One Man's Defense of Java

By James Fallows

I'm not that one man -- I'm the one who has been passing along various warnings about possible vulnerabilities in the Java programming language.

But for the record, here's another side of the story, from a long-time programming veteran in Canada the UK named John Spragge. He lays out one version on his site but sent this elaboration. At the end he points out that even he has disabled Java on his own browser -- but he wants to defend the honor of Java in a broader sense. Emphasis added:

  •  In a neighbourhood afflicted by a string of burglaries, the headlines do not read: Locks Fail in Leaside. Every story about an "exploit" should, at least in passing, lay the blame where it belongs: with people who take advantage of that security flaw to harm or extort other people. Yes, I do mean every single story, every single web log post. I do expect journalists to continually remind us, and themselves, that we have a choice about living in the network version of Hobbes's war of all against all.

  •  On the subject of war: the governments that have evidently decided to take their conflicts into our living rooms, work places, children's schools, power plants and hospitals by making it "cyber war" do not answer to some mysterious force from outer space. They answer to us. We can demand general disarmament. Whether or not we choose to do this, I expect the people now hounding Oracle for "security flaws" to at least mention the truth in passing. Government preparations to make war on the net don't threaten us because of Java; they threaten us because of the choices many of our own governments make.

  • Every day, I encounter downloads of applications from publishers that don't provide a digital signature and expect me to run their products in native mode, on the bare metal in my computer. Like most users, I make the best of this: I scan every file I load or download with two virus scanners, one of which keeps demanding that I uninstall the other. In this environment, the idea that Java stands out as a particular threat, particularly one so severe it requires government coercion, doesn't pass the laugh test.
I have a simple plea: let us not lose sight of the many innovations of Java.

Working with Java, I and many other programmers first encountered an integrated approach to coding and documentation through JavaDoc. Java offered the first and still some of the best facilities to integrate a flexible programming language and the W3C xml language. 

Above all, Java integrated the language and support routines, and in the process instituted and enforced coding standards. Languages such as c and c++ have no rules and standards for identifiers: Java does. That alone adds considerably to a priceless asset: any reasonably skilled programmer who knows Java conventions can read a Java application source and have a pretty good chance of understanding it. With c or c++ or some other language that does not provide a common naming scheme, a programmer must work harder to do the same thing. Java designers also added considerably to its readability by eliminating the requirement for headers, that fragmented the sources of c and c++ into headers and regular files, the simple rational structure of packages, classes and interfaces, and the rule that every public class should have its own source file, and that file should have the name of the class it contains. These simple intuitive rules, coded into the structure of the Java language, did a huge amount to propagate good program design practise....

I should emphasize that my plea for perspective does NOT mean I ask people to disregard the practical advice to disable Java applet containers on web clients. Implementation of Java applets on Firefox and other web browsers does probably present a security risk. Users should certainly download the latest patches, and if the web sites they use do not require Java applets (the ones I use don't) they should disable Java on the browser (I do). Unfortunately, the attacks on this remarkable programming language have gone way beyond this simple wisdom and turned into a vendetta, which risks ignoring a great many significant accomplishments.

Another perspective on Java here, thanks to reader EG.

This article available online at:

http://www.theatlantic.com/technology/archive/2013/01/one-mans-defense-of-java/267432/