Showing posts with label Java. Show all posts
Showing posts with label Java. Show all posts

Monday, September 18, 2023

Why Java still matters

With the release of Java 21, the conversation on the relevance of the venerable programming language restarted. But a more important question remains, does Java still matter?

Photo by Mike Kenneally on Unsplash

What announcement would you like to see in Java 21 that would make you excited? Well, for most people, actually nothing. Because, you know, what's exciting with a predictable, slow-paced, stable, widely adopted enterprise programming language?

Read to find out.

A little bit of Java History

Java was originally developed by James Gosling at Sun Microsystems in 1991. The goal was to develop a small, reliable, portable, distributed, real-time operating platform. The language was initially called Oak, later renamed to Green and finally renamed Java, from Java coffee, a type of coffee from Indonesia.

Officially released in 1995, Java quickly became popular for developing web applications. The Java Virtual Machine (JVM) allowed Java code to run on any platform that had a JVM, which made it a very versatile language. Java is also a very secure language, which made it a good choice for developing web applications.

Key events in Java's history

For brevity, here are some of the key events in the history of Java:

  • 1991: James Gosling starts the Java project at Sun Microsystems.
  • 1995: Java 1.0 is released.
  • 1996: Java becomes a popular language for developing web applications.
  • 1998: Java 1.1 is released, adding new features such as garbage collection and threads.
  • 2000: Java 1.2 is released, adding new features such as swing and applets.
  • 2004: Java 5 is released, adding new features such as generics and annotations.
  • 2009: Java 6 is released, adding new features such as concurrency improvements and a new security manager.
  • 2014: Java 8 is released, adding new features such as lambda expressions and streams.
  • 2017: Java 9 is released, adding new features such as modules and a new garbage collector.
  • 2018: Java 10 is released, adding new features such as a new date and time API.
  • 2019: Java 11 is released, adding new features such as a new HTTP client and a new text block literal.
  • 2020: Java 12 is released, adding new features such as switch expressions and sealed classes.
  • 2021: Java 13 is released, adding new features such as text blocks and pattern matching.
  • 2022: Java 14 is released, adding new features such as sealed interfaces and record classes.
  • 2023: Java 21 is released.
Looks like a pretty good cadence for a 30 year old programming language.

Applications

So where does Java run? Well, these days Java runs pretty much everywhere:

Enterprise Application Development

Java is commonly used to build large-scale, mission-critical applications for business operations. These applications can include customer relationship management (CRM) systems, enterprise resource planning (ERP) software, and supply chain management solutions.

Web Development

Java is used to build robust and scalable web applications. Companies often use Java-based frameworks like Spring and JavaServer Faces (JSF) to create web applications that handle high traffic loads, such as e-commerce websites and online banking platforms.

Mobile App Development

Java is one of the primary languages used for Android app development. Many Fortune 1000 companies develop Android applications for their customers, employees, or partners

Big Data and Analytics

Java is used in big data processing and analytics applications. Companies leverage Java libraries and frameworks, such as Apache Hadoop and Apache Spark, to analyze large volumes of data and gain insights for decision-making.

Middleware and Integration

Java is often used to develop middleware components and integration solutions. These components help connect various software systems and applications within an organization, enabling data flow and communication between them.

Cloud Services

Java is used to develop and run applications on cloud platforms like AWS, Azure and GCP. Java-based microservices and containers are common in cloud-native architectures.

Internet of Things (IoT)

Java can be used to develop IoT applications and solutions. It's used to create firmware for IoT devices and build backend systems that collect and process data from these devices.

Security

Java's security features are essential for companies. It's used in developing secure authentication systems, encryption algorithms, and secure communication protocols to protect sensitive data.

Financial Services

Many large financial institutions rely on Java for their trading platforms, risk management systems, and banking applications due to Java's performance and reliability.

Customer Support

Java is used to develop customer support systems, including chatbots and helpdesk applications, to improve customer service and streamline support operations.

Supply Chain and Logistics

Companies use Java to build applications that manage and optimize their supply chain, inventory, and logistics operations, helping them reduce costs and improve efficiency.

Content Management Systems (CMS)

Java-based CMS platforms are used for managing and delivering digital content on websites and other digital platforms.

E-commerce

Java is frequently used for developing e-commerce platforms, shopping carts, and payment processing systems to support online sales operations.

Data Warehousing

Java is used in the development of data warehousing solutions that enable companies to store, process, and retrieve large volumes of structured and unstructured data for analysis and reporting.

What's new in Java 21

Finally, let's jump into Java 21 (released in September 2023). The release adds many interesting features are being added to the language including:

  • Virtual Threads: Virtual threads are a new lightweight threading abstraction that can be used to improve the performance of multithreaded applications.
  • Record Patterns: Record patterns are a new feature that can be used to deconstruct record values in a more concise and readable way.
  • Pattern Matching for switch: Pattern matching for switch is a new feature that can be used to match values in a switch statement in a more concise and readable way.
  • Sequenced Collections: Sequenced collections are a new type of collection that provides direct access to the first and last elements of the collection.
  • String Templates: String templates are a new feature that can be used to simplify the process of string formatting and manipulation.
  • Unnamed Classes and Instance main() Methods: Unnamed classes and instance main() methods are preview features that can be used to simplify the code for small, self-contained classes and methods.

Does Java still matter?

But the question remains: does Java still matter? Well, given the extensive reach and adoption of the language, the answer is of course, a lot!

But in case you are still not convinced, here are some reasons why Java still matters:
  • Popularity: Java is still a very popular programming language today. It is used by millions of developers around the world and is the language of choice for many large and complex applications.
  • Portability: Java code can run on any platform that has a Java Virtual Machine (JVM). This makes it a very versatile language that can be used to develop applications for a wide range of devices.
  • Robustness: Java is a very robust language that is designed to be secure and reliable. It has a number of features that help to prevent errors and crashes, such as garbage collection and exception handling.
  • Performance: Java code can be very performant, especially when it is compiled to native code. This makes it a good choice for developing high-performance applications.
  • Enterprise adoption: Java is by far the most popular language of the enterprise. And that's not changing anytime soon.
  • Community: Java has a large and active community of developers. This means that there are plenty of resources available to help you learn and use the language.
  • Tooling: There are a wide variety of tools available for Java development, including IDEs, debuggers, and code quality tools. This makes it easy to develop and debug Java code.
  • Ubiquity: Java is everywhere. Java runs anywhere.

What the future holds for Java

Despite the apparent slowness in adhering to new trends, Java is an actively evolving language. Each new version adds new features and improvements, making Java a powerful and versatile language that is still relevant today.

Those who complain that Java is slow don't understand successful products and enterprise software. This cadence is required when your solutions run on billions of devices, process billions of dollars in financial transactions, and support 5-9's SLA. How simple do you think that is?

Conclusion

In summary, don't let the doomers convince you. Java still matters!

And in case it helps, here's one reason to (re)consider Java: Java is not going away anytime soon. I predict at least another 20 years of strong support for Java. So for those that like a stable language, a great ecosystem, no shortage of work, a great salary and a great career should consider learning and working with the language.

Monday, October 22, 2018

Integrated security vulnerability alerts on GitHub - Why it matters

How GitHub's integrated security vulnerabilities could help developers using the platform?
Last week during GitHub Universe 2018, GitHub announced support for security vulnerability alerts for Java and .NET platforms. It's a significant contribution for the .Net and Java communities on GitHub because it simplifies, clarifies and alerts organizations and project owners about vulnerabilities on dependencies used on their code base.

Sounds complicated? Let's review what the announcement says:
With security vulnerability alerts, organization owners and repository admins receive a notification when any of their projects has a dependency with a known vulnerability.

How it works

By tracking public vulnerabilities in packages from supported languages on MITRE's Common Vulnerabilities and Exposures (CVE) List, GitHub notifies repo owners and alerts them of the risk.  By default, security alerts will be sent to owners and people with admin access in the affected repositories.

Apart from alerts, you should also see on your dashboard something like the below on the Insights tab, Alerts navigation menu of your GitHub repository:

GitHub now alerts about public vulnerabilities on your project

Apart from the above, other nice additions were added:
  • You will get weekly emails summarizing security alerts for up to 10 of your repositories
  • Most of that is configurable within GitHub
  • Works for both public and private repos
  • More importantly, GitHub never publicly discloses identified vulnerabilities for any repository.

Fixing the vulnerability

But knowing of potential vulnerabilities is just the first step. The next step is to address the issue and update the packages. Since .Net users usually update their packages using the Nuget package manager with packages located on Nuget.org, let's look at a concrete example: how to fix a recent vulnerability on Microsoft.Data.OData.

Microsoft.Data.OData is a very popular package. With 33+ Million downloads, it's being used in multiple 3rd party packages and probably you're using it on your projects too. Here's what I see on Nuget.org:

According to GitHub, CVE-2018-8269 was opened just last month and includes a vulnerability on every version < 5.8.4. Here's what the issue says:
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.

So let's update the dependency and patch the vulnerability.

Updating Microsoft.Data.OData

As you know, the update of a package can be done in multiple ways. Using Visual Studio or from the command line with:

Using the Package Manager:
Install-Package Microsoft.Data.OData -Version 5.8.4

Using the .NET CLI:
dotnet add package Microsoft.Data.OData --version 5.8.4

Once you've done that, rebuilt and redeployed, you're protected from CVE-2018-8269 at least =) .

Conclusion

Bugs security issues are always being found and fixed on libraries that we use. Reason why we should always try to keep our packages up to date.

But it's not trivial to scan all packages we use against the CVE database. Note that the CVE above does not state which version it applies to. Imagine how difficult and time-consuming it would be monitoring all the dependency chain ourselves. That's why this service from GitHub is very much appreciated!

Let's leverage this very useful feature for our benefit and keep our code secure.

And please, spread the word!

About the Author

Bruno Hildenbrand      
Principal Architect, HildenCo Solutions.