So we have all seen the almost daily reports of zero-day bugs creeping into Java’s platform recently. Many out there have said things like “Oracle has dropped the ball” and others have made calls for a massive rewrite of the way Java works. I understand that this recent flood of exploits have caused many of you concerns, I think the future of Java is getting brighter. I don’t think Java needs a rewrite, I think Oracle just needs to take a moment, perhaps re-evaluate Java 8 and change focus to one of security and code hardening.
Rewrites sound good, especially when it comes to an aging platform that shows a few cracks. But in reality usually a rewrite does two things. First it usually gets rid of battle tested code in favor of new code that hasn’t seen the scars of battle. That exploit that might have happened back in 2002, yeah it was beaten and fixed. Remember the bug of 2007? Probably not but the code hasn’t forgotten. If we are to get rid of this time tested code we may open ourselves to the exploits of the past repeating themselves. Secondly, a rewrite is usually a change in direction that doesn’t coincide with the original plan laid out by developers of Java. It would be like going into the constitution of the US and changing a few things to bring it into the future… but then of course exposing some loopholes in the process because the old piece now doesn’t “jive” with the new piece quite like it should.
Some would argue that new code is better than old code for reasons of efficiency, taking advantage of new methodologies and a rethink based on the current environment. And I think that is a valid argument for sure. But the approach is what is wrong. Let the bugs come, let the Java community rise up as a group of developers and fix the issues. Let Oracle work on the stability of the language as is and we can help! These security shops that are finding these bugs and reporting them are doing Java a favor and hardening its base. For a language that is as wide spread as Java, you can always expect a bug to pop up. However, the more we fix the harder Java is getting.
As a programmer of many languages including C++ and the .NET languages, I know Java does a lot of things better and has an identity all its own that makes it great. I think a rewrite of it is going to erase some of its history while not dramatically improving the situation. I think we will still find issues with the new rewrite and we may even seen some bugs from the past also appear in the new code. We should be learning from the past, not creating a time machine, jump backwards and alter history in an attempt to make things safer. Anyone who has seen a movie involving time traveling to the past to fix things know that there are always unintended consequences.
Thanks for reading! 🙂