Oracle's Saab on Faster Java SE Release Cadence

Last week, Mark Reinhold, chief architect of Oracle's Java Platform Group, proposed a new, time-based release schedule for the Java SE Platform and the JDK that would provide a feature release every six months, update releases every quarter, and a long-term support release every three years. He also outlined some changes his team at Oracle plans to implement around OpenJDK. (Details here.)

After the annoucement I had a chance to talk with Georges Saab, vice president of development for Oracle's Java Platform Group and chairperson of the OpenJDK governing board, about what Reinhold proposed and what it means for the Java community.

"No one should be too surprised by this," Saab told me. "We've been talking with lots of people about a new release cadence and how that might work -- folks in the Java ecosystem, members of the [Executive Committee of the Java Community Process], people in the OpenJDK community, and just lots of developers. Many of the things we've been doing in Java SE 9 have actually laid the ground work for this change. We feel the time is right for the Java ecosystem to make this work."

Developers now expect their platforms to evolve quickly, Saab said, at a pace that keeps up with rapidly changing industry trends and gives them timely access to new tools and innovation. That expectation would be tough for Oracle and the JCP to meet without an acceleration of Java's release cadence.

"If you're only releasing a new major version every other year," he said, "you simply can't adapt as rapidly as you need to today. In Java 9, for example, we had close to 100 features that were done and ready to ship a year or longer before [the platform] would be ready. We simply didn't have a vehicle to put those features into the hands of developers. The proposed changes in the release cadence are intended to make sure all the great marbles aren't backed up behind basketballs."

For context, keep in mind that Java SE 6 was released in 2006, Java SE 7 in 2011, Java SE 8 in 2014, and Java SE 9 this month.

In his blog post, Reinhold backed off an earlier suggestion that the community adopt a release train model along the lines of the annual Eclipse Release Train, with a feature release every two years. Saab agreed that the model won't work, but he likes the analogy.

"Think of it this way," he said, "you're heading home after a long day at work to catch your train and you're running late. If it's an hour and 20 minutes until the next train, you're going to kill yourself running down the stairs to get there before the doors close. But if another train is coming in three minutes, you'll walk, hold onto the handrail, and get there without killing yourself. More frequent Java SE releases means developers are going to be more likely to wait if a feature isn't ready, rather than feeling they have to jam it in because it'll be a year before they get another chance."

Oracle is currently applying this thinking to Project Valhalla, the OpenJDK project that aims to improve Java's typing system and make the language more efficient at handling situations requiring identity-less types. "We're looking at ways we might be able to break down the project into smaller pieces that can come in successively over the course of several smaller releases," Saab explained. "It has been suggested that we could do the data classes first, and then pattern matching could come in as a second step."

If a faster release cadence is implemented for the Java Platform and the JDK, does that mean we won't see big changes in the future?

"Oh, big things are still coming," Saab said. "They'll just be coming in smaller pieces."

Posted by John K. Waters on 09/11/2017 at 12:20 PM0 comments


Oracle Proposes 6-Month Release Cadence for Java

Mark Reinhold, chief architect of Oracle's Java Platform Group, says "Java needs to move forward faster" if it's going to compete effectively with other software development platforms, which are evolving at a more rapid pace. He made that rather non-controversial declaration this morning on his personal blog, but he also offered a strategy for making this happen that might stir some debate.

Reinhold backed off an earlier suggestion that the community switch from its historical feature-driven release model to a time-driven "train" model (think Eclipse Release Train, with a feature release every two years.) "The two-year train model was appealing in theory, but it proved unworkable in practice," he wrote.

Instead, he's now proposing a strict, time-based release schedule for the Java SE Platform and the JDK that provides a feature release every six months, update releases every quarter, and a long-term support release every three years.

"That's fast enough to minimize the pain of waiting for the next train," he wrote, "yet slow enough that we can still deliver each release at a high level of quality, preserving Java's key long-term values of compatibility, reliability, and thoughtful evolution."

Specifically, Reinhold is proposing the following:

  • Feature releases can contain any type of feature, not just new and improved APIs, but also language and JVM features. New features will be merged only when they're nearly finished, so the release currently in development is feature-complete at all times. Feature releases will ship in March and September of each year, starting in March 2018.
  • Update releases will be strictly limited to fixes of security issues, regressions, and bugs in newer features. Each feature release will receive two updates before the next feature release. Update releases will ship quarterly in January, April, July, and October, as they do today.
  • Every three years, starting in September of 2018, the feature release will be a long-term support release. Updates will be available for at least three years and quite possibly longer, depending on the vendor.

This model doesn't really alter the current rate of change overall, he allowed, but it provides "many more opportunities to deliver innovation."

"The six-month feature releases will be smaller than the multi-year feature releases of the past," he wrote, "and therefore easier to adopt. Six-month feature releases will also reduce the pressure to backport new features to older releases, since the next feature release will never be more than six months away."

Reinhold acknowledged in the blog post that his proposal will, if adopted, require major changes in how contributors in the OpenJDK Community produce the JDK itself. In a note posted to the OpenJDK mailing list, he laid out how that community might implement this new model as a single, long-running "JDK" release project that hosts the mainline code base and produces the feature releases, and a single, long-running "JDK Updates" project to produce the update releases.

"Two long-running projects will save some administrative overhead, and also eliminate the confusion that regularly arises when someone is a Committer to JDK $N but not JDK $N + 1," he wrote, adding parenthetically, "We could consider just one long-running project, but two makes more sense since the two types of releases will have different policies, content, schedules, and leadership."

He gets specific here, too, outlining how his proposed JDK Project would run:

  • The main development line will always be open but fixes, enhancements, and features should be integrated only when they're nearly finished. The main line should be feature complete at all times.
  • We'll fork the main line into a release-stabilization branch three months before the GA date of the next feature release. That branch will immediately be in Rampdown Phase 1, enter Rampdown Phase 2 a month later, and then enter the Release Candidate phase a month after that. (Whether the branch is another repository or an actual Mercurial branch is a detail we can figure out later.)
  • We'll continue to use the JDK Enhancement Proposal (JEP) Process for new features and other significant changes. The bar to target a JEP to a specific release will, however, be higher since the work must be Feature Complete in order to go in. Owners of large or risky features will be strongly encouraged to split such features up into smaller and safer parts, to integrate earlier in the release cycle, and to publish separate lines of early-access builds prior to integration.

He also laid out some changes his team at Oracle plans to implement:

  • Starting with JDK 9 we'll ship OpenJDK builds under the GPL, to make it easier for developers to deploy Java applications to cloud environments.
  • We'll continue to ship proprietary "Oracle JDK" builds, which include "commercial features" such as Java Flight Recorder and Mission Control, under a click-through binary-code license. Oracle will continue to offer paid support for these builds.
  • After JDK 9 we'll open source the commercial features in order to make the OpenJDK builds more attractive to developers and to reduce the differences between those builds and the Oracle JDK. This will take some time, but the ultimate goal is to make OpenJDK and Oracle JD builds completely interchangeable.
  • Starting with JDK 9 we'll reduce the set of ports that we maintain, focusing mainly on Linux, macOS, and Windows on the x64 architecture. Other OpenJDK contributors will be welcome to take on the other ports that Oracle engineers currently maintain.
  • Finally, for the long term we'll work with other OpenJDK contributors to establish an open build-and-test infrastructure. This will make it easier to publish early-access builds for features in development, and eventually make it possible for the OpenJDK Community itself to publish authoritative builds of the JDK.

That's a lot of change, but to his credit, Reinhold is offering a well-considered plan and asking for feedback. And it could be argued that what he's proposing fulfills the long-held dreams of Java jocks everywhere.

Oracle is clearly gearing up for a big JavaOne this year. Reinhold's posts about accelerating the Java timeline come on the heels of news that Oracle is considering moving the Java EE Platform to an open source foundation. Should be an interesting show.

Posted by John K. Waters on 09/06/2017 at 10:07 AM0 comments


Java Popularity Slips in TIOBE Index

Java earned an "all-time low score" in the latest TIOBE Programming Community Index, along with C, and yet the two programming languages retained the top two spots, ranking first and second, respectively.

In fact, all the top 10 languages in the TIOBE index except one (Visual Basic .NET) slipped in the rankings, year to year. TIOBE researchers credit this shift to the rise in popularity of a group of leaner languages that includes Crystal (No. 32), Kotlin (No. 41), Clojure (No. 42), Hack (No. 43), and Julia (No. 46).

Crystal, a statically typed variant of Ruby, made a particularly noteworthy jump from No. 60 to No. 32 in a single month. TIOBE researchers even gave the language a shout out in this report: "Since it is compiled it is superfast and has a small memory footprint without losing the feeling of being easy to use," they wrote. "It seems worthwhile to give it a try."

Languages over Time
[Click on image for larger view.] Languages over Time (source: TIOBE Index)

TIOBE Software has been publishing the results of its monthly search for the languages in which the most lines of code were written since 2001. The ratings are based on the number of skilled engineers worldwide, language courses, and third-party vendors, the company says. TIOBE uses 25 search engines to collect key words from the highest ranked websites of Web traffic monitor Alexa and calculates the most lines of code written in a given month to determine its percentage share of developers' attention.

"It is important to note that the TIOBE index is not about the best programming language or the language in which most lines of code have been written," the company has said on its Web site. TIOBE publishes its search criteria on its Web site.

Java, which TIOBE crowned Programming Language of the Year for 2015, dropped in the ratings by 6.05 percent, earning a 12.961 percent share; C dropped by 4.83 percent, earning a 6.477 percent share. The list of top ten languages in this index also included C++ (down 0.25 percent), C# (down 0.71 percent), Python (down 0.71 percent), PHP down 0.88 percent), JavaScript (down 0.61 percent), Perl (down 0.52 percent), and Ruby (down 0.31 percent). Visual Basic/.NET, the only member of that top 10 group to gain in popularity, gain a 0.05 percent share on the index for a sixth-place ranking.

Apple's popular open-source Swift came in at 11th on the index with a gain of 0.16 percent share. Go, an open source climber that cracked the top ten in July, dropped to 16th, even though it actually early an additional 0.37 percent share. R, MATLAB, Scratch and Dart also climbed the chart.

Posted by John K. Waters on 08/07/2017 at 1:25 PM0 comments


Latest Oracle CPU Sets Another Record, Addresses 32 Java-related Vulnerabilities

Oracle set another record with its latest quarterly Critical Patch Update (CPU), which included 308 vulnerability fixes, 32 of which were Java-related. Released earlier this month, this CPU more than doubles the 136 fixes issued just over a year ago.

That last insight came my way from the folks at Waratek, the Dublin-based app security tools provider with a special focus on Java. I talked with the company's lead security architect, Apostolos Giannakidis, about this CPU, and he argued that the high number of vulnerabilities in the Java Runtime Environment (JRE) covered by this release demonstrate that the Java SE platform continues to be a very popular attack vector.

"The attack vector of the Java platform is huge," he told me. "More and more vulnerabilities are discovered that affect both the legacy and newer versions. Attackers are able to compromise applications and systems specifically by attacking the runtime itself -- and, this trend keeps increasing at a fast rate."

Of the 32 Java-related vulnerabilities covered in this CPU, 10 earned high-risk CVSS ratings. Oracle uses the Common Vulnerability Scoring System (CVSS) to provide an open and standardized rating of the security holes it finds in its products. Each vulnerability is issued a unique CVE number.

This CPU includes fixes for vulnerabilities in a range of Java components, including AWT, ImageIO, JavaFX, JAXP, ThreadPoolExecutor, AsynchronousChannelGroup, LambdaFormEditor, LDAP, Nashorn, JAR verifier, DSA, ECDSA, Elliptic Curve, X.509, PKCS#8 and the HotSpot VM. These vulnerabilities could allow attackers to escalate their privileges, corrupt the JVM's memory, crash the JVM or execute arbitrary code and system commands.

Giannakidis pointed to two new vulnerabilities fixed in this CPU in the serialization component of the JVM that would allow the excessive allocation of memory. (Serialization is the process of converting an object into a stream of bytes for transport and storage.) He also pointed to fixes in this release to deserialization vulnerabilities in the RMI and in the Distributed Garbage Collector. (Deserialization reverses the process when the data is received.)

"This is despite the fact that the January CPU addressed deserialization vulnerabilities in the same components," Giannakidis said. "This demonstrates that there are still critical deserialization attack vectors in the Java platform itself. I would have to say that it looks very much like Oracle is playing the Whac-A-Mole game with the deserialization vulnerabilities."

The problem here is that the Java Runtime is one of the most complex runtimes, he added. "The amount of lines of code in the code base is considerable," he said. "With such a big code base, it makes sense that you are going to have increased vulnerabilities. The important thing to remember is that these vulnerabilities were already there, lurking in the code base for a long time, based on my analysis. It's a matter of spending time finding them. In fact, the vulnerabilities in the runtime are now the focus of the security community."

Each quarterly CPU is a set of patches for multiple vulnerabilities put together since the previous update. They do not include the security advisories from previous updates; those are available on the Oracle Technology Network Web site. However, most CPUs are cumulative, Oracle has said, which means the application of this CPU should resolve new vulnerabilities and previously-reported security issues.

Oracle's CPUs are issued on a quarterly schedule announced at the beginning of the year. The purpose of that schedule is to provide users of Oracle products with a level of predictability that will foster regular maintenance activity, the company has said. The next CPU is scheduled for release on Oct. 17.

Posted by John K. Waters on 07/26/2017 at 11:43 AM0 comments


Jigsaw Gets Approved on Reconsideration Ballot

Did you hear that, a kind of whooshing sound coming from the Java community? It was a collective sigh of relief as word got out about the results of the Public Review Reconsideration Ballot for JSR 376, the Java Platform Module System (JPMS) specification, better known as Jigsaw. In case you missed it, the votes were 24 in favor with one abstention (Red Hat). No "no" votes this time around.

A vote in May by the Executive Committee (EC) of the Java Community Process (JCP) to reject JSR 376 moved the Expert Group to address the EC's concerns at something approaching warp speed, and that's just what they seem to have done.

"I think it's fair to say that people were highly motivated to reach closure on all of these issues," Georges Saab, VP of Development for Oracle's Java SE Group, told me in an earlier interview.

Red Hat explained its decision to abstain in the voting comments section of the ballot page:

Red Hat is voting Abstain at this time because although we think there has been positive progress within the EG to reach consensus since the last vote, we believe that there are a number of items within the current proposal which will impact wider community adoption that could have been addressed within the 30-day extension period for this release. However, we do not want to delay the Java 9 release and are happy with the more aggressive schedule proposed by the Specification Lead and EG for subsequent versions of Java because getting real world feedback on the modularity system will be key to understanding whether and where further changes need to occur. We hope that the Project Lead and EG will continue to be as open to input from the wider Java community as they have been in the last 30 days and look forward to the evolution of Java being driven by data from users and communities beyond OpenJDK.

SouJava's comment accompanying its vote included a noteworthy admonition to the community:

As a lesson for future JSRs: the Java Language is a fundamental piece of the Java ecosystem. JSRs that touch the Java Language Specification, should be very careful that proposed changes be reflected in the early drafts. Creating confusion around such a fundamental part of Java is very detrimental to the whole Java ecosystem. We are glad that those issues have been resolved now.

SouJava's comment about "creating confusion around such a fundamental part of what Java is" speaks to the source of much of the angst around the coming of Java 9, which prompted Mark Reinhold in May to engage in an effort to dispel a number of misconceptions about Jigsaw in Java 9. He offered his top 10 from "a long list" during the Devoxx UK developer conference, and later interviews. (My coverage here).

It's also worth noting TomiTribe's voter comment on the process itself:

As stated in our first vote and blog, we saw great value in the 30-day clock getting the EC and EG on the same page with a clear result. The spec lead has done an outstanding job of handling the flood of feedback that resulted and should be congratulated. We believe several of the decisions made, such as permitting illegal access by default but with clear warnings will lead to a smoother transition that still creates pressure for movement into modularity. Though some may have viewed the original vote as negative, it should be seen as a success of the JCP process and a sign of strength for Java overall.

More remains to be done, of course. More than one "yes" voter included a few pointed comments about updates and refinements in future releases. Twitter's comment is a good example:

We are disappointed that the community will not immediately see the benefits that they are expecting JPMS to provide (#AvoidConcealedPackageConflicts, in particular). But we understand that the most requested features will require a lot more discussion and due-diligence than is allowed in the JDK 9 timeframe. We hope that the first version of JPMS will provide a good basis for such features to be worked on and introduced in future JDK releases.

It's a process, after all, and the impact of modularization on Java is hard to overstate. Some industry watchers have said the JPMS will effectively transform Java into a new language. As IBM put it in its voter comments, "We see this release of JPMS as the strong foundation for a new Java SE platform architecture, and expect to build upon this with feedback and experience from our customers and the community."

Posted by John K. Waters on 07/17/2017 at 6:41 AM0 comments


JDK 9 Now in Initial Release-Candidate Phase

As JDK 9 enters the Release-Candidate Phase, it's worth noting exactly what that means for this oft-delayed release. In a nutshell, the Initial Release Candidate phase, which started on June 22, is about fixing "showstopper" bugs and building momentum toward the Final Release Candidate milestone, currently scheduled for July 6.

That's how Mark Reinhold put it in a note on Monday on the JDK 9 mailing list. He also proposed tightening the goals previously adopted for Rampdown Phase 2 (RDP 2). These include:

  • Fixing all P1 bugs that are new in JDK 9 and critical to the success of this release
  • Decommitting from fixing any P1 bugs that are not new in JDK 9 and are not critical to this release, but were previously targeted to this release
  • Explicitly deferring any P1 bugs that are new in JDK 9 but are either not critical to this release or cannot, for good reason, be fixed in this release

Reinhold said that all P2-P5 bugs should be left to future releases at this point, regardless of whether they are in product code, tests or documentation.

P1 (priority 1) bugs are the critters that have to be squashed before a product can be released. Bugs that should be fixed if there's time and resources, are the P2s. The latter bugs almost certainly won't be addressed before the JDK 9 release.

Those who are responsible for the P1 bugs in JDK 9 are advised to follow one of three courses of action: Develop a fix for the bug and then request approval to integrate it; remove it from the list if it's not new in JDK 9; if it is new, but isn't critical or can't be fixed in time, request that the bug be deferred. The JDK 9 community page advises issuing a request explicitly from the release through the bug deferral process adopted earlier for RDP 1. But Reinhold wrote, "There is no need to defer unfixed P2-P5 bugs explicitly."

In any event, they won't be fixed before the release.

P3-P5 are of vanishing importance at this point in the process; they are virtually irrelevant to the overall status of the release. In fact, the OpenJDK community page advises committers to take no specific action on these bugs at this time: "You don't need to defer them, either explicitly via the deferral process or even implicitly by adjusting the 'Fix Version' field...."

The latest list of JDK 9 Release Candidate bugs can be found here.

Posted by John K. Waters on 06/28/2017 at 6:08 AM0 comments


Jigsaw Issues Delay Java 9 Release (Again), But EC Concerns Addressed

Although he wants to continue pushing for a June 22 Release Candidate build, Mark Reinhold has announced a Sept. 21 General Availability release for the JDK 9 project. That's eight weeks past the previously scheduled July 27 GA release, which is going to be frustrating for many in the Java community. But there is reason to hope that this will be the final delay.

The holdup, as anyone who has been following the painfully slow crawl toward Java 9 knows, is mostly about JSR 376, the Java Platform Module System (JPMS) specification, better known as Jigsaw. Reinhold, the chief architect of Oracle's Java Platform Group, proposed two earlier delays, both times citing the challenges posed by Project Jigsaw.

But a vote in May by the Executive Committee (EC) of the Java Community Process (JCP) to reject JSR 376 seems to have sparked a real fire under the Expert Group, which met via video conference last month to address the EC's concerns about the current state of the project. Their goal was to submit a revised Public Review Draft Specification by June 7. The Public Review Reconsideration Ballot is now underway; voting ends on June 26.

The minutes of the Expert Group meeting are available now online, and they're well worth reading. In a nutshell, the EG worked out which issues raised by the EC during the first Public Review would need to be worked out now, which ones could wait for later, and which ones could wait forever. Several issues had already been sorted -- the EG wasn't sitting on its hands -- and several more were resolved at this meeting.

"I think it's fair to say that people were highly motivated to reach closure on all of these issues," Georges Saab, VP of Development for Oracle's Java SE Group, told me. "Meeting directly made a real difference, I think. Sitting down together allowed them to make more rapid progress."

Reinhold brought two "new information" items to the meeting: a proposal to allow illegal reflective access by default in JDK 9, and a proposal he's been talking about at conferences for a more rapid release cadence for Java SE and the JDK.

In her minutes, Iris Clark summarized the first item this way: "As more and more people have tested JDK 9 EA builds it has become clear in wide discussions over the past few months that turning off reflective access from code on the class path is too aggressive for the initial release. The proposal is to allow this access by default in JDK 9, and disallow it in a future release. A warning will be issued on the first access. This proposal will not address all migration concerns, but it changes the migration from one huge step to multiple smaller steps spread across multiple releases. This proposal is technically not part of JSR 376, since 376 is just about the module system; it is part of the JSR 379 platform specification, which will contain the necessary conformance text."

The second item, the idea that the Java ecosystem would benefit from more rapid releases, has been floating around Oracle and the JCP for a while. Clark summarized Reinhold's explanation this way: "Since the inception of Java, big features or a handful of big features have driven major releases every two to three years. This was reasonable in the 1990's and 2000's. Going forward, Java needs to move at a faster pace in order to remain competitive. People are, therefore, exploring the possibility of shifting to a yearly or even a six-month cycle. If a big feature is ready, it goes in; otherwise, it waits for the next release."

There's no formal proposal to crank up the Java release cadence right now, but it's coming, and, as Saab pointed out, the technology causing so many delays right now is probably going to be a key enabler going forward.

"The good news is, the Java Platform Module System and the encapsulation it ultimately provides, gives us a sound basis for doing that without disrupting people with the fears of incompatibility they would have had in the past," Saab said. "It makes it much clearer what the API is you should depend on, and it makes it far easier to test and confirm that you have the compatibility you want as you're doing those more rapid revs."

Reinhold published the new release schedule on the JDK 9 project page. Here's how it currently stands:

Date Milestone
2016/05/26 Feature Complete
2016/12/22 Feature Extension Complete
2017/01/05 Rampdown Start
2017/02/09 All Tests Run
2017/02/16 Zero Bug Bounce
2017/03/16 Rampdown Phase Two
2017/06/22 Initial Release Candidate
2017/07/06 Final Release Candidate
2017/09/21 General Availability

Posted by John K. Waters on 06/14/2017 at 12:57 PM0 comments


AWS Gets Gosling

James Gosling, the Father of Java, is on the move again. This time, according to a public post on Facebook, it's Amazon Web Services.

"It's time for a change," Gosling wrote. "I'm leaving Boeing Defense (nee Liquid Robotics), with many fond memories. Today I start a new Adventure at Amazon Web Services."

He also updated his LinkedIn profile with a generic AWS job title: "software engineer." He described his new gig this way: "Now I'm wandering around at Amazon Web Services."

Gosling, who was unavailable for comment as of this writing, has had a lively career since Oracle acquired his long-time employer, Sun Microsystems, back in 2010. The former Sun Fellow signed on briefly as CTO of Oracle's client software group, but left the company later that year for a short stint at Google. In 2011 he landed at Liquid Robots, a maker of "autonomous, ocean going platforms" acquired by Boeing last year. In 2014 he joined the platform development advisory team of Java/PHP Platform-as-a-Service provider Jelastic.

Gosling, who is credited with inventing the Java programming language in 1994, was one of the highest profile former Sun employees to leave Oracle following the $7.5 billion acquisition. CEO Jonathan Schwartz, chairman and co-founder Scott McNealy, director of Web technologies Tim Bray, and open source evangelist Simon Phipps never made the transition.

I asked around about Gosling's latest transition, and one Java watcher expressed what I found to be a consensus among those who care about such things: "Guys like Gosling will stay at a place only so long as they're able to do 'their work' (whatever that work is at the moment). When they start running into barriers -- orgs, funding, culture, etc. -- they find more welcoming venues and carry on." Another one put it this way: "The guy is semi-retired and jumping from one interesting thing to another."

From the company's point of view, Redmonk analyst Stephen O'Grady suggested, hiring Gosling could be about courting enterprise Java customers, leveraging his IoT expertise from Liquid Robotics, or just giving him room to experiment.

"Whatever the reality," he said in an e-mail, "it's an interesting and high-profile hire for AWS, one that will have PR benefits beyond whatever he can contribute technically."

Posted by John K. Waters on 05/23/2017 at 7:16 AM0 comments


Q&A with JNBridge's Wayne Citrin: 15 Years with a Foot in Two Worlds

When Wayne Citrin and his partners founded JNBridge back in 2001, Java was about five years old, .NET was still in beta, and the term "cross-platform interoperability" wasn't exactly rolling off the tongues of software vendors. But what seemed like irreconcilable differences at the start of the 21st century looked to Citrin and his partners like opportunity.

"We never had any doubt about this business," Citrin told me. "We'd go into the forums back when .NET was first introduced, and one of the most common questions we'd see was: Will I be able to use it with my existing Java? Microsoft was saying, Oh no, you'll want to take out that Java and rewrite it, or if you don't want to do that, we have something called J#, or we have these Java conversion tools. But there were all sorts of problems with those approaches. What was needed was a bridge between the two platforms, and that's what we provided."

JNBridge showed up on my radar nearly a decade ago at a JavaOne conference, and I've been talking with Citrin, who serves as CTO of the Boulder, Colo.-based company, regularly ever since. I covered his company's product announcements when they were newsworthy, of course, but I also found myself turning to him for his unique perspective on these important enterprise technologies. He's a thoughtful observer with a foot in two different worlds. (Sometimes downright hostile worlds: I think the year the company was founded Microsoft and Sun were suing each other.)

With anniversaries colliding this year -- both JNBridge (the product) and .NET turned 15, and Visual Studio turned 20 (Java turned 20 in 2015) -- it seemed a propitious moment to check in with the guy who spends his days getting Java and .NET to play nice.

Sixteen years is a respectable stretch for a niche tech company. How do you account for your continued success?
We recognized the value of that niche right away and focused on it exclusively. Then we went beyond the general-purpose bridge with the Adapters. And with our Labs, we're able to focus on the common and urgent scenarios people were tell us about.

Just to clarify, your namesake product, JNBridge, is a general purpose Java/.NET interoperability tool designed to bridge anything Java to .NET, and vice versa. Your Adapters connect the Java Message Service (JMS) with BizTalk Server and other .NET apps. And the Labs are free kits that showcase scenarios that bridge Java and .NET.
The JMS Adapters are a big part of our business, now. There's a lot of legacy JMS infrastructure out there. It's still one of the most common ways to connect components in an enterprise and pass data around.

What's the most significant change you've seen in Java in the past 15 years?
Most people would probably say it was the handoff of Java from Sun to Oracle. But I think the most significant change we've seen lately is the decline of Java EE and its replacement with a variety of open-source frameworks. Spring, the various Apache projects, the various web frameworks; I think this is probably a good thing. Java EE was too complicated and hard to use, there was a lot of ambiguity in the specs, and things were different from one app server to another. On the other hand, what you have now is a fragmentation with a whole lot of frameworks. The good news is, a lot of them are very good frameworks, easy to use, and supported by a committed community of users who actually like them.

We've talked about this before. You see a difference between Java EE and enterprise Java?
They're not the same thing, and they haven't been for a long time. Enterprise Java is not going away any time soon, and I think it's fair to call Java EE a subset that, in many ways, has had its day.

Looking specifically at the next versions of Java, which changes excite you the most?
I really like Jigsaw, the modularization coming in Java 9. A lot of people are worried about, but it's not such a big deal to us. They really did a good job of accommodating legacy code. If you have a non-modularized jar file, you can still use it in Java 9. You could use it in the crosspath or put it in the module path. You could do the same thing with a modularized jar file. You could also use it in an early version of Java; it just wouldn't be recognized it as a module. They put a lot of thought into this, and I applaud them for it.

But there's another great feature in Java 9 that hasn't gotten a lot of press. It's called multi-release jar files. The jar files in Java 9 have these nooks and crannies. There's a nook just for stuff Java 9 will know about; Java 8 doesn't know about this stuff and won't use it. Java 9 will look there first and override the general-purpose stuff in the jar file. I think is a very cool feature and we plan to use it going forward. We're just waiting for the tooling to catch up to make it easy.

While you've been watching the evolution of Java and .NET, you've also had a ringside seat for the evolution of the people using these platforms. How has the developer community changed over the past 15 years?
Fifteen years ago, developers had much more uniform characteristics. But there has been a noticeable bifurcation. With the rise of open source projects, we're seeing a large group of developers who are really interested in getting under the hood and understanding how things work. They're using lots of really cool tools to see what's happening at a much lower level, really getting their hands dirty and using those tools to solve problems. We're interacting with a lot of developer customers who are very sophisticated about this stuff in a way they weren't 15 years ago.

But we're also seeing a smaller group of developers who will go until they see a problem, and then stop and come to use for a solution. I'm not saying they're bad developers; they just have a different mindset. I think this group is the result of the rise of these frameworks I mentioned and a world of low-code development where things just work. Unless you really want to, there's no reason to look under the hood, and it's even kind of hard to do it. Plus, there's a lot of legacy software out there that just gets maintained, which we didn't see 15 years ago. Often people we're working with are not the original developers; they're just tasked with maintenance. And it might not even be their full-time job, just something they have to do on the side, and only when there's a problem or a new feature.

Speaking of mindsets, your company is now, and always has been, headquartered in Colorado, which is not exactly a high-tech hub. Why haven't you set up shop here in Silicon Valley?
I like it here in Colorado and don't see any reason to move. You don't need to be in Silicon Valley to run a successful tech business. And as expensive as office space is out there, it's cheaper just to get on a plane once in a while.

Posted by John K. Waters on 04/12/2017 at 10:08 AM0 comments


Upcoming Events

AppTrends

Sign up for our newsletter.

I agree to this site's Privacy Policy.