Just along one thread about the Java™ programming language, we get a number of solid reporters and a couple of “gurus”. The reporters explain the facts about the current vulnerability in one Java sub-system; the “gurus” mount an all out attack on Java. I have three observations to make here:
1. In a neighbourhood afflicted by a string of burglaries, the headlines do not read: Locks Fail in Leaside. Every story about an “exploit” should, at least in passing, lay the blame where it belongs: with people who take advantage of that security flaw to harm or extort other people. Yes, I do mean every single story, every single web log post. I do expect journalists to continually remind us, and themselves, that we have a choice about living in the network version of Hobbes’s war of all against all.
2. On the subject of war: the governments that have evidently decided to take their conflicts into our living rooms, work places, children’s schools, power plants and hospitals by making it “cyber war” do not answer to some mysterious force from outer space. They answer to us. We can demand general disarmament. Whether or not we choose to do this, I expect the people now hounding Oracle for “security flaws” to at least mention the truth in passing. Government preparations to make war on the net don’t threaten us because of Java; they threaten us because of the choices many of our own governments make.
3. Every day, I encounter downloads of applications from publishers that don’t provide a digital signature and expect me to run their products in native mode, on the bare metal in my computer. Like most users, I make the best of this: I scan every file I load or download with two virus scanners, one of which keeps demanding that I uninstall the other. In this environment, the idea that Java stands out as a particular threat, particularly one so severe it requires government coercion, doesn’t pass the laugh test.
I have a simple plea: let us not lose sight of the many innovations of Java. Working with Java, I and many other programmers first encountered an integrated approach to coding and documentation through JavaDoc. Java offered the first and still some of the best facilities to integrate a flexible programming language and the W3C xml language. Above all, Java integrated the language and support routines, and in the process instituted and enforced coding standards. Languages such as c and c++ have no rules and standards for identifiers: Java does. That alone adds considerably to a priceless asset: any reasonably skilled programmer who knows Java conventions can read a Java application source and have a pretty good chance of understanding it. With c or c++ or some other language that does not provide a common naming scheme, a programmer must work harder to do the same thing. Java designers also added considerably to its readability by eliminating the requirement for headers, that fragmented the sources of c and c++ into headers and regular files, the simple rational structure of packages, classes and interfaces, and the rule that every public class should have its own source file, and that file should have the name of the class it contains. These simple intuitive rules, coded into the structure of the Java language, did a huge amount to propagate good program design practise.
Given the advantages of Java for systems construction, it should surprise nobody that that it powers so much of the web we take for granted. Java gives the web Apache Tomcat, the Glassfish application server and many other important server-side systems, and its contribution to structuring good system design, much the way Algol and Pascal helped promote the structured programming approach taught by Edsger Dijkstra has helped the growth of the practical computing systems that power the web. In the current hysteria about security flaws in one or two parts of the overall Java system, the demands that we kill Java require careful scrutiny and a balancing of the contributions of Java’s design against any defects some parts of the system may have.
On one level, this represents a rational calculation. But whether the calls for the elimination of Java reflect merely frustration with the slow pace at which Oracle hardens the language against intrusions, or whether it reflects the desire of a few writers on security to force programmers and enterprises to do what they have failed to persuade us to do, it is simply unacceptable to ignore the contribution the designers of Java have made.
* The views expressed in this article are those of the author and do not necessarily represent the views of, and should not be attributed to, Jelastic or its technology and distribution partners.