[Nottingham] Why Java would still stink even if it weren't security swiss cheese

Martin martin at ml1.co.uk
Fri Aug 31 10:59:40 UTC 2012 

Folks,

An interesting swipe and view. Especially so in view of the recent
revelations about old problems remaining unpatched to now be exploited
"in the wild", despite fixes being already available (but held for the
sake of a very long update 'schedule')...


In true The Register rhetoric:


Why Java would still stink even if it weren't security swiss cheese
http://www.theregister.co.uk/2012/08/30/i_hate_java/

"... One solution is to deploy a containerised version of a Java VM with
the application. Most devs don't do this, and if you rely on multiple
Java-powered applications you run into the wonderful situation wherein
you have multiple apps that are mission critical; each that require
different flavours of Java. Yay.

For reasons incomprehensible, companies exist today still utterly
reliant on Java applets coded just slightly after the world-altering
technological advancement of bashing two rocks together. These
abominations usually run in the browser..."

"... a patch for the latest JVM flaws isn't due until mid-October from
Oracle. It is thus absolutely ridiculous to me that there are developers
today designing new applications relying on Java in the browser. I don't
possess a rich enough vocabulary to adequately express the depth of the
professional disillusionment, scorn and anger I feel for these individuals.

It is possible to code Java applications that are excellent. The
ubiquity of the language as a primary educational tool has unfortunately
made these the exception rather than the rule. ..."


Strong stuff!

Cue Perl (lax chaotic freedom or 'rich free expression') vs Python
(structured clarity or irksome restrictiveness)?... ;-)


My own view is that it is usually easy to abuse or misuse any tool.
However, some tools are more vulnerable or fragile than others.
Particularly bad tools can even promote 'bad practice' that then is a
costly nightmare for everyone else further down the chain...

There must be a better way than all this fragile and difficult
'procedural' programming-with-side-effects stuff for interacting with
the real world.

Go object oriented and self-learning?...


Just stirring ;-)

Cheers,
Martin

-- 
- ------------------ - ----------------------------------------
-    Martin Lomas    - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from   hkp://subkeys.pgp.net   or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg

More information about the Nottingham mailing list