Friday, February 11, 2005

Gosling Gooses Himself in Sydney

While this is getting to be old news, Gosling deserves to keep getting beaten up for this series of statements for a few weeks to come.

Before I to lay the boot in on this one, it is worth clearly outlining any prejuicides I have. To state the obvious, I'm a .NET guy. I harbor no ill will towards Java or open source, and congratulate them for making the computing world a better place. In an ideal world where I had more time, I'd embrace both fully. I don't have infinite time, and in the finite time I do have, I've chosen to be a .NET guy. More specifically, I concentrate on a very small section of .NET and Windows related to C++ and C#, performance, debugging, interop (Windows to .NET) and security. I know next to nothing about GDI, I have a working knowledge of data stuff but I'm no expect, I'm horrid at UI, and ASP.NET is largely uncharted territory for me. I have barely looked at Avalon, and don't rate WinFS. Indigo should be good, but at the moment WSE is where I'm concentrating. In short, I'm just as ignorant about large sections of .NET and Windows as I am about PHP or J2*E. However, in both cases I have no hostility towards the unknown.

Just in case you missed what Gosling said, let me quote the ZDNet article that I'm basing my spray on.

Java creator James Gosling this week called Microsoft's decision to support C and C++ on the Common Language Runtime (CLR) in .NET one of the "biggest and most offensive mistakes that they could have made". He further commented that by including the two languages into Microsoft's software development platform, the company "has left open a security hole large enough to drive many, many large trucks through".

Gosling is either significantly lacking in technical savy or deliberately lowering himself to the level of a vendor thug/ cheerleader who is spreads FUD through quarter truths and outright lies. Gosling must realize that Code Access Security (CAS) exists, and this gives you absolute control over the verifiability requirements of an assembly. I can find no evidence of CAS ever having been defeated in the three years plus that it has been protecting .NET systems, and zero evidence for any exploit related to .NET code.

To choose to attack Microsoft on this point smacks of absolute desperation, and even a tinge of losing touch with reality. Gosling seems quite bitter over the failure of Java to live up to the potential that he and Sun saw in it (i.e. taking over the world), I suspect that the web service revolution that has seriously reduced the relevance of the my platform versus yours debate has made him yesterdays man without the will or energy to re-invent himself.

A few further points:

  • C++ in .NET 2.0 can be fully verifiable (easily).
  • C++ in .NET 1.1 can be fully verifiable (with great difficulty).
  • Microsoft does not have a C compiler for .NET. I haven't seen (or looked) for one from another vendor.
  • And, as Chuck says in his response to Gosling, C++ (Managed Extensions or C++/CLI) is certainly not where it is at in todays .NET world.

    I can only imagine that many Java folks are cringing that this figurehead in their world has fallen into such a horrid rut.


    Post a Comment

    << Home