The Cyber Age is Built on Five Things ... Java, C, C++, Python and C#

The Cyber Age is Built on Five Things ... Java, C, C++, Python and C#

Prof Bill Buchanan OBE FRSE Prof Bill Buchanan OBE FRSE

Prof Bill Buchanan OBE FRSE

Old World Breaker, New World Creator

发布日期: 2015年7月25日
+ 关注

Introduction

I may be a Professor, but I'm a dedicated software developer, and it is my way of being creative. So I've been through all the main software languages (Figure 1), and ended up with the one I love .. C#, and using the .NET framework, but I don't mind programming in any language around, I just tend to be hooked on Visual Studio.

Would you believe that I have written books around Assembly Langauge, C, C++, FORTRAN, Delphi, Pascal, HTML, Flash, JavaScript, Basic, Visual Basic, and many others, but I've not actually written on the one language I know most: C#.  The programs I've created include NetworkSims ProfSIMs [here], and my sites include Asecuritysite.com [here] and Bright Red Digital Zone [here].

Figure 1: Books on software development

So I'm always interested to see how the programming languages are doing in terms of their usage, especially when IEEE Spectrum publish their Top 10 programming languages (the ranking on the left is 2015, and the yellow one is from 2014):

Figure 2: IEEE Top 10 computer Languages (20 July 2015)

1. King Java

Java has been banging its head on many things, and some things have never stuck, such as with Web plug-ins and desktop programs, but it is king of the hill in terms of enterprise systems, especially with the adoption of Java into IBM WebSphere. Once a company is locked-in to either Java or .NET, they are kinda stuck with them, and the choice, these days, is typically around the Web architecture (and not their desktop environments).

For Java, too, in terms of security, it has been behaving itself lately, but a few weeks ago it created its first zero-day since 2013. With this it was based on well-known vulnerability in Microsoft Windows Common Controls (CVE-2012-015) and was outlined in Microsoft in MS12-027, but is now being seen to be breached through Java.

The security patches have been coming fast with Java, such as on 15 April 2015, when Oracle patched many security flaws in Java, including 14 CVE-listed bugs, most of which focused on exploiting a remote computer without any form of authentication, with three of them gaining a score of 10 for their risk assessment score.

Some of the ethos of Java has been lost a little with the acquisition of Sun Microsystems in 2010 by Oracle. A sign of the change of focus is highlighted with the bundling of Java with a whole lot of unrelated software - bloatware, which it tries to add to the desktop. When Java works, it works perfectly, and it is a great workhorse, working well on back-end systems. In terms of user interfaces, it has never been the prettiest kid on the block. So, on its 20th birthday, it is not a teenager anymore, and has grown up, hopefully to get the keys of the castle next year.

The history of Java goes back 20 years, when the industry was controlled by Microsoft, and especially on the IBM PC (with its horrible x86 architecture). Code was thus developed to run directly on the hardware and could not run on other types of systems. Others could see, such as in 1983 with Sony's MSX system, that there was the potential to standardize the code that ran on PCs. For many in the computer industry, the lock-in of software and had benefits of controlling the market, where the hardware that was most popular, resulted in the most software being written. Thus games written on the ZX Spectrum could not run on the Commodore 64, and so it continued until Java came along.

Here is my ode to the birthday boy ... Java.

2/3 Prince C and Princess C++

C and C++ cause so many problems in the industry, especially due to the use of pointers, messy code, and buffer overruns, but we can see they are still in the Top 3, as they are the fastest around, and there's lots of people who know the language.

I remember have "deep" discussions many years ago about teaching C or Pascal, and, as we can see, Pascal has lost its way, recently. The code itself is often messy, and runs unmanaged, where programs can do whatever they want on the system.

You just have to look at the code which caused HeartBleed to see how horrible C and C++ code is (Figure 3), and how it causes memory problems. I remember teaching C, and everything was fine until Lecture 7, when I taught pointers, and then it all fell apart.

Figure 3: Heartbleed and C++ code

4. Python

Python moved up the charts the last time, and it keeps its 4th position, and knocking of the door of the big three. My first impression of Python was with the Heartbleed vulnerability, where the Python code was ready within hours of the vulnerability going live. I've also see our Cipher crackers here using it to great effect. For me, there's something strange in using tabs for structure, and I don't quite get the casting, but I do often looking for Python scripts to analyse the latest threats.

5. C#

I selected .NET when it was .NET 1.1, and it was one of the best decisions I've ever made. I have never found it to lack anything I've wanted, and it has allowed me to successfully migrate code from Microsoft Windows to the Web (with MVC ASP.NET). Most of my sites, too, are now built around MVC ASP.NET and it provides me with a way to decouple the user interface from the middleware.

C#, though, is so linked to Microsoft, that it is struggling against the Linux domination of the Web server market, and with the growth of systems such as Wordpress (which uses PHP). The way that MVC ASP.NET integrates code properly, as opposed to the horrible hacks of PHP, supports a strong development environment which can scale faster than anything I've send. Personally I think .NET and C# get a bad rap, and are actually as open and portable than anything else around.

Other risers ...

For the other scripting languages, JavaScript (Yuk!) and PHP (less Yuk!) are moving up the charts. They have done well to overcome their inherent weaknesses (especially JavaScript) and showcasing that they provide both client-side and server-side integration. Personally, I thought JavaScript would die many years ago, but it is still there and has managed to adapt itself in a way that supports a wide range of devices. For JavaScript, it was the mobile devices, and their limited processing power and lack of network connection that saw its adoption, and it has never looked back.

PHP is no ASP.NET MVC, but if the Web platform is Linux-based, it is by default the server side programming language of choice, especially where it is a Wordpress platform.

Ruby too is doing well, but it looks like we're going to be saying goodbye to R (which I've never seen many people use).

Compiled or interpreted ... framework or native?

The common compiled languages, who create robust and fast code, such as Java and C++, are now under great threat from the interpreted languages such as JavaScript, Ruby and Python, and by the server-side Web languages such as PHP (Figure 4).

Figure 4:

Java differs from a compiled language in that it runs in a framework (Figure 5) while Flash runs within an application, such as in a browser (Figure 6). Typically the framework protects against many of attacks, but Flash has faced many problems, especially from XSS (Cross-site scripting), where code can drop through the Flash plug-in, and jump out of the sandbox provided by the browser and run directly on the system. 

Figure 5: Native (PE) or Frameworks?

Figure 6:Virtual, emulators or scripting?

Conclusions

I moved on from C and C++ a long time ago, and looked for something a bit more robust, but they refuse to die off. They were written by engineers for engineers, and anyone who is an engineer loves using them, as they are not constrained in most things. For Java, it must thank open source, Github, and IBM for its continued adoption. As long as it leads in creating libraries and in robust services, it will always win. Companies now select their Web infrastructure, and it all falls out from there. If they select Websphere or Oracle databases, or even a Linux environment for their servers, it will be natural to go for Java.

For C# and .NET, it's a bit of a poor showing - No 5. It always wins in Windows environments, but it has struggled to compete in corporate Web infrastructures, especially when many use Linux and PHP in their platform. The ease of use of Wordpress has not helped the case of ASP.NET, as the site can be created without the need for any new code being created.

For Python, it's scope can only increase over time. In terms of quickly getting code that works, it is perfect. In terms of producing robust code that works at the back-end, it still has a way to go.

So, in conclusion, the world is still compiled, but scripting is coming up fast ... especially Python and Ruby, and Web programming is informing the choice of environments. So what those lock-ins!

One thing that is sure, is that the jobs in the Cyber Age are based on software, and every computer science and related engineering students should learn how to develop in one of the top languages, as it is software skills which are in the highest demand in industry.

The focus is now on Web and Data progressing, as we move into a Web infrastructures based on service-oriented architectures. The Web browser is key for the user interface, and the Web architecture provides the back-end processing. Overall it feels like we are turning back to the 1950s, and the days of the mainframe, where we use Web browsers as the terminals and the Cloud as our back-end processing. 

Seeing the future...

If you are interested, we're hosting a Symposium on Software-defined Architectures and Networks on 27 August 2015 ... and you can register here.

要查看或添加评论,请登录

Prof Bill Buchanan OBE FRSE的更多文章

社区洞察

其他会员也浏览了