Hacker News new | past | comments | ask | show | jobs | submit | norswap's comments login

> WASM proved to be secure and JVM did not.

This is an oversimplification — there's nothing about the JVM bytecode architecture making it insecure. In fact, it is quite simpler as an architecture than WASM.

Applets were just too early (you have to remember what the state of tech looked like back then), and the implementation was of poor quality to boot (owing in part to some technical limitations — but not only).

But worst of all, it just felt jank. It wasn't really part of the page, just a little box in it, that had no connection to HTML, the address bar & page history, or really anything else.

The Javascript model rightfully proved superior, but there was no way Sun could have achieved it short of building their own browser with native JVM integration.

Today that looks easy, just fork Chromium. But back then the landscape was Internet Explorer 6 vs the very marginal Mozilla (and later Mozilla Firefox) and proprietary Opera that occasionally proved incompatible with major websites.


Yes it’s true that there’s more to the story, but also, Java really is more complicated and harder to secure than WASM. You need to look at the entire attack surface and not just the bytecode.

For example, Java was the first mainstream language with built-in threading and that resulted in a pile of concurrency bugs. Porting Java to a new platform was not easy because it often required fixing threading bugs in the OS. By contrast, JavaScript and WASM (in the first version) are single-threaded. For JavaScript it was because it was written in a week, but for WASM, they knew from experience to put off threading to keep things simple.

Java also has a class loader, a security manager that few people understand and sensitive native methods that relied on stack-walking to make sure they weren’t called in the wrong place. The API at the security boundary was not well-designed.

A lot of this is from being first at a lot of things and being wildly ambitious without sufficent review, and then having questionable decisions locked in by backward compatibility concerns.


> back then the landscape was Internet Explorer 6 vs the very marginal Mozilla

Your timeline is off by about five years. Java support shipped with Netscape Navigator 2 in 1995, and 95/96/97 is when Java hype and applet experimentation peaked.

Netscape dominated this era. IE6 wouldn’t come out until 2001 and IE share generally wouldn’t cross 50% until 2000 https://en.m.wikipedia.org/wiki/File:Internet-explorer-usage...

By the time Mozilla spun up with open sourced Netscape code, Java in the browser was very much dead.

You nailed the other stuff though.

(Kind of an academic point but I’m curious if Java browser/page integration was much worse than JavaScript in those days. Back then JS wasn’t very capable itself and Netscape was clearly willing to work to promote Java, to the point of mutilating and renaming the language that became JavaScript. I’m not sure back then there was even the term or concept of DOM, and certainly no AJAX. It may be a case of JavaScript just evolving a lot more because applets were so jank as to be DOA)


ActiveX and Macromedia Flash were also popular alternatives to Java applets. Until v8 and Nitro were available, browser-based JavaScript was not a credible option for many apps.

There's a new generation of defense contractors (Anduril, Ares) coming online that seem to promise order of magnitude improvement on the status quo.

It's good to have more options but Anduril and Ares are mostly a lot of hype. They won't achieve anything close to an order of magnitude improvement. Costs are largely driven by the laws of physics, and those are the same for everyone.

I'm honestly not informed enough to comment, but everyone seems to agree there is really bad mismanagement at Lockheed & co + the incentives as set up are truly fucked up (I remember reading on that, but don't have the source handy) and actively encourage manufacturers to pile on costs to make more profits.

If there's good R&D and first-order thinking in the mix, one order of magnitude does not seem insane to me. It's a cliche, but look at what Elon Musk has achieved, everyone said it couldn't be done, but it happened.

Ultimately other things can help, like designing new innovative form factors and cathering to a changing reality (it's doesn't make sense to shoot down 50k$ drones with 1M$ missiles).


> FTX faced no such regulation and if you sent them crypto you no longer owned it. FTX did.

This is at best only partially true, you own a claim on the underlying asset.

This is not a matter of regulation, it's a matter of your contractual agreement with FTX.

I don't know how more regulated brokers work, but I also doubt you own the asset outright, you also probably own a claim, which is why if the broker goes bankrupt because of fraud you might not recover it.

Regulation wouldn't have changed anything here: as FTX simply broke the law, which they could have done regardless of regulation & reporting requirements (e.g. WorldCom, Enron, ...).

What they did was not legal, even wrt to what regulation they were subjected to.


> you own a claim on the underlying asset

No, you're describing a secured claim. No crypto exchange I know of voluntarily gives customers a secured claim. At the moment of bankruptcy, unsecured claims are a claim on the company. Not on any asset.

> don't know how more regulated brokers work

The assets are segregated and customer claims prioritised and guaranteed by the SIPC.

> Regulation wouldn't have changed anything here: as FTX simply broke the law

None of what FTX did would have been remotely plausible if they'd been regulated as a broker-dealer. They'd have failed their FINRA audit on day one.

Not saying what they did is impossible at a regulated b-d. It would just take a lot more thought and work than the shitshow they were running [1].

[1]. https://www.bloomberg.com/opinion/articles/2022-11-14/ftx-s-...


I don't know how bankruptcy documents work, but this is not a filling, it's a general-audience article.

The truth is if you had one Bitcoin in FTX, that was worth 20k. You might have bought for more or less than that. Now it's worth 60k. You didn't get the 20k back immediately (in which case you could have repurchased the Bitcoin immediately and not lose anything).

- If you bought Bitcoin above 20k, you lost money, whereas you wouldn't have otherwise. - If you would have kept your Bitcoin, you would have 60k now. You didn't get a choice in the matter.

The problem if of course "what is money" — the thing you owned was a Bitcoin, and now you're getting back its value from back then in dollar terms. This value changed meanwhile, shocking! But quite clearly, most people would have had more money now if that hadn't happened.

So while it's possible that some people would have sold lower than 24k (it didn't stay that low very long), most people wouldn't have, and so they lost money, in the commonly accepted undertanding.

Imagine the government seized your house 10 years ago, then paid you back today its price from 10 years ago +20%. Did you not lose money?


This is such a bad faith argument.

Imagine you put up your house as an investment into some crypto exchange and the exchange goes bankrupt because it turns out they're misusing customer funds and defrauding their customers. You'll get your house back when legal proceedings are done. What value that house has before or after is sort of irrelevant except as a way for you to twist the issue to fit your narrative. Nobody made you put up your house in some nonsense crypto exchange. That was you.

Be glad the government is involved at all or you might not be getting anything back.


But what if instead of getting your house back, you're only getting the cash equivalent of what your house was worth THEN, plus some interest. Meanwhile, your house, which you no longer own, has tripled in value.

This is unironically the reason why stock trading is so heavily regulated.

If you looked at Bitcoin, whose entire pitch is that it's a poorly regulated speculative instrument, and thought "I'm going to put my house in this" you are an adult accepting unreasonable levels of risk.

Just because FTX (predictably) was run by a con man who got his whole company shut down DOESN'T MEAN that you're a victim. You gambled money you didn't have on a system you didn't care to understand and you are lucky to even get the money back.


>Be glad the government is involved at all or you might not be getting anything back.

This. I'm constantly surprised that the government helps people in these situations. If they want the government to be involved, they should push for crypto to actually follow all of the laws that apply to traditional financial things, which would eliminate a lot of these scams that end up requiring government intervention in the first place.


That's the job of a government, and why would people fund it through taxes if it doesn't do its job?

>That's the job of a government, and why would people fund it through taxes if it doesn't do its job?

Regulation and protection go hand in hand, if you don't want the regulation, you shouldn't be able to ask for the protection that goes along with it. If you want to gamble your real money by converting it to fake digital tokens, that's fine, but you shouldn't ask the government to use taxpayer money bail you out afterwards. If you want government protection for investments, you should invest in schemes that are regulated by the government instead.


Because many people do not want the government to regulate crypto.

Is that really a majority? I have big trouble believing so. The majority still doesn't know what is bitcoin (except "that money thing").

Yup, you can notice some issues even in their picked example. e.g. the prompt for the video of the painting woman says "there is a bear cub at her feet" and it quite clearly is not "at her feet" in the video.

True, but in this case we can simply judge based on the actions taken.

The claims (trademark violation, no contributing anything back) seem pretty sensible and borne out in practice.

WordPress is an open source project stewarded by a foundation that set rules for its use. If you don't follow them there are consequences. As simple as that, really.

These rules (paying a license or contributing back) seem sensible too.

Normalizing people leeching off the work of other doesn't seem like a good approach.

Some people might disagree with the philosophy — perfectly fine! They can write their own blog engine and release it in a permissive open-source license and make copyrights freely available to anyone. This is a blog engine, not exactly antitrust material.


Hold your horses — this will only produce a fraction of the chips, and probably at a much higher cost.

It's a step in the right direction for the policy goals, but they've really just entered the woods with this one.


But it also makes us not dependent on a place that China has their literal sights focused on.


They don't — they just rewrite from scratch, usually using the original art assets from the game.

You could decompile the game client if you wanted to, but that's probably more trouble than it's worth in most cases. Most of the business logic is in the server anyway, the client is just to initiate actions and render the world state.

(And similarly servers did not have the code, just assets + wire format between client and server, and they reversed engineered things from there, pretty successfully.)


Crazy. And they don't get into legal trouble?


Probably, but honestly servers are sort of in the same boat.

I think Blizzard hasn't bothered going against the open source servers because even if there's just a 1% risk that a court would rule agains them, it would open the flood gates to much more professional teams to come in and do it because "it's legal".

They do go against server operators sometimes, though they don't seem very determined there, and some servers have resisted successfully (hosting in Russia and identity hiding I think). I think they mostly use "you're using copyrighted assets" as a line of attack, precisely to avoid the risk that losing that would put them at risk. But IANAL.

Also note that in both cases the projects need the assets from a real client and don't ship with them, expecting you to provide them.


Out of curiosity have people figured out a way to extract detailed character data from the official WoW servers to import into their private servers as a starting point should the commercial servers some day not be viable for whatever reason?


Not sure what you mean by "detailed character data"?

AFAIK the graphical assets are all in the client. The status data is for the most part available through (web)api and even more is available through client side interfaces.


Not sure what you mean by "detailed character data"?

Character and bank inventory including battle pets, achievements including dates, character stats, transformation unlocks such as different druid forms. Basically everything that would be required to 100% restore all the characters in a persons account exactly as they were on the commercial servers. A Full Backup of everything in ones account in a format the server can import so to speak.


Every property of a character that the client can display can also be seen by the Lua API.


Last time I looked (many years ago) there was an API, intended for displaying your character info on other websites.


It has been attempted — I know of two efforts. One was in C++ and I don't remember the name or have the link handy, I'm pretty sure it's abandoned.

The other is here: https://github.com/wowserhq/wowser, runs in the browser with WebGL, as you can see, it hasn't seen meaningful progress in almost a decade, but it is already impressive.

EDIT: Found the first one, PseuWoW: https://github.com/shlainn/pseuwow

More leads here: https://community.trinitycore.org/topic/12710-we-need-to-cre...


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: