10 Things that suck about Java

JavaThere was a time when important people claimed that Java was the future of computing and major industry companies -- even Microsoft! -- bought into it. Sun Microsystems founder Scott Mcnealy proclaimed Java as the future of, well, everything -- like the light switch to the room where you're reading this sentence. Now Java has degenerated into an unpleasant legacy technology that causes way more problems than it solves. Sun is gone, having been bought by Oracle. Is Java a corpse stinking up the room it was once meant to power? You tell me after reading my list of 10 things that suck about Java.

1. "Write once, run almost everywhere. Usually." Sun always grossly exaggerated the possibilities of portability with Java. So my Java database server won't run on my Java smartphone? What's up with that? But even conventional tasks that you would expect to work, say, on Mac and Windows, don't always. Version proliferation (see #5) exacerbates the problem.

2. A steady stream of critical, remotely-exploitable vulnerabilities. For the latest list, see the table at the bottom of this document. Seventeen vulnerabilities, 9 with CVE Base Scores of 10 ("as critical as it gets") and all listed as "remotely exploitable without authentication." This is one reason why Java has become the No. 1 target for malicious exploit writers. There's no official word on it, but I suspect this is a big part of why Apple stopped bundling Java with OS X as of Lion (although I hear it's available as a separate download).

3. The updater is crap. It only checks for updates once a month and users usually ignore the notifications of updates. The updates don't play well, in my experience, with UAC in Windows. IOW, if you install it as administrator you have to log out as user and log back in as administrator to update. Java update is a big step up from the crime against humanity that it used to be. Until a couple years ago when you updated Java the updater didn't remove the old version (!!!!) As a result, users could end up with a dozen Java installations, any of which could be specifically called by a malicious app/applet to exploit a vulnerability in it. Of course, there are so many systems out there with old Java versions that this is still true.

4. It's a relic of the past. Where is the role of Java when the web is moving to HTML5? Java is so irrelevant today that even Apple, at one time a top Java supporter, doesn't bundle it anymore as of the upcoming Lion OS X.

5. The insane version numbering. The current versions are:

    Java Family VersionJava BaselineJava for Business Baseline
    61.6.0_261.6.0_26
    5.01.5.0_221.5.0_30
    1.4.21.4.2_191.4.2_32

6. No unsigned integers. Bogus! Makes many programming tasks a PITA. Probably leads to a bunch of bugs in programs ported from C and modified to use one of the many hacks to get around this stupid limitation. There are a lot of programming beefs with Java; a common one is that not all types are objects; but I didn't want to lard the list up with them.

7. Java performance has improved a lot since the early days when it was downright unacceptable, but there are still plenty of applications where it doesn't make the cut, large, multithreaded apps on multicore systems, for example.

8. This is 2011. Why is there no 64-bit version? No, "Java for 64-bit Internet Explorer" doesn't count (although some kudos to Sun/Oracle for making a version of the Java plugin that works in 64-bit IE. If only other vendors like Adobe would do this). No, even if you run that, the Java system beneath is 32-bit.

9. It's required just often enough that you need to have it around, at least on one computer. It's not uncommon, for example, to find a site that has a Java-only uploader.

10. Oracle. Larry Ellison. 'nuf said.

Larry Seltzer is a freelance writer and consultant, dealing mostly with security matters. He has written recently for Infoworld, eWEEK, Dr. Dobb's Journal, and is a Contributing Editor at PC Magazine and author of their Security Watch blog. He has also written for Symantec Authentication (formerly VeriSign) and Lumension's Intelligent Whitelisting site.

41 Responses to 10 Things that suck about Java

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.