Wednesday, January 16, 2013

The harms of Java

I have always considered a tremendous error using Java as first language for teaching programming to Computer Science and Engineering students at University. I have a bunch of reasons for this. How
ever, many schools do it, including my own University.

Some day I may write something about this, but I am afraid that I would need more space than a plain blog post.

I have used Java in industrial projects. The most common reason has been customer requirement to do so. In those cases I have always warned customers of the dangers of such a decision.

Today I was thinking a little bit about the latest Java vulenrability and how Oracle has been managing it. I was reading this post from CERT at Carnegie Mellon reccomending to disable java from your browser now.

This has brought to my mind two principles that I think are very important when making a selection on a language. Both can be mainly summarized in: "Always try to avoid single way of thinking".

Prefer standardized programming languages

I think that standardized programming languages should be preferred over others. Specifically I am thinking in programming languages with an International Standard. The reason behind is openness.

Many argue that design by committe is not the best way of designing a language. I may partially buy that argument. However, I think is much better, that the model where a single company designs a programming language and makes changes (sometimes incompatible changes) when they want. 

At least, any specification going through a standardization process involves industry providing the technology (i.e. compiler providers), academics and end users. It is true that sometimes some group may be underrepresented in a standards committee, but there are clear rules on how to become a member of a committee.

Anybody can implement an environment for a standard programming languages. Just have a look on the number of different implementations for languages like C, C++, Ada, COBOL or FORTRAN. However, in the recent years we have seen lawsuits about who has what right with a language owned by a company.

Prefer compiled languages over virtual machine based languages

My usual argument for preferring truly compiled languages has always been performance. I know. Not everybody is concerned about performance but I am.

However, security and safety emerge as another strong reason. We have seen how recent updates on Java Virtual Machines have made that usable applications have become unsecure applications without any intervention of the developer. This has brouth the new acrony WOBE (Write Once Break Everywhere) as opposed to the promised WORE (Write Once Run Everywhere).

In contrast, with a truly compiled application where you deploy binaries, it is much more difficult that such a thing happens. I will not say impossible, because "impossible is nothing". But at least, very difficult.

Is there room for Java-like languages?

Sure there it is. Java has proven to be excellent in combination with application servers. You can get cheap programmers to do so. Hey. Wait a minute! That is true as long as you are not concerned with energy efficiency. Surely this has a huge environment impact for data centers and for the life of your battery.

Then what. Well, I really don't know.

NOTICE: I am happy to get comments for this posts. However I will remove any comment that I consider offensive or is not supported by some sort of reasoning.

2 comments:

  1. "Java has proven to be excellent in combination with application servers" sure? tomcat is not an application server and spring framework works fine...

    ReplyDelete
  2. Agreed. But what is the energy efficiency of such combination? How secure is it?

    ReplyDelete