Oracle's latest Java moves frustrate users and vendors
- 10 January, 2012 22:24
Oracle, which officially took on the big job of shepherding Java two years ago this month, is traveling bumpy roads lately, with its modularization and licensing plans for Java raising eyebrows and security concerns coming to the fore as well.
Plans for version 8 of Java Platform Standard Edition, which is due next year, call for inclusion of Project Jigsaw to add modular capabilities to Java. But some organizations are concerned with how Oracle's plans might conflict with the OSGi module system already geared to Java. In the licensing arena, Canonical, the maker of Ubuntu Linux, says Oracle is no longer letting Linux distributors redistribute Oracle's own commercial Java, causing difficulties for the company. Meanwhile, security vendor F-Secure views Java as security hindrance. (Oracle declined to discuss these issues with InfoWorld.)
[ More upset users: Oracle rankled backers of the Project Hudson continuous integration server and OpenOffice.org office suite after taking over those projects from Sun. | For the latest perspectives on software development, subscribe to InfoWorld's Developer World newsletter. | Check out JavaWorld.com for hands-on Java advice, tips, and discussions. ]
Jigsaw's inclusion draws ire With Jigsaw, Oracle intends to provide an approachable and scalable module system for large legacy software systems in general and the JDK (Java Development Kit) in particular, said Mark Reinhold, Oracle's chief architect of the Java platform group, in a recent blog post.
But some see conflict between Oracle's Jigsaw effort and OSGi, a long-standing dynamic module system for Java adopted by organizations like the Eclipse Foundation (of which Oracle is a member) for open source tools. "The major risk inherent in Project Jigsaw is that it is attempting to supplant an incumbent Java modularity system that has already seen a great deal of success," says Eclipse representative Ian Skerrett. "OSGi is widely used across the Java ecosystem in the implementations of IDEs, enterprise service buses, and application servers. Project Jigsaw must not only support the modularization of the Java platform, it also must provide seamless integration with the existing OSGi ecosystem."
Rather than benefiting Java, Jigsaw will only complicate matters, says Peter Kriens, technical director of the OSGi Alliance: "Jigsaw is inventing something that doesn't really fit very well in Java."
Help may be on the way, however.
Floated in an OpenJDK online discussion group is a proposed effort called Penrose to implement interoperability between Jigsaw and OSGi implementations. This project would enable cooperation between Jigsaw and OSGi to show how OSGi implementations would run on the OSGi runtime and how to load Jigsaw modules into OSGi frameworks.
Both Skerrett and Kriens see great benefits to Oracle's goal of adding modularization to Java. "It dramatically improves the robustness and flexibility of software systems, especially large software systems.... By reducing the complexity of software, modularity allows greater reuse and easier deployment, which in turn allows systems to adapt to change in easier and safer ways," Skerrett says.
Java's licensing change troubles Canonical Oracle also is raising dander over a recent license change limiting distribution of Oracle's commercial Java. Canonical says that Oracle has retired its license that permitted Linux distros to redistribute Java. Under the new Oracle license, users now must download Java directly from Oracle's website.
"That left us in a pickle, because the current version of Java that we're distributing had known security issues that were being exploited," says Canonical CEO Jane Silber. Security problems in Java 6 include problems with remote exploits enabled through the Java browser plug-in, she says. To address the security issue, though not solve it, Canonical is pushing out an update that will disable part of the Java version on users' machines.
Canonical can still distribute the open source OpenJDK version of Java, but it is not equivalent to the commercial Oracle implementation, Silber says. Canonical's troubles date back to Oracle's announcement last summer that OpenJDK would become the reference implementation of Java, which resulted in the discontinuance of the "non-free" operating system distributor license for Java used by Canonical. The bottom line is that Oracle wants Linux distributions to migrate to OpenJDK, even if a distributor believes the commercial version is better for its customers.
Java's security questioned Oracle also has been receiving flak elsewhere over the security of Java. F-Secure Security Labs recently posted a notice, "Java considered harmful," that advises people to remove the Java plug-in from their browsers. "The risks of Java are nicely illustrated by the recent Java Rhino vulnerability (aka CVE-2011-3544). If you're running Java, but not the latest version, you're vulnerable. So either you have to check at all times that you have the latest version of Java -- or get rid of it altogether," F-Secure writes.
Keeping Java secure is no mean feat, as it is a popular target for hackers. "Java is currently the lowest-hanging fruit of the third-party software that gets attacked," says Sean Sullivan, an F-Secure security advisor. While Java is a great platform on back-end systems, Java on Windows PCs facilitates the running of undesirable code, he says.
Oracle's thankless job Oracle has numerous Java projects to maintain and update, such as last week's release of the NetBeans 7.1 IDE equipped with support for the JavaFX 2.0 rich Internet application platform. With Java being such a ubiquitous technology after 16-plus years, whoever is in charge of it is sure to upset some folks with how the platform is proceeding. In fact, disagreements over Java are nothing new: The Apache Software Foundation's efforts to get proper certification for its Apache Harmony implementation of Java have spanned both the Sun and Oracle reigns over Java, for example.
Oracle, however, perhaps should cut back on the heavy-handedness, perceived or actual, if it hopes to preserve and maximize its substantial investment in Java. Otherwise, Oracle risks sending users looking for alternatives.
This story, "Oracle's latest Java moves frustrate users and vendors," was originally published at InfoWorld.com. Follow the latest developments in application development and Java at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.
Read more about application development in InfoWorld's Application Development Channel.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Oracle's ambitious plans for integrating Sun's technology : Applications - InfoWorld
- Canonical's Ubuntu Linux will battle for mobile developers : Mobile Technology - InfoWorld
- A year later: Has Oracle ruined or saved Sun? : The Industry Standard - InfoWorld
- Newsletter Subscribe - InfoWorld
- Welcome to JavaWorld.com
- Project Jigsaw: The Big Picture — DRAFT 1
- Eclipse's annual software release train arrives : Application Development - InfoWorld
- Java Considered Harmful - F-Secure Weblog : News from the Lab
- CVE-2011-3544 / ZDI-11-305 – Oracle Java Applet Rhino Script Engine Remote Code Execution
- Oracle gears Netbeans for building better user interfaces : Application Development - InfoWorld
- Oracle releases JavaFX 2.0, shares plans for Java 9 : Application Development - InfoWorld
- Apache declares war on Oracle over Java : Developer World - InfoWorld
- Oracle's latest Java moves frustrate users and vendors : Application Development - InfoWorld
- Business technology, IT news, product reviews and enterprise IT strategies - InfoWorld
- Application Development Channel - InfoWorld
- Java Programming - InfoWorld
- Application Development - InfoWorld
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Spiceworks' free management software gets integrated MDM
Leading Through Connections – Insights from the Global Chief Executive Officer Study
IBM’s 2012 Global CEO study follows face-to-face discussions with more than 1,700 CEOs and senior public sector leaders from around the globe. The findings examine how CEOs are responding to the complexity of increasingly interconnected organisations, markets, societies and governments. For example, almost one-quarter of CEOs say their organisations operate below par in terms of driving value from data. CEOs have expressed frustration about their inability to capitalise on available information. This is because: “The time available to capture, interpret and act on information is getting shorter and shorter.” CEO, Chemicals and Petroleum, United States Given the need for deeper business insight, the best performing organisations are more adept at converting complex data into insights, and insights into action. Download Entire Report Now.
The Foundation for Cloud Management
For businesses looking to provide real-time business solutions to employees and customers alike, you need to have a comprehensive network management strategy. The network is the foundation of all successful cloud services; it must be robust to meet traffic, efficiency, and performance demands. Download today the four steps to get your network operations cloud-ready.
Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks
Enterprises and government agencies are under virtually constant attack today. It is clear that the cybercriminals, nation-states, and hacker activists waging these attacks are growing increasingly sophisticated and more effective in their efforts to steal and sabotage. Why are today’s security defenses failing? In this battle, your security teams are using outdated arsenal - download now to learn more.