1996-05-01 - Re: Why I dislike Java. (was Re: “Scruffies” vs. “Neats”)

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: “L. Detweiler” <vznuri@netcom.com>
Message Hash: 7ba58999c0acc75b4e68c1d0bb9d722a8dceb1752171b1ed6ca27058f2537420
Message ID: <199605010033.UAA15101@jekyll.piermont.com>
Reply To: <199605010015.RAA15723@netcom15.netcom.com>
UTC Datetime: 1996-05-01 06:56:47 UTC
Raw Date: Wed, 1 May 1996 14:56:47 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 May 1996 14:56:47 +0800
To: "L. Detweiler" <vznuri@netcom.com>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605010015.RAA15723@netcom15.netcom.com>
Message-ID: <199605010033.UAA15101@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"L. Detweiler" writes:
> well, are you saying it would be impossible to do such a thing
> [produce a safe execution environment] in a distributed programming
> language?

It is difficult. The way Java does this, with the protection relying
solely on the correctness of the runtime (the interpreter isn't
emasculated so flaws in the runtime can cause unexpected behavior) it
is nearly impossible. Humans aren't good enough at designing systems
this century.

> furthermore, you are imposing a virtual military-level degree of
> security to something that does not seem to require it. if
> a virus gets loose on someone's computer because of Java, what's
> the harm?

The Web is the universal marketplace these days. Being unable to use
the web is the equivalent of being unable to use the phone. I have
research analysts at large trading houses begging for
Netscape. Unfortunately, these people have a need for top notch
security, because vast amounts of money are at stake.

So, yes, if you are going to create a product that everyone on earth
has to be able to use, it had damn well not explode in your face every
once in a while. Imagine if all the world's refrigerators had a 1 in
10,000 chance of blowing up on you. "Whats the harm" you say. Well,
most people don't expect that sort of behavior in a friendly consumer
appliance that nice people from Sun and Netscape guarantee is
absolutely positively safe except for all the bugs.

> you are designing systems that when broken cost bazillions
> of dollars, potentially. what does Java cost when it breaks?

It costs all the same things the the firewalls are protecting.

> who is saying that one should use Java for extremely mission
> critical situations such as funds transfer?

No one. Unfortunately, when the same machine runs Netscape so the
trader can read the UUNet/MFS merger press release and also has the
big shiny red "trade!" button on some application, you get nervous.

As I said, the traders don't expect that their phone will explode when
they pick it up, or that every piece of literature they get in the
mail may be coated with contact poison. Well, Java is a silent
killer. It soon is going to be sitting on every desktop at every
company in America and its being sold as the new paper or phone. Its
also sitting on all those PCs running "Quicken" that helpfully now can
do direct electronic funds transfer from your account, etc. If you
don't care about the security of your bank account, well, sure, you
have nothing to worry about.

In short, my clients need security today. Your home computer probably
needs it soon if not now, and if you think your business can survive a
few days without its computers, please, by all means, run without
security.

> again, no one said that you have to use Java for mission critical
> applications.

Its not Java crashing that I worry about. Its everything else on the
computer and the network it is attached to that needs protection.

> did the creators of Java say that it is going
> to be used in the banking industry?

Well, sorry, you try to keep it off the desks in the banking industry
if you can.

> do you realize it was intended at first to be put into
> *home*appliances*? are you going to die if you occasionally have to
> reboot your toaster because a bug?

No, but you could die if someone gets your toaster to catch fire, or
gets your microwave oven to do something the hardware wasn't supposed
to. It might also be very annoying if your home security system
stopped working, or if your smoke detectors didn't detect smoke, or even
if your fridge decided that it didn't like a string overflow in the
interpreter and decided to stop refrigerating.

Life critical applications or important financial applications are all
around us. You just don't seem to notice.

Perry





Thread