Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Oracle takes rough criticism over Java stewardship

Modularisation and licensing moves draw fire from partners

Article comments

Oracle, which officially took on the big job of shepherding Java two years ago this month, is travelling bumpy roads lately, with its modularisation and licensing plans for Java raising eyebrows and security concerns coming to the fore as well.

Plans for version 8 of Java Platform Standard Edition, which is due next year, call for inclusion of Project Jigsaw to add modular capabilities to Java. But some organizations are concerned with how Oracle's plans might conflict with the OSGi module system already geared to Java. In the licensing arena, Canonical, the maker of Ubuntu Linux, says Oracle is no longer letting Linux distributors redistribute Oracle's own commercial Java, causing difficulties for the company. Meanwhile, security vendor F-Secure views Java as security hindrance.

Jigsaw's inclusion draws ire

With Jigsaw, Oracle intends to provide an approachable and scalable module system for large legacy software systems in general and the JDK (Java Development Kit) in particular, according to a blog by Mark Reinhold, Oracle's chief architect of the Java platform group.

But some see conflict between Oracle's Jigsaw effort and OSGi, a longstanding dynamic module system for Java adopted by organisations like the Eclipse Foundation (of which Oracle is a member) for open source tools.

"The major risk inherent in Project Jigsaw is that it is attempting to supplant an incumbent Java modularity system that has already seen a great deal of success," says Eclipse representative Ian Skerrett. "OSGi is widely used across the Java ecosystem in the implementations of IDEs, enterprise service buses, and application servers. Project Jigsaw must not only support the modularisation of the Java platform, it also must provide seamless integration with the existing OSGi ecosystem."

Rather than benefiting Java, Jigsaw will only complicate matters, says Peter Kriens, technical director of the OSGi Alliance: "Jigsaw is inventing something that doesn't really fit very well in Java."

Help may be on the way, however.

Floated in an OpenJDK online discussion group is a proposed effort called Penrose to implement interoperability between Jigsaw and OSGi implementations. This project would enable cooperation between Jigsaw and OSGi to show how OSGi implementations would run on the OSGi runtime and how to load Jigsaw modules into OSGi frameworks.

Both Skerrett and Kriens see great benefits to Oracle's goal of adding modularisation to Java. "It dramatically improves the robustness and flexibility of software systems, especially large software systems... By reducing the complexity of software, modularity allows greater reuse and easier deployment, which in turn allows systems to adapt to change in easier and safer ways," Skerrett says.

Java's licensing change troubles Canonical

Oracle also is raising dander over a recent license change limiting distribution of Oracle's commercial Java. Canonical says that Oracle has retired its licence that permitted Linux distros to redistribute Java. Under the new Oracle licence, users now must download Java directly from Oracle's website.

"That left us in a pickle, because the current version of Java that we're distributing had known security issues that were being exploited," says Canonical CEO Jane Silber. Security problems in Java 6 include problems with remote exploits enabled through the Java browser plugin, she says. To address the security issue, though not solve it, Canonical is pushing out an update that will disable part of the Java version on users' machines.

Canonical can still distribute the open source OpenJDK version of Java, but it is not equivalent to the commercial Oracle implementation, Silber says. Canonical's troubles date back to Oracle's announcement last summer that OpenJDK would become the reference implementation of Java, which resulted in the discontinuance of the "non-free" operating system distributor licence for Java used by Canonical. The bottom line is that Oracle wants Linux distributions to migrate to OpenJDK, even if a distributor believes the commercial version is better for its customers.

Java's security questioned

Oracle also has been receiving flak elsewhere over the security of Java. F-Secure Security Labs recently posted a notice, "Java considered harmful," that advises people to remove the Java plugin from their browsers.

"The risks of Java are nicely illustrated by the recent Java Rhino vulnerability (aka CVE-2011-3544). If you're running Java, but not the latest version, you're vulnerable. So either you have to check at all times that you have the latest version of Java, or get rid of it altogether," F-Secure writes.

Keeping Java secure is no mean feat, as it is a popular target for hackers. "Java is currently the lowest-hanging fruit of the third party software that gets attacked," says Sean Sullivan, an F-Secure security advisor. While Java is a great platform on back-end systems, Java on Windows PCs facilitates the running of undesirable code, he says.

Oracle's thankless job

Oracle has numerous Java projects to maintain and update, such as last week's release of the NetBeans 7.1 IDE equipped with support for the JavaFX 2.0 rich Internet application platform. With Java being such a ubiquitous technology after 16-plus years, whoever is in charge of it is sure to upset some folks with how the platform is proceeding.

In fact, disagreements over Java are nothing new: The Apache Software Foundation's efforts to get proper certification for its Apache Harmony implementation of Java have spanned both the Sun and Oracle reigns over Java, for example.

Oracle, however, perhaps should cut back on the heavy-handedness, perceived or actual, if it hopes to preserve and maximise its substantial investment in Java. Otherwise, Oracle risks sending users looking for alternatives.


Share:

More from Techworld

More relevant IT news

Comments




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *