water cooler :: Java rant



<rant>

I have never liked java. It's slow. It's bloated. It takes space. If you haven't ever tried to start Netbeans, be warned.

So far I have had a choice. There was nothing I couldn't get without java. But now, my bank is forcing it on everyone.
They announced it in december. That they "need improved security only java can offer". As soon as I heard I mailed them a slightly heated feedback.
I'm quite sure there are better ways than java to have security. What they do is forcing something on everyone, closing some people out.

What's next, forced Flash 9 or you can't email? :p

They happen to offer the best interest rates around here. But after that I couldn't use their web access, at all. Should I switch banks?

Right after new year they stopped my login every time, saying I need to download java, before february, or else. And that I don't seem to be using IE. And instructions how to get java for IE. So far I've gotten in after that.

They said the "new security" will look exactly the same. Ask the same things, aka one of your personal disposable security numbers. How the heck can something that slows my comp and browser down improve security?
What if it crashes my browser in the middle of typing a transaction?
It only brings trouble, not security.

</rant>

Any comments welcome, even "go get java you sucker".

I've thought of all the options java could bring.

They either only use java to ask for the number, or as a replacement for the site.
If it's only for asking, I fail to see any security increase. I still type it, keyloggers still log it.
And then it sends it to the server. Only use for a java app in here would be to encrypt the number for the way. But why? The connection is already 128-bit SSL encrypted. Man-in-the-middle works for that, it works wether the number in encrypted or not too. And no-one would benefit anything from getting a disposable number, as they would need a new one to do anything besides viewing. Which brings on the question, they would only want to do that in case they had broken the algorithm.
And if they had done that, I'm quite sure 99% of the clients don't have anything worth doing that much work.

If it's a full site replacement, more slowdown, no security gains.

I just fail to see a point in all this. Does anyone know any advantage of using java in here?

I was an early adopter of Java. Attended the first three JavaOne conferences, still have my Java ring. IMHO it is a shame what happened to Java. I regret having tried to implement it. Actually I wanted to use Python but it was too early then, early 90's. Now I don't have any interest in Java. To me, Java is like the new COBOL, business people seem to want it, but for programmers it is laborious to code and not much to show for your efforts.
I imagine they'd be talking about improved security at their end - on the server.

I don't know much about Java but as I understand it it runs isolated from the hardware beneath it -> supposed to kind of "sand box" server-side applications.  Or something?

It really depends on the target and goals.  Java in most cases is very convenient to developers (includes many useful things to import in the core) and easily portable.

Saying that, I do avoid java applications for my own use... due to slow load times, heavier resource usage, etc.

WDef: yes, I think it's referred to as the java virtual machine

Next Page...
original here.