It is a serious question and not a ‘why did you not use MY favourite language’ one.
Java has one of the worst track records in terms of security and security is what can make or break this project.
Yes the idea is great and the gap it fills is real - I would love to run this on one of my servers… but I hate my servers being hacked, so some reassurance would be very welcome. I guess most of the vulnerabilities in Java are the result of it being used as applets in browsers?
Whether it is deserved or not, Java has a bad name and I guess it will help if this is addressed?
1 Like
The bad reputation of security comes from the Java Applets and they are basically dead and Bitsquare is not using any webbased stuff, so no applets.
Java is used by the huge majority of banks and fortune 500 companies, so you should consider that they have a lot of money to lose if it really would be so terrible insecure as some think.
Every technology has its weaknesses and the same is true for Java. But as far I know Oracle is not bad with fixing quickly discovered security issues.
The alternatives like C++ have much more risks on the coding side. In java whole classes of vulnerabilities are excluded just by the way how hte language and the JVM are designed (memory corruption, type safety,…).
I know that java has a bad name for some in the crypto space but that is mainly due lack of knowledge/education.
If you can point me to some facts I am eager to learn about realistic security issues in Java.
Beside that, Java gives a lot of productivity advantages. To get cross platform support with nearly no extra effort is huge plus and I estimate development is about 3-10 times faster as it would be in C++. Java FX is a pretty good UI framework where you get quickly a nice and modern looking UI.
1 Like
The challenges that I can foresee are;
- Overcoming the JAVA public perceptions. So was the security flaws due to the implementation and not the fault of the language?
- Also what of JAVA ownership of the language, can it be reclaimed? (I assume it was Adobe who owned it?)
- What if the banking industry changes to another system?
- There now appears to be the SWIFT system and a China/Russia system happening. Is there the possibility of one system being the winner?
- Whatever the outcome I think this shows the dollar as the world reserve-currency is being pushed out.
I see you are concerned about a vary long term problems about fiat. I don’t see any of that happening soon. I’m sure we all hope that crypto currencies will be the winners here. As for the Java language, I am not here to judge, but no security vulnerabilities are known to me currently and the ownership of it is as I know Oracle who I don’t see why would prohibit people to use it, that is kind of the point of it.
1 Like
Well the fiat system is what we’re dealing in the prime. My greatest desire is to see that the mistakes of the fiat system be avoided.
The language concern is a long term idea of avoiding any sort of copyright claims on Bitsquare. Yet I realize now that a p2p exchange will just get re-written if something like ownership of the programming language would come up.
The same thing would apply to the banking systems that could come up…
We are, but my hopes are that we will not have huge problems with fiat until it isn’t such a big part of Bitsquare anymore.
The language is a long term dedication, but the copyright problems are probably very unlikely, since translation to other languages shouldn’t be as difficult as re-writing the hole program.
What Java developement suite do you guys use for Windows and or Linux?
1 Like
But what about performance? Every app made with Java is a resource hog. I have a modern computer and BISQ runs like I have an old computer.
Could somebody comment if this is why Bisq is know to take up soo much memory?
Don’t do a lot of development, but I do use a lot of lower-end hardware.
I believe this is one of the reasons projects like i2pd and ire exist.
Yeah, Java is secure and cross-platform, but really resource intensive. Blockchain operations are also resource intesive, so building crypto apps in Java has it’s drawbacks.
On the other hand Bisq could have never been developed this fast, this secure, for so many platforms if devs didn’t use Java. With the dev resources this project had, it was the only way to go.
1 Like
OK, but is it possible that some parts of the future development could be done in Rust? The SAFE Network was completely re-written in Rust but I am assuming that is not practical with Bisq FTTB.
I would like to start to help with Dev stuff but I would be learning Java from scratch (my coding history: Fortran->Basic->C->Ruby).