I don’t know this for sure, but I can imagine that some marketing folks at STMicroelectronics were less than thrilled by the high-profile Java issues ricocheting through the airwaves a couple weeks ago. My colleague Jim Turley engendered some back-and-forth with his analysis of the appropriateness of Java in embedded systems in particular.
It was not but a few days after this had barely disappeared from the headlines that ST announced their STM32Java development kit for developing Java applications on embedded systems. Such an announcement might have been routine on any other week. (Of course, had it been routine, you might not be reading about it here…)
I just had to check in with ST’s Michael Markowitz; the question was just sitting there like a lonely technical support hotline agent with no calls in the queue: “Ask me!” The issue, of course, is security. Will using Java in white goods ultimately allow the dryer to infect the washing machine? Could a WiFi-enabled cordless drill be instructed by a trench-coat-wearing lurker behind the boxwood to stop drilling the furniture and turn on its master instead? Could a smart showerhead be maliciously configured by an unauthorized plumber to broadcast pictures to the Internet?
OK, I didn’t ask those questions specifically. It’s early, OK? I’m still not far into my cuppa Joe, blundering about a bit in that happy gray zone between waking and sleeping. But I did ask for comment regarding the blaring warnings that were still echoing off the hillsides. Having checked with the team, Michael responded that, as far as they could tell, the issue wasn’t intrinsic to Java specifically, but rather was related to “a badly programmed library, that… allows a program to access another program on the host machine,… crossing the ‘sand box.’” Having no such concept in its architecture, STM32Java would therefore not be affected.
So the simple answer would then be, “Not an issue.” Of course, this deals specifically with the one vulnerability identified in the latest brouhaha. There are those that take issue with Java generically: this doesn’t address that. But, given the amount of opinion and philosophy that accompanies this debate, I can only conclude that there are no fundamental facts to settle the issue one way or another. It would seem that abandoning Java on computers would be reasonably disruptive; if it migrates onto embedded systems in a universal way, we’ll be just that much more strongly wedded to it.
ST, at the very least, is moving forward undeterred. You can read more about it in their release.
