[lug] SELinux

George S. georges at mhsoftware.com
Mon Jan 29 16:26:17 MST 2018 


On 1/28/2018 10:04 PM, mad.scientist.at.large at tutanota.com wrote:
> that's just one more reason not to write things in java.  if i were 
> "enterprise" i'd probably be doing the writing in a real language, for 
> most things i hate interpreted languages, they are slow, slow, slow if 
> doing any real work.  But i do see you're point, considering how "HOT" 
> java is.  I mean the whole point is security, using java is hardly 
> helpful in that pursuit, but i know you have to give the customer what 
> they want.

There are some common misconceptions repeated here. First, Java and C++ 
don't have significantly different performance profiles. While you can 
certainly find cases or programs where C++ is faster, in general there's 
not a significant difference by time the JIT gets involved. Also, 
shipping is perhaps the number one feature. Java, because of it's strong 
type checking, garbage collection, and lack of constructs like pointers 
helps you get apps out the door faster. Here's one of many comparisons, 
they're only worth so much, but here you go:

http://blog.cfelde.com/2010/06/c-vs-java-performance/

Practically speaking, the kinds of apps I write (Cloud SaaS web 
applications) spend significant amounts of time waiting on the database 
for query results. If I optimize a loop from .01ms to .001ms, but my 
query still took 100ms to execute, then guess what my perceived 
improvement will be?

As far as real work goes, I run a cloud SaaS web app on an 8 core server 
w/ 96GB of RAM. I'm running 700 virtual hosts per server, and doing over 
a million hits a day per server and the server is running in the 2-3% 
CPU utilization range. Also, many of the bigger sites on the web run 
under Java. Things like HomeDepot.com, ikea.com, and others.

As far as security goes, it's my humble opinion that a language without 
pointers is just going to be inherently more secure. There are so many 
ways you can hose yourself in C++ that's just not possible in Java. It's 
practically trivial to overflow a pointer in C++ to cause memory 
corruption. The only similar attacks in Java (if I remember correctly) 
involve diddling byte code and getting the JVM to execute diddled byte 
code. That's pretty hard. Similarly, it's pretty hard to leak memory in 
Java. Not impossible, but pretty darn hard. In C/C++ it's hard NOT to.

I've been programming since 1983 and languages have included 6502 
Assembler, Basic, Lisp, Pascal, C/C++, xBase (Clipper, FoxPro), 
Javascript, Java, C##, and some weird languages no one has ever heard 
of. Along the way, I've used Oracle, DB2, Sybase SQL Anywhere, SQL 
Server, MySQL, PostgresSQL, Apache Derby, Access, xBase, and probably 
some other databases I've long since forgotten. In my experience, for 
the kinds of apps that I've written over the years, I just haven't found 
anything that's more productive than Java. The only thing that was close 
was FoxPro. It really was an awesome tool for creating mid-range desktop 
database applications.


>
> Yes, i will learn it as it's another usefull layer for security in 
> depth.  I also plan to run multiple, different firewalls (banking 
> industry standard, for web access is 3 layers of fire wall from 
> different vendors, last i heard anyway).
>
> mad.scientist.at.large (a good madscientist)
> -- 
> God bless the rich, the greedy and the corrupt politicians they have 
> put into office.   God bless them for helping me do the right thing by 
> giving the rich my little pile of cash.  After all, the rich know what 
> to do with money.
>
>
> 28. Jan 2018 21:16 by zlynx at acm.org <mailto:zlynx at acm.org>:
>
>     On 1/28/2018 4:11 PM, mad.scientist.at.large at tutanota.com
>     <mailto:mad.scientist.at.large at tutanota.com> wrote:
>
>         the defaults in centos 6.9 (run by RH) enables many dangerous
>         options by default, like executing code in the heap or memory
>         shared with variables and program,
>
>
>     You cannot run Java applications without those things. Just try
>     being "enterprise" without Java.
>     _______________________________________________
>     Web Page: http://lug.boulder.co.us
>     Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>     Join us on IRC: irc.hackingsociety.org port=6667
>     channel=#hackingsociety
>
>
>
> _______________________________________________
> Web Page:http://lug.boulder.co.us
> Mailing List:http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

-- 
George S.
*MH Software, Inc.*
Voice: 303 438 9585
http://www.mhsoftware.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20180129/ff84cdb2/attachment.html>

More information about the LUG mailing list