Oracle, which officially took on the big job of shepherding Java two years ago this month, is traveling bumpy roads lately, with its modularization and licensing plans for Java raising eyebrows and security concerns coming to the fore as well.
Plans for version 8 of Java Platform Standard Edition, which is due next year, call for inclusion of Project Jigsaw to add modular capabilities to Java. But some organizations are concerned with how Oracle's plans might conflict with the OSGi module system already geared to Java. In the licensing arena, Canonical, the maker of Ubuntu Linux, says Oracle is no longer letting Linux distributors redistribute Oracle's own commercial Java, causing difficulties for the company. Meanwhile, security vendor F-Secure views Java as security hindrance. (Oracle declined to discuss these issues with InfoWorld.)
[ More upset users: Oracle rankled backers of the Project Hudson continuous integration server and OpenOffice.org office suite after taking over those projects from Sun. | For the latest perspectives on software development, subscribe to InfoWorld's Developer World newsletter. | Check out JavaWorld.com for hands-on Java advice, tips, and discussions. ]
Jigsaw's inclusion draws ire
But some see conflict between Oracle's Jigsaw effort and OSGi, a long-standing dynamic module system for Java adopted by organizations like the Eclipse Foundation (of which Oracle is a member) for open source tools. "The major risk inherent in Project Jigsaw is that it is attempting to supplant an incumbent Java modularity system that has already seen a great deal of success," says Eclipse representative Ian Skerrett. "OSGi is widely used across the Java ecosystem in the implementations of IDEs, enterprise service buses, and application servers. Project Jigsaw must not only support the modularization of the Java platform, it also must provide seamless integration with the existing OSGi ecosystem."
Rather than benefiting Java, Jigsaw will only complicate matters, says Peter Kriens, technical director of the OSGi Alliance: "Jigsaw is inventing something that doesn't really fit very well in Java."
Help may be on the way, however.
Floated in an OpenJDK online discussion group is a proposed effort called Penrose to implement interoperability between Jigsaw and OSGi implementations. This project would enable cooperation between Jigsaw and OSGi to show how OSGi implementations would run on the OSGi runtime and how to load Jigsaw modules into OSGi frameworks.
Both Skerrett and Kriens see great benefits to Oracle's goal of adding modularization to Java. "It dramatically improves the robustness and flexibility of software systems, especially large software systems.... By reducing the complexity of software, modularity allows greater reuse and easier deployment, which in turn allows systems to adapt to change in easier and safer ways," Skerrett says.
Java's licensing change troubles Canonical
"That left us in a pickle, because the current version of Java that we're distributing had known security issues that were being exploited," says Canonical CEO Jane Silber. Security problems in Java 6 include problems with remote exploits enabled through the Java browser plug-in, she says. To address the security issue, though not solve it, Canonical is pushing out an update that will disable part of the Java version on users' machines.
Canonical can still distribute the open source OpenJDK version of Java, but it is not equivalent to the commercial Oracle implementation, Silber says. Canonical's troubles date back to Oracle's announcement last summer that OpenJDK would become the reference implementation of Java, which resulted in the discontinuance of the "non-free" operating system distributor license for Java used by Canonical. The bottom line is that Oracle wants Linux distributions to migrate to OpenJDK, even if a distributor believes the commercial version is better for its customers.
Java's security questioned
Keeping Java secure is no mean feat, as it is a popular target for hackers. "Java is currently the lowest-hanging fruit of the third-party software that gets attacked," says Sean Sullivan, an F-Secure security advisor. While Java is a great platform on back-end systems, Java on Windows PCs facilitates the running of undesirable code, he says.
Oracle's thankless job
Oracle, however, perhaps should cut back on the heavy-handedness, perceived or actual, if it hopes to preserve and maximize its substantial investment in Java. Otherwise, Oracle risks sending users looking for alternatives.
This story, "Oracle's latest Java moves frustrate users and vendors," was originally published at InfoWorld.com. Follow the latest developments in application development and Java at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.