Back in about 2001/2, some of us Java Authors were invited for a week up in Seattle to spend time on the MS campus to learn more about .NET from the developers -quite a fun little week. I remember discussing .NET app security with one person, and asking why hadn't they learned the lessons from ActiveX and Java and said "every .NET binary must be signed". It would be great: easy to verify that no file had been corrupted by a virus -just check its signature- and easier to do antivirus stuff that revoked the keys of corrupt code. That's with sandboxing: you still want to run all code in a sandbox; the signature gives you more of an audit trail. But the dev team said "no, we don't want to do anything that stops programs running on Windows". That's a flaw in windows -runs insecure Win16 and DOS junk as well as modern code, but its a strength: all your old apps still work, And MS don't try and lock down the platform. Even though they don't distribute Java, they do push out Flash with the OS (And I think update it), and the Sun JVMs work well. Which is good, because no matter where your server-side Java code runs, you need a desktop to develop on, or a laptop. And while Linux is better, it's laptop experience is still, well, mixed. Better than before, but still mixed enough I'm not going to bother upgrading any machine of mine to last week's Ubuntu 10.10 release, not now I have consistency everywhere, the laptop display driver stable and even working with external displays provided I reboot plugged in to it.
At home, we have a Mac. It lets the others in the house run the apps they want, gives me a Unix system for Java dev, and I am more confident I can lock it down than I can secure Windows. Plus two weeks of running Vista left me traumatised, and I haven't yet created a Win7 VM to see if it's improved.
But now Apple has announced some new things, and with them a message: Steve Jobs doesn't want me, Steve L, coding on his machines. Indeed, he doesn't want any code on his boxes that isn't objective C, ideally resold through the itunes app infrastructure.
- The latest airbook doesn't ship with flash
- The next OS/X release May not ship with Java, which apple now "deprecate".
- The fancy new app download infrastructure won't support any Java app (remember, it's deprecated), or implictly, anything else that runs in the JVM
Strategically, Apple don't gain by having portable apps running on their devices. In the phones and iPad they just don't allow it, plain and simple. But this is taking the desktop the same way -removing the portable runtimes, only supporting OS/X code in Objective C. Oh, yes, right now you can maybe code in other things -but for how long? At what point does your portable platform become enough of a threat that Apple say "we will stop it running?". And where do improvements in HTML5 and JavaScript get viewed as enough of a threat that they suddenly say "these features will not go into Safari" and "we are going to stop you running Mozilla or Chrome".
Microsoft have never done this. Yes, they've tried to subvert Java, yes IE3 gave us ActiveX, IE4, IE5 and IE6 tried to give the world a web that was windows only, but none of that worked. And even then, they let you run other browsers, they probably help Sun get Java working on windows by keeping them in the beta programs. Apple seem to be different: they view the machines you buy as "their" machines, and don't want you running anything other than their applications, code on their approved platforms. And as you can see, they get to change what they approve of on a whim.
I can see why they don't want you running Java on the desktop -you may be trying to write an Android app, possibly using the lovely IntelliJ IDEA, which now gives away the Android dev tools for free. And they don't want that, do they.
I wonder how others will react. I don't see Oracle or IBM rushing to support JVMs on the Mac, and while you could get Harmony or OpenJDK to work on it, not only will Apple not help you, where are you going to get the TCK to verify that the port meets the Java spec? Eh?
This is danger. It's a nice tool for MS and the linux people to use against the product, but it means at home that I'm not going to upgrade to any new OS version, and when that box is time to be replaced, it will be an HP box running a version of Linux I'm happy with. And I'm not going to let any member of my household own an iPod touch, iPhone or iPad. You have to take sides, and I am.