Java is currently the leading exploit vector for Windows machines, and Java vulnerabilities are packaged into many of the “exploit kits” available in the darker corners of the Internet (see http://krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/). Internet Explorer, Flash Player, and even the Windows operating system itself have done a good job of either improving the security of their products or improving their patching processes. Java, however, still lags noticeably behind in both user/media awareness and quality of code. According to some statistics, Java vulnerabilities account for up to 70% of successful exploits, making it a veritable nightmare from a security perspective.
Articles Tagged with Java
PaaSLane from Cloud Technology Partners is a tool that greatly facilitates the process of migrating an application to the cloud by comparing its source code to known safe best practice. It claims a 25% enhancement in migration time. We suspect that in many cases this will easily be achieved, plus PaaSLane removes a lot of uncertainty.
Cloud Technology Partners has just released its new PaaSLane for AWS, a software solution that analyses codebases and pinpoints issues that would likely cause problems if the code were to be deployed to Amazon Web Services or other elastic environments.
Over the last 15 years, Java has become one of the world’s most popular programming languages and runtime platforms for software development. Today, many agile developers are moving beyond the original Java language to newer ones that introduce new capabilities such as functional programming and dynamic typing while still run on the robust Java platform. With the migration of development to the cloud, the Java platform is experiencing remarkable resiliency with new vendors continually entering the Java Platform as a Service (PaaS) market.
The recent news that Heroku, popular in the Ruby community, is now supporting the full Java stack with a focus on enterprise Java development is a trend we see continuing. Vendors are embracing of the Java platform with it’s multi-language, multi-platform support. This article outlines the past and present of the Java platform including the new generation of languages and the leading PaaS vendors supporting them.
Java: Language and Platform
The Java language and underlying platform (including the Java Virtual Machine or JVM) emerged in 1995. Created by Sun Microsystems, Java burst onto the scene at just the time the Internet was taking off. After finding mild success with their initial focus on Java Applets (code run within web browsers), Sun turned their attention to enterprises and released the Java Enterprise Edition in 1998. Designed for building enterprise-class web applications, JEE (aka J2EE) has become one of the predominant standards today for building web applications. Many vendors sell products that implement the Java specifications including Oracle, IBM, HP and VMware with Spring.
From the beginning, the Java platform included the ability to run applications written in programming languages other than Java. Although Java has remained the most popular language, newer languages and newer compilers for existing languages are enabling the Java the platform to continue to grow beyond Java the language. While remaining a mainstay for enterprise customers, the growth of mobile and tablet apps in particular (Android is built with Java) has helped fuel the growth and popularity.
But today, nearly 20 years after the initial release of Java, it’s the platform and not the programming language that is increasingly the focus of agile developers and vendors.
Popular Languages for the Java Platform
There are several emerging languages that run in the Java platform and bring new capabilities to developers:
Scala – Short for scalable languages, Scala adds functional programming for improved parallel computing on the Java platform. Because it runs on the JVM, it can interoperate with existing Java applications and leverage existing Java libraries. Scala’s focus on parallel computing compliments the on-demand, scalable nature of cloud resources. As such, Scala is ideal for building highly scalable applications that run on dynamic cloud resources. Twitter, LinkedIn and Amazon.com are prominent solutions that use Scala for their high-performing applications.
Clojure – Clojure is a Lisp dialect for the Java platform. Like Scala, Clojure brings functional programming paradigms to the object-oriented Java community. Applications developed in Clojure can leverage multi-threaded architectures for fast performance and parallel processing – ideal when doing analysis of big data.
Groovy – Groovy is a dynamic language for the Java platform that can be used for applications as well as scripting. Similar to Ruby and Python, the language is fully interoperable with Java but it’s compact style means is generally requires less code to build applications (thus improving developer productivity). When used in conjunction with the web framework Grails the duo is quite similar to the popular Ruby on Rails framework for building apps. Because it runs on the Java platform and the code is similar to Java in style and syntax, many agile developers prefer Groovy and Grails for rapid web application development.
JRuby – JRuby is an implementation of the Ruby programming language on the Java platform. Originally developed by Sun, it’s now open source and allows developers to build Ruby applications that interoperate with Java applications and can leverage existing Java libraries. JRuby allows developers to rapidly build web applications in Ruby on Rails and deploy them on infrastructure that supports the Java platform.
Jython – Similar to JRuby, Jython is an implementation of the Python programming language on the Java platform. It allows developers to build applications in Python that interoperate with Java applications and can leverage existing Java libraries. With the popularity of Python growing, especially in the scientific community, Jython offers a nice solution for those wanting to use Python while still run on the familiar Java platform.
Java the Cloud Platform
A growing number of vendors are offering Java Platform as a Service (PaaS) solutions that support the Java Standard Edition (JSE) and JEE standards. Increasingly, these vendors support applications written in the languages described above in addition Java.
While individual features vary by vendor, most all provide simple steps for a developer to upload their Java application (as a .war or .ear file) and the solution takes care of much of the rest. This includes auto provisioning infrastructure resources on-demand (such as computing, storage, network and load balancers), deploying the application and monitoring for health. Most also include the ability to auto-scale the application based on traffic – a great feature for ensuring your web application can handle peak loads.
Like all PaaS’s, these solutions generally allow the developer to focus on the business domain and application logic and not worry about the infrastructure necessary to run it. Some, like Amazon’s Elastic Beanstalk, allow users to manage the underlying resources if they wish while others, like Open Shift and Heroku, keep these details hidden.
While a complete review of Java PaaS solutions is beyond the scope of this article, options include (in alphabetical order): AppFog, Cloud Foundry, CloudForge, CloudBees, CumuLogic, Elastic Beanstalk, Google App Engine, Heroku, Jelastic, Red Hat Open Shift, Stakato, StratosLive and Windows Azure.
Java’s future has never appeared brighter. While the popularity of Java the language may be fading, Java the platform has never been stronger. Developers are discovering new capabilities for solving complex problems and vendors new solutions for deploying Java applications in the cloud.
VMware’s latest effort, CloudFoundry, is not about VMware delving into the PaaS market even deeper. They have done that already with VMforce. CloudFoundry on the other hand is a fairly astute move to enable the development and rapid adoption of cloud based applications. The end goal is to sell what makes up a PaaS environment which is more enabling software. This would enable enterprises and businesses to move to the cloud. The problem with them moving now is that there are not that many applications that are cloud friendly. In effect more concentration on the application and less on the operating system which has always been VMware’s strategic direction.
Oracle (who by virtue of the acquisition of Sun owns Java) announced late on Thursday August 13th that it has filed suit against Google for infringing upon copyrights and patents related to Java. “In developing Android, Google knowingly, directly and repeatedly infringed Oracle’s Java-related intellectual property. This lawsuit seeks appropriate remedies for their infringement,” Oracle spokeswoman Karen Tillman said in a statement. The full complaint may be found here.