Hostile Java

by

Bran Handley


What Is Java ?

"The point and promise of Java is that it hopes to be the universal glue connecting users and information."[1] Although it is commonly thought of in conjunction with the Internet; Java is a powerful programming language with many applications. Only one of which is the World Wide Web. The reason it is commonly linked with the Internet is because it produces code that does not rely on the machine on which it is running. Therefore, it can be transferred via the Internet and run on the clients computer.[1]

The initial steps towards Java began in 1990 when Patrick Naughton threatened to leave Sun Microsystems. He was not happy with the hundreds of different operating systems that he had to support and he questioned the contribution of the majority of Sunís employees. He presented these concerns to his superior, who not wanting him to leave, offered him the opportunity to form a team and do whatever they wanted as long as they "made something cool". The team went about taking apart various common electronic devices. They decided to create a way for these devices to communicate and be upgradeable. The end result was what is now known as Java. After initial plans for itís use fell through the World Wide Web came about and the Internet started to boom. The language lent itself well to the Internet since it was, and still is, platform independent. Netscape quickly added Java capabilities to itís browser and many others have followed suit.[2]

Why use it?

The language that Java is most like is C++. Much of Java was built by looking at C++ and making changes where the designers thought it would be most useful. C++ was chosen because it is the object oriented language that most programmers consider to be the most powerful.

First off, Java was made more object oriented than C++. Practically the entire language is objects. This was not done in C++ since it is an extension of a non-object oriented language.

The designers also dealt with the syntactical and memory problems that a programmer faces in C++. For instance, the accidental use of an assignment in a conditional, instead of an equality check. This and other syntactical changes were done by not allowing such mistakes to compile. Some programmers may consider this a loss of power, but most would agree that the amount of debugging this eliminates far outweighs any loss of programming power. In C++/C all applications of dynamic memory require that the programmer allocate and deallocate memory as is necessary. The problem with this is that programmers may forget to deallocate memory therefore less and less memory is available for reuse. This can also result in memory being deallocated at the wrong time such as when it still holds information or it references information that is not accessible any other way. In Java this is overcome by automatic garbage collection. This is where the compiler/interpreter decides when and how much to allocate and deallocate. Through the use of garbage collection, the programmer never has to deal with the headache of determining how much memory is needed, or when it is safe to deallocate it. With these modifications it is easy to see that a programmer is more likely to create bug-free code in Java than it is in C++. Since debugging of code is a major factor in the time and cost of a program, having code that is less error prone is a large advantage. Another large advantage of Java is that the code is system independent. This means that the compiler/interpreter converts the Java code into a type of code that does not make any references to specific hardware. This code can then be interpreted on different machines at which time the interpreter makes all hardware references. This means that a programmerís code ,without any modification, can be run on any machine that has an interpreter. Since the interpreter does most of the work, the actual code is smaller than a comparable languageís code. These two factors aid in the reaching of a large audience by reducing the amount of code that needs to be transferred and by not limiting the hardware on which it can run. [1]

The Problem!

There was a concern that came along with Java. The concern is that a programmer could possibly write a program that would lock up your system. The way this could be done is by writing a program so that it infinitely requests memory. This way, regardless of the machine on which it is run, the program would eventually gain all working system memory, effectively locking the machine. When the machine is in this state the user cannot use the proper shut down routine, assuming the machine has one, since there it no memory for it to run in. This can cause many problems because most of todayís, widely used, operating systems do not actually write a file to the disk when the save command is given. Instead, the files hangs around in memory to allow quicker access and to wait, to do the time consuming write, until there is a smaller system load. Should the lock up occur on such a system, any files that have not yet been written will be lost. These files could vary from an insignificant e-mail to a important report. As it is easy to see this problem definitely needs a solution.[4]

What harm is possible?

When a Java program, similar to the one described above, is distributed via the Internet it can affect many computers. Luckily the interpreters built into Netscape and other Java supporting browsers donít allow file access by any program. This secures the user against the possibility of the program altering or erasing his/her hard drive, or any floppy disk that happens to be in a drive. This means that no viruses can be distributed via Java since there is no way for a program to save and replicate itself. However, as described above, the unlimited use of memory can cause great damage. It could result in the loss of a vital report or even a businessís financial transactions. With more and more people using computers for more and more tasks, there is the possibility of greater and greater harm. Examples of this could be the loss of wills, bank transactions, scientific data, etc.

What is being done?

There have been many different ideas regarding how to stop this problem from happening. The simplest of which is for the user to simply turn off the Java feature on their Web Browser. This solution however, is unacceptable for most since the proper use of Java adds a new dimension to the World Wide Web and opens up a wide range of possibilities for web designers.

Another way it could be handled is through the use of a digital signature. In this scenario every applet would have itís own identifying signature. This signature could then be checked against a list of signatures that are know to be non harmful. The problem with this idea is that someone may find a way to copy the signature which would breach the security of the system. Another problem is that it would be a ridiculous task to try and list all the valid applets being used throughout the world.

A memory limit could be set within the interpreter, just as the disk access restriction is made. This way a program could not use the total memory. A similar fix is to set a check within the operating system itself. It could restrict any one program from using ëtoo muchí memory. The problem with these fixes is that it would be difficult to determine where to draw the line on memory consumption.

These are just a few possibilities, but from these we can see that whatever path is chosen will result in some type of limitation. Hopefully this limitation will not restrict too many users or programmers.

The future of Java!

Although Java is currently being used mainly for web pages, the hope is that it will soon become part of objects we use everyday. Java has been used to make a web browser and is currently being used in the writing of an operating system. This operating system will be used as the OS for a web box. It is also to be used in personal electronic devices.

Currently Java has been used to create some very innovative web pages. It has been used to create investment applications, learning tools, and database access via the web. Also, Kodak has created a tool to bring editable images to the web and there are also up to date weather forecasts available. If things go as planed in the near future we will see Java impacting many aspects of our lives.[3]

For Further Information

To find out more about Java from how it started to how to get it go to Sunís Java web page.

References

[1] Cornell, Gary. "Core Java," SunSoft Press, Mountain View, California, 1996, pp.xiv,3-16.

[2] Sun Microsystems, "What Is Java?" [http://java.sun.com/nav/whatis/index.html], Dec 02 1996.

[3] Sun Microsystems, "Howís Java Being Used?" [http://java.sun.com/nav/used/index.html], Dec 03 1996.

[4] Dave Farber, [farber@central.cis.upenn.edu], "this is getting boring -- lock the edoors," in Interesting People, [interesting-people@eff.org], 18 May 1996. [1] Gretchen Walsh, [gwalsh@acs.bu.edu], "REPLY: Using African newspapers in teaching," in H-AFRICA, [h-africa@msu.edu], 18 October 1995.


© Bran Handley

Last Updated 12/04/96