Posted by
CowboyNeal
on from the eye-to-the-future dept.
newdaemon writes "Fortune
has a candid
interview
with Bill Joy about what he plans to do after leaving Sun and his opinions on many other topics, including his strong dislike of the C programming language and how the internet could evolve to take care of the problem of spam and viruses."
He is correct, but it's really not all the feasable in the real world. For all the people that say programmers should be grossly ineffecient, and let the newer processors take up the slack, there are thousands of companies that can't get their important programs to run fast enough, even after spending millions on computer hardware... Making everything in Java is only going to make the situation a couple orders of magnitude worse.
If Sun, or someone else, would come along and modify C slightly by removing unsafe functions, and providing alternatives, you could have the best of both, while not having to completely rewrite all the old code.
Joy may not be with Sun...
by
Bloodshot
·
· Score: 3, Insightful
...but he's acting like he still is.
This article is one big "Java can solve all the internet's problems" troll. As if Microsoft's problem is because their code is written in C instead of Java. That's ludicrous.
A programming language can't change people's behaviour. Only PEOPLE can change people's behaviour. Bill Joy's obviously a smart guy, but his railing against what he calls "antiquated" languages and his lack of understanding on why programming languages have nothing to do with e-mail viruses being able to spread so easily shows why Sun is no longer in such a position of prominence.
His statement about how he "designed solutions for problems that people didn't yet know they had" either shows a complete lack of understanding of the way NORMAL people use technology or he's started believing his own marketing spin about Java and Sun's other technologies.
It makes me wonder if Joy is leaving Sun because he's bitter that Sun couldn't take down Microsoft and that Java, while a very powerfull programming language that definitely has it's place in certain types of projects, isn't the language of choice for programmers everywhere.
Re:Joy may not be with Sun...
by
AdamBa
·
· Score: 3, Insightful
Indeed. Part of the interview is interesting, but the parts about Java and Windows are just market-speak. vi is a great editor, but Joy seems to have turned into a giant tool.
- adam
Re:Joy may not be with Sun...
by
alext
·
· Score: 2, Insightful
That's ludicrous.
Not really. If one had to describe Windows' vulnerabilities in a few phrases, buffer overflows, untrusted code and uncontrolled access would be a reasonable summary.
These vulnerabilities are all properly and intrinsically addressed in Java. It is not possible to circumvent the controls by sloppy or malicious programming, therefore Java does enforce secure behaviour.
Joy's comments might represent an exaggeration or simplification, not unreasonable considering the intended audience, but they clearly demonstrate more "insight" than the superficial blather offered above.
Idiot or Liar?
by
Anonymous Coward
·
· Score: 5, Insightful
Again, because that program is written in C, it's quite easy to design a virus to go through your e-mail address book and broadcast spam to all the people you know.
The problem with Outlook isn't "C," the problem with outlook is Javascript, VBScript, and Windows Scripting Host, which are PRECISELY the sorts of high-level languages [and their interpreters] that this little terd is advocating.
Or is he just a common liar? I dunno - you be the judge.
No, but you could easily write an e-mail client in Java that interpreted scripts in the body or header fields of an incoming mail by default, and allowed those scripts to do things they shouldn't. This is the single biggest problem with Outlook (Express) and the reason it's responsible for so many virus/spam problems. It has nothing to do with the language used to implement it, and everything to do with the flawed architectural and security policy decisions in its design.
Using a "more secure" language like Java does zip to address this sort of problem. As the post further up the thread said, the really useful concept in Java is the "sandbox" idea for code that's executing, not the minor improvements to the language itself.
-- If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
But, then, the Solaris kernel is not a distributed program to be run over networks.
As long as a language is "faster" than the network, it'll be fast enough for that kind of use. E.g., there's no particular reason to write a browser in assembly because it spends almost all of its time waiting for the netowrk to do something.
-- -- Slashdot: When Public Access TV Says "No"
Re:If C had had bounds checking
by
MisanthropicProggram
·
· Score: 2, Insightful
You are absolutely correct. Somehow, somewhere, programming langauges have become required to compensate for programmer laziness/productivity/whatever... Just because a programming language allows a programmer to do stupid things doesn't make it inferior. The things that allow you to do stupid things also make extrememly powerful. Write a device driver/embeded system/OS in Java... I don't think so.
But I'd feel more respect for his comments if he hadn't said
>so many companies use Microsoft Outlook for reading e-mail. Again, because that program is written in C, it's quite easy to design a virus to go through your e-mail address book and broadcast spam to all the people you know. As soon as your company starts using Outlook, you can see
Outlook's scriptability has nothing to do with its being written in C++.
Outlook's UI for attachment handling has nothing to do with its being written in C++.
Outlook's historical willingness to do dangerous things driven by HTML code in the preview pane has nothing to so with its being written in C++.
The problems Joy mentioned, of email forwarding itself to everyone in the address book, are not accidental buffer overflows. They're the malicious use of features intentionally designed into the program.
Rant continued...
by
pVoid
·
· Score: 3, Insightful
if you're running a monoculture of software--duh, this is not good. People have studied how to make software systems more reliable by running three distinctly diverse implementations at the same time and then comparing the results. That's what they used to do in the space program, when not only were redundant systems built for, say, guidance, but each of them also ran on different computers with different software.
Who here runs their hosted sites on two round-robined boxes with distinct kernels and Apache versions?
Nature deals with breakdowns in a complex system with evolution, and a very important part of evolution is the extinction of particular species. It's a sort of backtracking mechanism that corrects an evolutionary mistake. The Internet is an ecology, so if you build a species on it that is vulnerable to a certain pathogen, it can very well undergo extinction. By the way, the species that go extinct tend to have limited genetic diversity.
Are you implying that Microsoft Windows is vulnerable to extinction precisely because it is so dominant?
He, and the article writer, are playing the circle-j*rk game by feeding each other soft-balls...
But the analogy is poorly 'implemented' at best. If anything, Microsoft's culture could be compared to a termite infestation (revel you little zealots - I've just insulted microsoft), but in no case is it actually on the road to extinction. Extinction right now is a bad looming shadow for *BSD and BeOS and OS/2 etc...
Why is the analogy broken? Because the oxygen and glucose of software is money. Not electricity and bandwidth as some might believe. These aren't real life forms, as such your model isn't bound by the same rules. Microsoft is actually from a market perspective WAAAAY more genetically diverse (it's spreading its market investment at an incredible rate) than any other software company out there. If anything, the slashdot people have figured it out: they are like the borg right now, assimilating any genetic makeup they can.
His analogy is fucking broken.
Fuck this shit, I've flipped the bozo bit on this guy...
Re:modular programming
by
elmegil
·
· Score: 2, Insightful
The kernel was re-written to be modular 15 years ago, which you'd know if you had read more than the first page of the article. As for the other layers of the OS, much of that is modular too; it's called "packages", quite similar to "rpms" that you might have heard of.
-- 7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
Java : C :: Emacs : vi
by
achurch
·
· Score: 4, Insightful
Am I the only one getting tired of the "my language is better than your language" holy wars? Yes, Java can do some things by default that C can't, by default--buffer overflow checks, for example--but that doesn't make it necessarily "better". One could argue that Java's way of checking everything for you makes programmers lazy, and more likely to make mistakes that Java can't catch--cross-scripting holes, for example.
In the end, an experienced C programmer can get the same job done with the same quality in C as an experienced Java program can in Java, and that ought to be good enough for anybody.
Re:Java : C :: Emacs : vi
by
jemfinch
·
· Score: 5, Insightful
In the end, an experienced C programmer can get the same job done with the same quality in C as an experienced Java program can in Java, and that ought to be good enough for anybody.
This simply isn't the case.
Studies have shown (if you're interested, the relevant studies are referenced in "Code Complete" by Steve McConnell) that programmers are capable of writing approximately the same number of lines of code per unit of time in whatever language they program in. Whether it's C, Java, or Sparc Assembler, they'll write pretty much the same number of lines of code in day.
The catch, however, is the expressivity of the languages used. A thousand lines of C will certainly "do more" than the same number of lines of Sparc assembler. Likewise (though arguably not on the same scale), a thousand lines of Java will certainly "do more" than the same number of lines of C. So disregarding errors for the moment, programmers are more productive in a higher level language like Java than they are in C or Sparc assembler.
Now, as far as errors go: it's true that experienced programmers (in whatever language) will make fewer mistakes than less experienced programmers. But they're still human, and even if you're Donald Knuth himself, you're still going to make mistakes. The fact is that mistakes in C are far more costly than mistakes in Java. You can have off-by-one errors in both languages. In Java, however, your program will raise an out of bounds exception and, at worst, halt. In C, such a mistake could easily lead to a buffer overflow security flaw that can be exploited for elevated privilege. The same error in C and in Java is far more costly in C than in Java.
With even higher level languages, entire classes of mistakes cannot even exist, but I don't have time to go into the advantages of such languages like SML or Haskell.
Programmers no matter how experienced, are going to make mistakes. What matters is how costly those mistakes are. And they cost a whole lot more in C than in Java.
Re:Java : C :: Emacs : vi
by
SewersOfRivendell
·
· Score: 2, Insightful
You are missing the point. It's not a matter of dislike. Preference doesn't enter into it. Buffer overflows are a fact of life in C. Anytime you have unchecked array access, you're going to have that problem.
That doesn't make C an awful, bad language, necessarily, but to it does imply that too many programs are written in C that would be better written in say, Python, or Ruby. If you're not in the kernel or doing something truly performance-sensitive like A/V work, you really shouldn't be using C. If you want other people to use your programs, it's your responsibility to write them as safely as possible.
Mind you, the language is only part of the security problem -- and a small part, at that. But programming defensively has to start somewhere, and it might as well start by eliminating an entire class of bugs by using an appropriately safe language.
Classic Bill Joy
by
Timesprout
·
· Score: 4, Insightful
Some wonderful conceptualisations and insights into technology closely followed by statements that make you wonder if Bill is actually in the same universe as us, nevermind on the same planet.
Anyway thanks for Java, its a fantastic development language, please stop telling us we are going to have/need JINI in every toaster, lightfitting and piece of cutlery we own and best of luck for the future.
-- Do not try to read the dupe, thats impossible. Instead, only try to realize the truth What truth? There is no dupe
He is blaming security holes on the fact that programs are written in C? Retarded.
You can leave gaping holes in things while using Java (what he keeps using as the cure all), and you can write secure things in C.
It is not the fault of the language, it is the fault of the program design and/or implementation if there is a security hole in it.
--
There are some odd things afoot now, in the Villa Straylight.
Re:Imagine that you are an alcoholic...
by
emil
·
· Score: 2, Insightful
Fortran is easier to optimize and vectorize than C, which is why it has a strong hold on scientific computing. Optimizers can assume a great deal about Fortran programs that cannot be assumed about C.
Cobol is still alive and well in many business-oriented computing environments. There are Cobol programmers working in the office down the hall from me. New systems implementations in Cobol continue today.
C/C++ is not secure? Setting the record straight.
by
Mybrid
·
· Score: 1, Insightful
The list goes on and on. Just because Microsoft can't get Windows right has nothing to do with C/C++. However, to date NO operating system has been written in Java and NO database has been written in Java. Java is untested in the mission critical apps of OS'es and Databases. A JVM is not an OS.
Outlook is susceptible to viruses MOSTLY because scripting is enabled. Web Browsers are susceptible to viruses becasue scripting is enabled.
Cheers! -Mybrid
Re:Imagine that you are an alcoholic...
by
rlowe69
·
· Score: 2, Insightful
Java... isn't ready to be used for anything with a GUI or where startup time matters.
This is a myth and it's been debunked so many times I stopped counting. Look at the Eclipse project -- the Win32 UI is native (written using SWT) and just as responsive as apps written in C++.
-- -----
rL
Re:Imagine that you are an alcoholic...
by
Darren+Winsper
·
· Score: 2, Insightful
Java can't take Ada's place until the Real-Time extensions are mature enough. Currently, implementations are a bit thin on the ground and well enough tested to be entrusted with stuff that Ada is typically used for.
Past his expiration date
by
crucini
·
· Score: 3, Insightful
Bill Joy is just a typical old programmer full of whimsical opinions. The only reason he's being interviewed by Fortune is that he was in the right place at the right time and is therefore rich. If you read his "six phases" description you see that he basically stopped working in 1987. After that, he just putzed around. I think it's pretty obvious that with Sun in bad financial shape, McNealy finally kicked him out.
Joy comes close to saying Solaris should be re-written in Java. He's not very realistic. When I think of secure programs, I think of qmail, postfix and djbdns. All written in C. I can't even name a Java mailserver or DNS server off the top of my head.
Another reason spam is so bad is that so many companies use Microsoft Outlook for reading e-mail. Again, because that program is written in C, it's quite easy to design a virus to go through your e-mail address book and broadcast spam to all the people you know.
Outlook's numerous viruses are not caused by the program being written in C or C++. They are caused by Outlook's support for active content. The problem would still exist if Outlook were re-written in Java. I wonder if nobody in Joy's circle dares to correct him on this, or if he's been corrected and just didn't hear.
Take any random clever programmer over 30 and give him $100 million. He will wander off into the sunset, murmuring about his brilliant new idea for re-architecting the internet or something. He will never again do or say something relevant.
Exceptions in java are not "invisible" In fact, you have to check for declared thrown exceptions (but not 'runtime' exceptions). In the API declared thrown exceptions are caused by external problems (like a missing file, closed socket, etc) while Runtime exceptions are usually caused by programmer error (like null pointers), and can be avoided by poor programming.
If your python app is choaking on invalid input, it's because you can't program for shit, not because exceptions suck. If it was a C app, you'd simply segfault or something equally ridiculous. And you'd never know why. At least with the stack trace you can quickly pinpoint your problem and deal with it.
Slashdot Mirror
He is correct, but it's really not all the feasable in the real world. For all the people that say programmers should be grossly ineffecient, and let the newer processors take up the slack, there are thousands of companies that can't get their important programs to run fast enough, even after spending millions on computer hardware... Making everything in Java is only going to make the situation a couple orders of magnitude worse.
If Sun, or someone else, would come along and modify C slightly by removing unsafe functions, and providing alternatives, you could have the best of both, while not having to completely rewrite all the old code.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
...but he's acting like he still is.
This article is one big "Java can solve all the internet's problems" troll. As if Microsoft's problem is because their code is written in C instead of Java. That's ludicrous.
A programming language can't change people's behaviour. Only PEOPLE can change people's behaviour. Bill Joy's obviously a smart guy, but his railing against what he calls "antiquated" languages and his lack of understanding on why programming languages have nothing to do with e-mail viruses being able to spread so easily shows why Sun is no longer in such a position of prominence.
His statement about how he "designed solutions for problems that people didn't yet know they had" either shows a complete lack of understanding of the way NORMAL people use technology or he's started believing his own marketing spin about Java and Sun's other technologies.
It makes me wonder if Joy is leaving Sun because he's bitter that Sun couldn't take down Microsoft and that Java, while a very powerfull programming language that definitely has it's place in certain types of projects, isn't the language of choice for programmers everywhere.
Again, because that program is written in C, it's quite easy to design a virus to go through your e-mail address book and broadcast spam to all the people you know.
The problem with Outlook isn't "C," the problem with outlook is Javascript, VBScript, and Windows Scripting Host, which are PRECISELY the sorts of high-level languages [and their interpreters] that this little terd is advocating.
Or is he just a common liar? I dunno - you be the judge.
But, then, the Solaris kernel is not a distributed program to be run over networks.
As long as a language is "faster" than the network, it'll be fast enough for that kind of use. E.g., there's no particular reason to write a browser in assembly because it spends almost all of its time waiting for the netowrk to do something.
-- Slashdot: When Public Access TV Says "No"
You are absolutely correct. Somehow, somewhere, programming langauges have become required to compensate for programmer laziness/productivity/whatever... Just because a programming language allows a programmer to do stupid things doesn't make it inferior. The things that allow you to do stupid things also make extrememly powerful. Write a device driver/embeded system/OS in Java ... I don't think so.
There is no spoon or sig.
But I'd feel more respect for his comments if he hadn't said
>so many companies use Microsoft Outlook for reading e-mail. Again, because that program is written in C, it's quite easy to design a virus to go through your e-mail address book and broadcast spam to all the people you know. As soon as your company starts using Outlook, you can see
Outlook's scriptability has nothing to do with its being written in C++.
Outlook's UI for attachment handling has nothing to do with its being written in C++.
Outlook's historical willingness to do dangerous things driven by HTML code in the preview pane has nothing to so with its being written in C++.
The problems Joy mentioned, of email forwarding itself to everyone in the address book, are not accidental buffer overflows. They're the malicious use of features intentionally designed into the program.
Who here runs their hosted sites on two round-robined boxes with distinct kernels and Apache versions?
Nature deals with breakdowns in a complex system with evolution, and a very important part of evolution is the extinction of particular species. It's a sort of backtracking mechanism that corrects an evolutionary mistake. The Internet is an ecology, so if you build a species on it that is vulnerable to a certain pathogen, it can very well undergo extinction. By the way, the species that go extinct tend to have limited genetic diversity.
Are you implying that Microsoft Windows is vulnerable to extinction precisely because it is so dominant?
He, and the article writer, are playing the circle-j*rk game by feeding each other soft-balls...
But the analogy is poorly 'implemented' at best. If anything, Microsoft's culture could be compared to a termite infestation (revel you little zealots - I've just insulted microsoft), but in no case is it actually on the road to extinction. Extinction right now is a bad looming shadow for *BSD and BeOS and OS/2 etc...
Why is the analogy broken? Because the oxygen and glucose of software is money. Not electricity and bandwidth as some might believe. These aren't real life forms, as such your model isn't bound by the same rules. Microsoft is actually from a market perspective WAAAAY more genetically diverse (it's spreading its market investment at an incredible rate) than any other software company out there. If anything, the slashdot people have figured it out: they are like the borg right now, assimilating any genetic makeup they can.
His analogy is fucking broken.
Fuck this shit, I've flipped the bozo bit on this guy...
The kernel was re-written to be modular 15 years ago, which you'd know if you had read more than the first page of the article. As for the other layers of the OS, much of that is modular too; it's called "packages", quite similar to "rpms" that you might have heard of.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
Am I the only one getting tired of the "my language is better than your language" holy wars? Yes, Java can do some things by default that C can't, by default--buffer overflow checks, for example--but that doesn't make it necessarily "better". One could argue that Java's way of checking everything for you makes programmers lazy, and more likely to make mistakes that Java can't catch--cross-scripting holes, for example.
In the end, an experienced C programmer can get the same job done with the same quality in C as an experienced Java program can in Java, and that ought to be good enough for anybody.
Some wonderful conceptualisations and insights into technology closely followed by statements that make you wonder if Bill is actually in the same universe as us, nevermind on the same planet.
Anyway thanks for Java, its a fantastic development language, please stop telling us we are going to have/need JINI in every toaster, lightfitting and piece of cutlery we own and best of luck for the future.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
He is blaming security holes on the fact that programs are written in C?
Retarded.
You can leave gaping holes in things while using Java (what he keeps using as the cure all), and you can write secure things in C.
It is not the fault of the language, it is the fault of the program design and/or implementation if there is a security hole in it.
There are some odd things afoot now, in the Villa Straylight.
Fortran is easier to optimize and vectorize than C, which is why it has a strong hold on scientific computing. Optimizers can assume a great deal about Fortran programs that cannot be assumed about C.
Cobol is still alive and well in many business-oriented computing environments. There are Cobol programmers working in the office down the hall from me. New systems implementations in Cobol continue today.
Let's investiage:
1.) Solaris: C/C++
2.) Linux: C/C++
3.) Oracle: C/C++
4.) DB2: C/C++
The list goes on and on. Just because Microsoft can't get Windows right has nothing to do with C/C++. However, to date NO operating system has been written in Java and NO database has been written in Java. Java is untested in the mission critical apps of OS'es and Databases. A JVM is not an OS.
Outlook is susceptible to viruses MOSTLY because scripting is enabled. Web Browsers are susceptible to viruses becasue scripting is enabled.
Cheers!
-Mybrid
Java ... isn't ready to be used for anything with a GUI or where startup time matters.
This is a myth and it's been debunked so many times I stopped counting. Look at the Eclipse project -- the Win32 UI is native (written using SWT) and just as responsive as apps written in C++.
----- rL
Java can't take Ada's place until the Real-Time extensions are mature enough. Currently, implementations are a bit thin on the ground and well enough tested to be entrusted with stuff that Ada is typically used for.
Joy comes close to saying Solaris should be re-written in Java. He's not very realistic. When I think of secure programs, I think of qmail, postfix and djbdns. All written in C. I can't even name a Java mailserver or DNS server off the top of my head.
Outlook's numerous viruses are not caused by the program being written in C or C++. They are caused by Outlook's support for active content. The problem would still exist if Outlook were re-written in Java. I wonder if nobody in Joy's circle dares to correct him on this, or if he's been corrected and just didn't hear.
Take any random clever programmer over 30 and give him $100 million. He will wander off into the sunset, murmuring about his brilliant new idea for re-architecting the internet or something. He will never again do or say something relevant.
Exceptions in java are not "invisible" In fact, you have to check for declared thrown exceptions (but not 'runtime' exceptions). In the API declared thrown exceptions are caused by external problems (like a missing file, closed socket, etc) while Runtime exceptions are usually caused by programmer error (like null pointers), and can be avoided by poor programming.
If your python app is choaking on invalid input, it's because you can't program for shit, not because exceptions suck. If it was a C app, you'd simply segfault or something equally ridiculous. And you'd never know why. At least with the stack trace you can quickly pinpoint your problem and deal with it.
autopr0n is like, down and stuff.