Competing components make for prickly panelists

After a slow and uninspired start, the session “Competing Components: ActiveX and Java Technologies for Web Enhancement and Application Engineering” turned into a tense wrangle over component camps between two panelists, Charles Fitzgerald, program manager of Microsoft’s Java team, and Mansour Safai, Symantec’s general manager of Internet Development Tools. Theresa Lanowitz, group product marketing manager of Internet Tools at Borland International, fleshed out the sparse panel, which was moderated by Peter Coffee of PC Week Labs.

The conference brochure promised attendees a “lively discussion and critical comparison between Microsoft’s ActiveX and SunSoft’s JavaBeans component architectures.” The brochure also mentioned that representatives from Microsoft and SunSoft, as well as others, would be present. Overall, the event fell short of its stated goals: SunSoft, or more appropriately, JavaSoft did not send a representative, and the panelists did not concentrate on the crucial stuff — security, for example. In fact, if it weren’t for a question from the audience at the end of the hour on the subject of security vis-a-vis ActiveX and JavaBeans, the attendees would’ve left the session only having Coffee’s overly general introductory presentation on Web security.

You might think that the tussle between Fitzgerald and Safai would have produced the liveliness forecast by the brochure. But the mood was more uncomfortable than exciting, and the discussion lacked the detail the audience no doubt desired.

Why get into a religious war when you can use both?

In answer to Coffee’s initial question to the panel, “What’s the biggest misconception or most misunderstood issue with component technology?” Microsoft’s Fitzgerald was ecumenical: Making “religious decisions” — choosing one component architecture over the other wholesale, because of company loyalty — is not the way to guarantee success with a project, he said, noting that there are pros and cons to each of the components.

Safai, from Symantec, was in agreement with Fitzgerald’s statement, stating that developers must first define their needs — Is this going to be an applet or standalone app? Is security a major consideration? What about size? — and then choose a component model that fits the project. Safai followed this thought with the statement, “My personal opinion is that JavaBeans are going to take over.”

Open standards and security spark heated debate

The session began to disintegrate around the topic of open standards. “It’s completely ridiculous to have standards bodies for languages,” said Safai, in response to a comment by Fitzgerald about ActiveX’s openness. The Symantec rep pointed out that you start with a compact language and through the standards process end up with something huge. “JavaSoft has done an amazingly good job of keeping the language open,” said Safai. “Java is a language that was designed by people that knew how a language should be written.”

The fundamental question, Fitzgerald countered, is: “How is Java is going to mature?” As he sees it, the language will have to go to several iterations, and either JavaSoft can manage the language or it can open it up to everyone. Safai summed up his thoughts on Java’s maturation with the following: “Java in ’96 was a slow language but in ’97 I can promise you it’ll be a fast language.”

The question from the audience on security and ActiveX fanned the flames of tension between Fitzgerald and Safai. “If you want security on the ‘Net,” said Fitzgerald, “unplug your computer. … We never made the claim up front that ActiveX is intrinsically secure.” The code-signing model from Microsoft is what JavaSoft and others are moving toward, he argued. (Fitzgerald was referring to the addition in JavaSoft’s new JDK 1.1 of code signing, but failed to note that JDK 1.1 retains the sandbox security model as well — something ActiveX lacks.)

Where was Borland’s Lanowitz in all this? While occasionally she contributed to the discussion, her comments mainly served to promote Borland and JBuilder and didn’t add anything substantial or particularly relevant to the issues at hand.

Conclusion: Attendees can’t get no (component) satisfaction

A glance around the room revealed audience members who appeared dissatisfied and perhaps somewhat annoyed by the lack of depth and relevance to this session. Safai, in a separate discussion with JavaWorld, attributed much of the attendees’ frustration to a desire for a definitive answer: Some audience members approached him right after the panel discussion, asking for clear-cut reasons to go with either ActiveX or JavaBeans. While the session may not have been what it set out to be, it did make the clear point that there is no one answer, except, perhaps, “It depends.”

When asked about the debate over JavaBeans and ActiveX, Kevin Ready, president of the Blue Platypus online site and member of the West Design Team in the conference’s contest to create a Web page in a day, said: “Microsoft in its ActiveX control strategy is like that of an ostrich. It sees the obvious security flaws with ActiveX and wants to keep talking around the issue — never confronting it head on. ActiveX does not provide the level of security that corporate America demands.”