Worried about Java? Get Groovy, baby

Java has become a ubiquitous language in the private sector and in government because it creates a way for multiple devices to work together using a common platform. But it has its problems.

One of them is security. Recently, GCN’s Bill Jackson asked if the problems of Java, in the wake of another zero-day exploit, outweighed its usefulness. Oracle issued a patch for the vulnerabilities, but a researcher recently found another zero-day exploit affecting Java. The other is complexity. Java is difficult to program because it uses very precise coding that allows devices to execute commands quickly. To successfully program Java, you have to almost think like a machine.

Vulnerabilities aside, I don’t see how Java could be eliminated from government systems even if they wanted to weed it out. It’s just too prolific.

Perhaps a better plan is to simply change Java a bit, and that is where Groovy, a language you will start to hear a lot more about, comes into play. Groovy is basically a subset of Java. Everything Groovy is Java, but not everything Java is Groovy.

Groovy was created as a companion to Java. Back in 2003, developers decided that Java had a lot of advantages, but simplicity wasn’t one of them. What they wanted was something that could be easily learned and which used almost natural language to program. But, computer languages like that tend to run very slowly, because the computer has to interpret instructions. In a wristwatch, for example, computing power is somewhat limited, requiring easily executable code.

But Groovy gets around that issue, in large part because the code is so simple. Users can pretty much learn the straightforward commands of Groovy in about a day. Those who have any experience with Python or Smalltalk, or even Ruby, will feel no learning curve at all.

Command lines in Groovy look like database queries, and Groovy 2.0, which was released in June, makes things even easier. For more information, read this InfoWorld interview with Guillaume Laforge, who is heading the Groovy project. Interestingly enough, Laforge does not think that Groovy should replace Java as the dominant language for Java Virtual Machines, and some other developers agree with his assessment.

Groovy is easy to program, runs quickly on almost any hardware and, because it’s so simple, would seem to be difficult for hackers to exploit. It would seem hard to hide malicious code in something so transparent. In about a year look for Groovy 3.0 to be released, which according to Laforge, is just about adding more Groovy into Groovy. In other words, the developers will further distance it from the problems of Java.

So the thing to know about Groovy is that it’s a flavor of Java, but has so many advantages that it might end up replacing it predecessor, a true case of the student becoming the master. For government agencies, it can provide an easy, efficient way to improve their apps and online services.

If that happens, don’t worry. You can learn Groovy really quickly, and use that knowledge to help manipulate nearly any device. For a small donation to the starving techie lunch fund and an afternoon away from your office, I can teach it to you myself.

Reader Comments

Fri, Sep 28, 2012 Nick Vargish

Groovy runs on the Java Virtual Machine. Wouldn't vulnerabilities in the JVM also apply to Groovy? Also, it's really running arbitrary Java in the browser that's most prone to attack. If you have stand-alone applications written in Java, they should be fine, as long as they don't run arbitrary code from unknown sources.

Fri, Sep 28, 2012 Mike Sorrells Hill AFB

We are looking at using the Groovy language and I was wondering if there were other DoD or government agencies using the language in production environments? If so, what kind of security issues have you ran into and how have they been handled?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above