can really be.

A lot of it has been because that as web developers, we develop around the idea that web users can disable JavaScript within their browsers. The thinking has been why put effort into something you can't control?

But finally, I think, we are coming to a point where the lowest common denominator is no longer our target demographic. Viva La Web!

That is completely true, and it is also a crying shame. Modern versions of Javascript are quite powerful and there is more work being put into optimizing performance for them than virtually any other interpreted language. Most developers never see past the basic DOM model and don't really delve into the language itself - they just use it as a tool for doing DOM manipulation and thats it, more or less treating it like a macro language.

I'm not claiming it is the most beautiful language ever designed, but it does have most if not all the features needed to write code using virtually any programming paradigm you can think of (OO, procedural, functional, event driven, etc.)

I personally prefer Python, but I would have to concede that for its intended purpose Javascript is probably a better language. I have always been curious if a Python implementation of a browser scripting language could be competitive performance-wise, but from what I have seen I highly doubt it. Python is beautiful, but Javascript is practical (and fast relatively speaking).

Really man? Might want to check that twice. I'm a Web Developer, and I value Javascript highly.

Er, the video, the screenshots (which I took), and the compilation instructions, including link to the Google code site with the full source code isn’t good enough?

I mean, porting Quake II to HTML5 for real, for an April fools joke is pretty high on the effort-required scale for just a prank. Anyway, the article said that this has been under development since November last year.

I’VE PLAYED THE GAME. IN MY BROWSER. I COMPILED THE THING FROM SOURCE AND UPLOADED SCREENSHOTS.

What more proof do you want! You can go compile and play it yourself.

The reason the whole code was checked in yesterday was because it’s a public site, duh, and they wanted to hold back and not let anybody find out until they were ready.

I've made a HD video of the thing...
http://www.youtube.com/watch?v=OZR_m8pBYcU

It's not a joke.

I don't think so, but I wish we can run native x86 in the web browser.

Though being realistic I have to be pleased that at least I can run .net in the web browser.

Native Client http://code.google.com/p/nativeclient/

I don't think so, but I wish we can run native x86 in the web browser.

And lock out all non-x86 platforms, including the millions of different portable devices both those that exist already and those that will come? Wow, sounds like an excellent plan. Oh, wait..

That's why I wish we could run LLVM in the browser

Heh, just wait, someone will implement that too sooner or later!

Already being done. Portable Native Client uses LLVM bytecode:

http://nativeclient.googlecode.com/svn/data/site/pnacl.pdf

That will be awesome.

Thin clients, of course. Duh!

Reminds me, the other day I saw a guy taking notes with a hand-held lead device on a flattened, wood by-product. He was able to easily combine graphics and text, consumed very little power (totally wireless), and utilized persistent storage. I was amazed.

Did he use a graphite-based stylus or a petroleum-based one?

I think it was graphite, and it had the backspace key on the top of the stylus.

But seriously, I am a Computer Science student (over 50) with several laptops, including a netbook. Nevertheless, due to the small desks, and the mixture of symbols in the notes (e,g, calculus), I have found a good mechanical pencil and a notepad to be the best note-taking device.

However, if Apple want to send me an iPad (like they do the editors, here), I would be willing to try in out in class!

So, you’ve done how much work with JavaScript?

1. Performance of JS has increased 1000 fold in the last two years. It can be as fast as 50% native speed in some cases.

2. “Try writing a game in JavaScript". Glad you said that, because I have. Multiple times. And guess what? It’s plenty fast enough. I don’t have anything finished enough to show, but here’s something better than I can do as an example: http://www.megidish.net/awjs/

Java is dead. Silverlight will follow eventually, for the same reasons as Flash. Not everything will support it and HTML5 will allow developers to target everything in one go.

EDIT. Forget my gumpf, have you realised the idiocy of saying that JavaScript isn’t fast enough for games, when you’re commenting on a thread ABOUT QUAKE 2 RUNNING ENTIRELY IN JAVASCRIPT. Good grief.

Edited 2010-04-02 18:06 UTC

I was talking about real games such as Crysis, Assassin's Creed, Dragon Age, Grand Theft Auto and so on. Not about the next breathtaking Tic Tac Toe, Tetris and Hangman.



Java is not dead, that is just wishfull thinking on your behalf. Tell that java is dead to millions of companies and individuals who are developing and using java software. Silverlight is near anywhere as dead. Silverlight is just at the beginning.



I was talking about 2010 games, sorry if smart people like you consider idiotic anything that is less than 15 years old.

I was talking about real games such as Crysis, Assassin's Creed, Dragon Age, Grand Theft Auto and so on. Not about the next breathtaking Tic Tac Toe, Tetris and Hangman.

No one would write those in Java or Silverlight either, so your point is quite moot.

No one cared to write them in Java or Silverlight, but Java and Silverlight are much reasonable game platforms than javascript. At least since some professional games are/were written in .net, why can't they be written using Silverlight API? Add some DirectX bindings to SIlverlight, and voila, you're on your way.

What do you mean by "professional games"? People are paid to write games with JME, are they "professional games" as well?

No one cared to write them in Java or Silverlight, but Java and Silverlight are much reasonable game platforms than javascript. At least since some professional games are/were written in .net, why can't they be written using Silverlight API? Add some DirectX bindings to SIlverlight, and voila, you're on your way.

Both Java and Silverlight were designed with being overall more capable than Javascript but Javascript has been closing the gap very fast lately, and I am sorry but I just have to disagree with you.

And what has .net to do with the discussion? Does those "professional" games run in the browser across several different platforms? No? Then they have no place in this discussion.

Ummm... no?

JavaScript still sorely lacks a type system - which in turn limits the IDE's (many IDE features depend on type information being present). Also, the available libraries are nowhere near what's available for Java (not sure about Silverlight).

EcmaScript 4 had a lot of promise, but sadly got side-tracked...

Edited 2010-04-02 22:52 UTC

Well the framework isn't there yet to build those games so your point is moot as well.

When that framework is available it won't be HTML5. It will be a proprietary plug-in like Silverlight that offers more than client side Javascript.

And I’m talking about real games like Bejewelled and Farmville that have more users than those games and make just as big bucks.



Java is dead for gaming, like we were discussing, ne?



I thought we were discussing JavaScript being fast enough for games, which it is. I’ll grant you that there aren’t many games written in JavaScript because _so many developers are still hung up on IE_. But it’s not that it isn’t possible—and Quake II in HTML5 should raise eyebrows and get interest going in developing games in the browser, which I’ve known has been possible since Firefox 3.

It has nothing to do with IE. Flash and Silverlight provide a better framework for games and that would be true even if IE didn't exist. HTML5 will improve but so will Flash and Silverlight.

But Flash and Silverlight will never be on the iPad, and like it or hate it, the commercial world so, so badly wants a bit of that pie.

I think the commercial world will be sticking with the itunes store for the next few years. Cross-browser compatibility isn't everything.

But it will be interesting to see the HTML5 apps that hobby developers create. Just don't expect a web app revolution like so many claimed would happen with Ruby on Rails.

Oh, and no one told me nothing about it

http://www.runescape.com/
http://www.nordgame.com/
http://www.banghowdy.com/
http://www.gamerendering.com/Imperii/
http://www.madskillsmotocross.com/
http://ghook.speedrungames.com/

not to name all the games being developed for J2ME, Android, and all the studios now using Java/JOGL for their tools.

I concede, I'm wrong, I had forgotten Android development!

Flash has been the mainstay for cross platform gaming for a few years, and I have every reason to believe a big battle for the gaming space is now brewing. Apple are cutting off Flash in favour of Cocoa. Adobe are trying to push Flash on mobile devices. Java will always be there, as it basically always has been. Microsoft are trying to build a new lock in ecosystem with Silverlight / .NET / XNA / DirectX after their old lock in IE failed, and HTML5 will be aggravate the lot of them in the long run.

Edit: Oh—and Nintendo are seeing the first serious competition in the mobile space they’ve seen in ages. The iPhone may only represent a tangential threat to Nintendo’s market, but it has definitely lowered the price consumers expect for a game.

Edited 2010-04-02 21:10 UTC

You forgot the best www-browser based java game ever made.

Minecraft:
http://minecraft.net/

I really want HTML5 to succeed, but to be honest people have been doing games in activex/directx in IE for over 10 years. I think someone created some extensions for flash to do the same with directx as well, can't remember. You can load compiled VB or C (not the VBscript-kind) in IE through .htc-behaviours as well.

But it's all proprietary.

It's W3C which is slow, even Mozilla had a proposal for XBL-behaviours which didn't get accepted, I'm really glad we are making progress now though.

It's not entirely running in the browser, it's running on the server, like gmail. Just everything that is needed to get the visual part to the browser has been done. Just have a good look at what Google Web toolkit really does. It offloads as little as possible to the browser.

EDIT: typos

Edited 2010-04-04 10:28 UTC

They compiled the one-player mission statically. No server computation involved.

Ohh, ok, my misunderstanding I guess, but I still wonder why then run it on localhost:8080 ? Why not just dump the static code in a directory and serve it from a any webserver ?

Edited 2010-04-04 10:36 UTC

The localhost:8080 thing is because you run the dedicated server to enable multiplayer and because Quake just runs like that. Nothing is ideal here because it’s a C app that’s been ported to Java and then transcoded into JavaScript. If you were writing a game in HTML5 from scratch you certainly wouldn’t do it this way, and it could be written to run from a folder much easier

Javascript implementation can be interpreted of compiled (JITted). E.g. Chrome runs all javascript as native code.

It may be that the Canvas implementation is what's slowing things down here. With opengl, this would probably be pretty snappy.



If you are willing to go for Silverlight, you could as well go all the way and make a normal, native Windows game.

I'm not willing to go for anything since I prefer native games and I think that every software should do only one thing and do it good: the browser should display web pages, the video player should play movies, the audio player should play music and the damn games should be native.

I was just pointing that if somebody wants games to run as web applications, there are much better choices than javascript which is not meant for games or anything that has to do with performance.

Of course natively compiled code is much faster compared to interpreted code. However, Java and Silverlight don't contain natively compiled code either: their 'binaries' consist of bytecode that has to be run by a Virtual Machine, too.

Compiling source to bytecode beforehand might give Java and Silverlight a bit of a head-start, but after that the interpretation/JIT-compilation techniques are not all that different.

A difference is JavaScript is much more 'dynamic' than the typed Java/Silverlight code - the VM can leverage the typing information to perform optimalizations on Java/Silverlight, this is much harder with JavaScript

Why does everyone lump java in the same category as flash and silverlight?

Flash and silverlight are browser extensions.

Java is a full fledged virtual machine/language/api for making desktop applications as well as applications that can run in a browser. What silverlight and flash do is only a small subset of what java does.

Edited 2010-04-03 00:20 UTC

Indeed Java is more powerful than Flash/AIR.

But when Java applets and JavaFX are entering the 'web applications' arena, they will have to compete with Flash and Silverlight, and a comparison is justified. Java has an advantage for being such a full-fledged platform, but this also comes with a cost (e.g. slow start-up times).

That said, Java and Flash/ActionScript are not really in the same ballpark in terms of language maturity and availability of libraries. I'm not so sure about Silverlight: doesn't that allow you to talk to any .Net code? That would make it quite similar to Java.

Several big stock exchanges with ultra low latency and extreme performance demands are developed on Java. Java is foremost for the server, and then for the client.

No argument there - for example slow start-up times are no problem in such situations, it's throughput and fail-safety that matters. The browser/client arena is simply a whole different ballpark.

nice troll.

Completely agreed.

The WWW, The Big Regression in Computing, BRC.

Of course the cool kids here are delighted to see over ten year old crap being run in a browser. Kind of shows the current state of affairs.

And it is even funnier that all the Javascript, and Silverlight, and Flash crap comes over again. But no one questions that it is totally idiotic to put more and more crap to into WWW to begin with.

Totally. Do one thing and do it well as the saying go.

In my opinion this article just demonstrate the potency of HTML5.

Didn’t want to mess up my filesystem. I’m picky about installing stuff into the UNIX area that is too oversized and difficult to maintain and operate. Brew is just a folder and plays nicely with Apple’s layout. MacPorts is a giant dump on your drive with it’s own opinion on how to run the shop.

Fair enough. Also, I think you forgot to mention this is for Intel Macs only.