Fog Creek Software
Discussion Board




MS EULA: JAVA TECHNOLOGY IS NOT FAULT TOLERANT

Just noticed that in my EULA for Word 2000 it says:

NOTE ON JAVA SUPPORT. THE SOFTWARE PRODUCT MAY CONTAIN SUPPORT FOR PROGRAMS WRITTEN IN JAVA. JAVA TECHNOLOGY IS NOT FAULT TOLERANT AND IS NOT DESIGNED, MANUFACTURED, OR INTENDED FOR USE OR RESALE AS ON-LINE CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, DIRECT LIFE SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF JAVA TECHNOLOGY COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE.


I'd like to know how Java is not fault tolerant to the same degree as other languages. If that is the case?

Matthew Lock
Wednesday, May 22, 2002

That's got me worried now about the Nuclear Power Plant system I made using Java applets.

Sherrif Lobo
Wednesday, May 22, 2002

That wording actually comes from Sun, which puts it in all their products.

Joel Spolsky
Wednesday, May 22, 2002

Funny enough, a friend of mine wrote some code in Java which is part of a particle accelerator control software. It happened to work better than the C code they were using (full of bugs BTW).
Hum, since then, he refused to work on this anymore since they asked him to make the C version to work and shut up about the trouble...
And the device works in hospitals... Oh my god !

Name withheld to protect the guilty
Wednesday, May 22, 2002

Even sillier, there's a similar clause in the license for POV-Ray.

http://www.povray.org/povlegal.html

Charles Miller
Wednesday, May 22, 2002

The stuff about the nuclear plants and some devices may be is written because of the unpredictability of the garbage collector. Because of it Java applications are not well suited for such real-time devices/systems.
Or this is just a precaution.

Boris Yankov
Wednesday, May 22, 2002

I did work experience at nuclear power plant in the UK during the early nineties. They ran the plant on a computer from the 60s which was built out of discrete transistors rather than ICs.

Matthew Lock
Wednesday, May 22, 2002

The UK is much more advanced than the US when it comes to software control of nuclear power plant processes.  The NRC won't allow software process control to be used in reactors... software can be use for "process monitoring", but not control.

Joe AA.
Wednesday, May 22, 2002

No language is fault-tolerant. You have to program your entire system to be fault tolerant. This has more to do with your application program and hardware set-up.

C has no code that it brings in with it by default. Java, VB, etc. has a lot. They didn't create those virtual machine environments with the idea someone's life may depend on it.

Control systems for airplanes, nuclear plants, the Space Shuttle usually run on very simple computers where the OS and everything else is built by the people that put together the system. The system's don't run Solaris, Windows, etc.

You might find parts of the Linux kernel lifted and used in new systems. That's about it.

Paul Vincent Craven
Wednesday, May 22, 2002

actually, I was talking to an airline employee in a bar about a year ago (forgot which airline...based in chicago) and, some portions of the airplane are controlled by windows. I believe it is something like the refridgeration system for the food. Not mission critical, but i have been on a plane which was stalled on the ground because the refridgeration system wasn't working. The employee said that when that system acted up, the staff would just reboot it. :(

dumbconsultant
Wednesday, May 22, 2002

Of course there is always this jewel:

Windows NT cripples US Navy Cruiser
http://www.info-sec.com/OSsec/OSsec_080498g_j.shtml

Nat Ersoz
Thursday, May 23, 2002

Java compilers and virtual machines are given a lot of leeway in how they're allowed to re-order instructions for the sake of optimisation, and that leads to some... interesting results when you start dealing with multiple threads, such as the following example:

Initially, x = y = 0.

Thread 1:

a = x
y = 1

Thread 2:

b = y
x = 1

It's possible in Java for the result of these threads running concurrently to be a = b = 1.

http://www.cs.umd.edu/~pugh/papers/jmm2.pdf

Charles Miller
Thursday, May 23, 2002

Charles... we will be much more productive if we didn't have to write every bug ourselves.  A real shortcut to being state of the art.

Joe AA.
Friday, May 24, 2002

Darn, why did someone have spill the beans and expose that his EULA policy comes from sun?

I was hopping we let this thread get a lot larger, and a lot more people could make fools of themselves while stating that MS has such a “evil” software policy

*Then* we could mention that this originates from sun!

Darn....did we miss a opportunity for some fun here or what!

Albert D. Kallal
Sunday, May 26, 2002

*  Recent Topics

*  Fog Creek Home