Continuations and web apps
I love some of the rationales for not doing continuations on the JVM. Like this, from LtU:
There are a variety of reasons why we haven’t implemented continuations in the JVM. High on the list: continuations are costly to implement, and they might reek havoc with Java SE security model. These arguments are pragmatic and a tad unsatisfying. If a feature is really important, shouldn’t we just bite the bullet?
I just had that conversation with a friend before he left for JavaOne. He's frustrated by a number of things in Java, which all go back to the needs of the security model - his point being that it has less relevance for a server side application. I'm running this application on a Smalltalk server, where arbitrary code could be loaded in at any time. Here's the catch though - only two people have permissions on the system. So in order to mount such a code loading attack, one of the two of us would have to do it. Hmm - seems unlikely.
Anyway, that led me to Tim Bray's post:
This notion, that the Web GUI is insufficiently interactive and we need something richer, is widely held among developers and almost never among actual users of computers, and it’s entirely wrong. I can remember when people were forced to use compiled Windows and X11 applications, and most of them were extremely bad because it’s really hard to design a good interactive UI; when the Web came along, more or less everyone abandoned those UIs in favor of the Web, almost instantly and with shrieks of glee.
I'm calling BS on that. I'm not sure which user base Tim has met that generated that reaction, but either it was an oddball bunch, or the client applications they had to start with sucked. A lot. I deal with sales staff all the time, and they absolutely despise the web based sales tools that have been forced on them. Heck, most of them still use ACT! (or something similar) for their own use, and use the web system as little as they can. In customer visits, I get the same kind of reactions from people about the web apps they've had rammed down their throats.
Here's the thing: web apps aren't useless, and in the right place they solve problems very well. However, no one should be deluded into thinking that this is being done "for the user" - it's being done for IT, which hates having to manage client system deployments across a diverse range of hardware and software. That's not an unreasonable reaction by IT, but no one should confuse the desires of IT with the desires of end users.
Comments
Continuations aren't worth breaking security.
[Mark Hughes] May 21, 2006 21:22:01.645
There are several ways to get code into a server, particularly if you're dealing with any kind of RPC system, which almost all enterprise software is these days.
Security is not something to leave to an afterthought, *especially* on the server. It's a vital service, and frankly it's irresponsible to the point of malfeasance to be working around that. If you hacked on the JVM to disable the security system, with the excuse that only you and one other guy had the access to use it, I'd have you fired and delete your hacks, and hope to hell you didn't compromise millions of dollars of business.
In any case, there are several alternative ways to do continuations in Java, and several completely different solutions to the same problems. Poorly-educated people often latch onto the first tool they find, and never try to consider alternatives. Real programmers realize that not every language has to behave exactly like their Favorite Toy Language.
Re: Continuations and web apps
[ James Robertson] May 21, 2006 21:57:15.823
Comment by James Robertson
Real Programmers solve business problems, instead of obsessing over trivia that isn't going to happen
Continuations and the JVM
[Patrick Logan] May 21, 2006 22:12:18.637
The Rhino Javascript implementation and the SISC Scheme implementation on the JVM implement continuations just fine. Of course they could be even more efficient if the JVM had more support. Probably the Bigloo Scheme implementation has these as well for the JVM and dotnet.
Real Programmers?
[Mark Hughes] May 24, 2006 15:50:02.087
Real Programmers don't leave giant gaping security holes that destroy millions of dollars of their employers' business, and especially don't do so just over a childish fit of pique that language J does not do feature X in the exact same way as language S.
If you don't believe code injection is possible, you have apparently missed out on the last 10 years of virus attacks, and deserve what you get when you're destroyed by them. Sadly, you will probably take a lot of innocent people and their money out with you.