Blogging Fusion Blog Directory the #1 blog directory and oldest directory online.

Jörn's space

Home Jörn's space

Jörn's space

Rated: 2.50 / 5 | 837 listing views Jörn's space Blogging Fusion Blog Directory

Germany

 

General Audience

  • Jörn Stampehl
  • November 01, 2018 04:29:11 PM
SHARE THIS PAGE ON:

A Little About Us

Thoughts about FinTech, Cybersecurity, software developing & startups by Jörn Stampehl

Listing Details

Listing Statistics

Add ReviewMe Button

Review Jörn's space at Blogging Fusion Blog Directory

Add SEO Score Button

My Blogging Fusion Score

Google Adsense™ Share Program

Alexa Web Ranking: 8,411,661

Alexa Ranking - Jörn's space

Example Ad for Jörn's space

This what your Jörn's space Blog Ad will look like to visitors! Of course you will want to use keywords and ad targeting to get the most out of your ad campaign! So purchase an ad space today before there all gone!

https://www.bloggingfusion.com

.

notice: Total Ad Spaces Available: (2) ad spaces remaining of (2)

Advertise Here?

  • Blog specific ad placement
  • Customize the title link
  • Place a detailed description
  • It appears here within the content
  • Approved within 24 hours!
  • 100% Satisfaction
  • Or 3 months absolutely free;
  • No questions asked!

Subscribe to Jörn's space

Problems upgrading an Embedded Jetty

I recently had to update a legacy project. The basis is Java with the Spring framework and an embedded Jetty. This is started via Maven. After updating the Jetty to the current version, I noticed that the server could no longer be accessed after booting. After some testing, it was clear that the Jetty version 9.4.3 (9.4.3.v20170317) worked fine, but the version 9.4.4 (9.4.4.v20170414) did not. To narrow down the problem, I looked at the output in the console: 9.4.3: 9.4.4: As you can see,...

I recently had to update a legacy project. The basis is Java with the Spring framework and an embedded Jetty. This is started via Maven. After updating the Jetty to the current version, I noticed that the server could no longer be accessed after booting. After some testing, it was clear that the Jetty version 9.4.3 (9.4.3.v20170317) worked fine, but the version 9.4.4 (9.4.4.v20170414) did not. To narrow down the problem, I looked at the output in the console:

9.4.3:

>> mvn jetty:run
[...]
[INFO] Configuring Jetty for project: Challoday
[INFO] webAppSourceDirectory not set. Trying src/main/webapp
[INFO] Reload Mechanic: automatic
[INFO] Classes = /Users/joern/IdeaProjects/challoday/target/classes
[INFO] Configuring Jetty from xml configuration file = /Users/joern/IdeaProjects/challoday/src/main/resources/jetty.xml
[INFO] Configuring Jetty from xml configuration file = /Users/joern/IdeaProjects/challoday/src/main/resources/jetty-http.xml
[INFO] Context path = /
[INFO] Tmp directory = /Users/joern/IdeaProjects/challoday/worky
[INFO] Web defaults = org/eclipse/jetty/webapp/webdefault.xml
[INFO] Web overrides =  none
[INFO] web.xml file = file:///Users/joern/IdeaProjects/challoday/src/main/webapp/WEB-INF/web.xml
[INFO] Webapp directory = /Users/joern/IdeaProjects/challoday/src/main/webapp
[INFO] jetty-9.4.3.v20170317
[INFO] Scanning elapsed time=1342ms
[INFO] 2 Spring WebApplicationInitializers detected on classpath
[INFO] DefaultSessionIdManager workerName=node0
[INFO] No SessionScavenger set, using defaults
[INFO] Scavenging every 600000ms
[INFO] Set web app root system property: 'webapp.root' = [/Users/joern/IdeaProjects/challoday/src/main/webapp]
[INFO] Initializing log4j from [classpath:log4j-development.xml]
[INFO] Initializing Spring root WebApplicationContext
[INFO] Initializing Spring FrameworkServlet 'dispatcher'
[INFO] Started o.e.j.m.p.JettyWebAppContext@7d199c68{/,file:///Users/joern/IdeaProjects/challoday/src/main/webapp/,AVAILABLE}{file:///Users/joern/IdeaProjects/challoday/src/main/webapp/}
[INFO] Started ServerConnector@9cb927e{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}
[INFO] Started @10994ms
[INFO] Started Jetty Server

9.4.4:

>> mvn jetty:run
[...]
[INFO] Configuring Jetty for project: Challoday
[INFO] webAppSourceDirectory not set. Trying src/main/webapp
[INFO] Reload Mechanic: automatic
[INFO] Classes = /Users/joern/IdeaProjects/challoday/target/classes
[INFO] Configuring Jetty from xml configuration file = /Users/joern/IdeaProjects/challoday/src/main/resources/jetty.xml
[INFO] Configuring Jetty from xml configuration file = /Users/joern/IdeaProjects/challoday/src/main/resources/jetty-http.xml
 [INFO] Context path = /
[INFO] Tmp directory = /Users/joern/IdeaProjects/challoday/worky
[INFO] Web defaults = org/eclipse/jetty/webapp/webdefault.xml
[INFO] Web overrides =  none
[INFO] web.xml file = file:///Users/joern/IdeaProjects/challoday/src/main/webapp/WEB-INF/web.xml
[INFO] Webapp directory = /Users/joern/IdeaProjects/challoday/src/main/webapp
[INFO] jetty-9.4.4.v20170414
[INFO] Scanning elapsed time=1535ms
[INFO] DefaultSessionIdManager workerName=node0
[INFO] No SessionScavenger set, using defaults
[INFO] Scavenging every 660000ms
[INFO] Started o.e.j.m.p.JettyWebAppContext@4c2fb9dd{/,file:///Users/joern/IdeaProjects/challoday/src/main/webapp/,AVAILABLE}{file:///Users/joern/IdeaProjects/challoday/src/main/webapp/}
[INFO] Started ServerConnector@7fb48179{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}
[INFO] Started @5672ms
[INFO] Started Jetty Server

As you can see, neither the configurations are loaded nor the beans are initialized.

The next step is to have a look at the changelog of version 9.4.4. There you can find this hint:

1467 Change default for WebAppContext.isConfiguredDiscovered to false

And in the corresponding discussion on GitHub one finds out that this change is exactly what prevents the automatic scanning of the configuration. So you have to adjust the pom.xml accordingly:

<plugin>
    <groupId>org.eclipse.jetty</groupId>
    <artifactId>jetty-maven-plugin</artifactId>
    <version>9.4.4.v20170414</version>
    <configuration>
        <jettyXml>${project.basedir}/src/main/resources/jetty.xml,${project.basedir}/src/main/resources/jetty-http.xml</jettyXml>
        <webAppConfig>
            <tempDirectory>worky</tempDirectory>
            <configurationDiscovered>true</configurationDiscovered>
        </webAppConfig>
        <stopPort>9998</stopPort>
        <stopKey>foo</stopKey>
    </configuration>
</plugin>

This change <configurationDiscovered>true</configurationDiscovered> restores the behavior of the previous versions. The server loads the Spring configuration including the annotations again.

Der Beitrag Problems upgrading an Embedded Jetty erschien zuerst auf Jörn's space.


Password management and documentation in startups

I would like to come back to the topic of passwords, this time in a professional environment. Over the years I have worked for very different companies. Every time the topic password and password sharing were a more or less big problem. Usually, a process was established that worked reasonably well, but almost always I could still access some services for a long time after leaving the company. Unfortunately, the topic is not easy to solve, but there are a few things you can keep in mind,...

I would like to come back to the topic of passwords, this time in a professional environment. Over the years I have worked for very different companies. Every time the topic password and password sharing were a more or less big problem. Usually, a process was established that worked reasonably well, but almost always I could still access some services for a long time after leaving the company. Unfortunately, the topic is not easy to solve, but there are a few things you can keep in mind, especially with technology startups.

First, let us take a look at how things usually work in a young startup. In the beginning, the developers usually quickly set up a whole series of services, most of which run on their official email address. Sometimes the management even creates the central services itself, but also (and especially) here possibly even with private email addresses as accounts. Over time, more and more services are added, some are no longer used, others have become extremely important for the company.

This is particularly interesting when an employee leaves the company. On the one hand, it can then suddenly become difficult to access these services, because nobody knows which email address they are running to. On the other hand, there is of course always the danger that an unhappy employee will simply do nonsense later on. This cannot even be proven to him in case of doubt since many in the company also use this account.

What measures make password management easier?

As I said, it is not easy to prevent all this. But you can do a lot to keep track of and protect unauthorized access.

  • Log all accounts

    This sounds trivial but is rarely done consistently. Every startup should have a central document where all external services are listed, how to access them, who has access to them and where to find the password. In case of doubt, you can always quickly check if there are problems with a service.

  • Using Single Sign-On accounts

    Of course, this only works if everyone in the company uses a provider that offers such accounts. The most common example is certainly the Google account. If GMail is used as an email provider, it should be checked if other services can be used with it (e.g. Slack). If an employee then leaves, deactivating his company Google account is sufficient to block other services for him as well.

    Interesting side effect: If you set up an administration area yourself, you can of course also connect it to OAuth and GMail. So, the employees have to remember fewer passwords and you can even set up the rights assignment on it.

  • Use individual accounts

    Unfortunately, many service providers do not support SSO. But at least they provide the opportunity to create teams so that everyone gets a personal account. If in doubt, this can then be quickly deactivated without affecting the others. Many cloud services offer this for example (AWS, Heroku, Docker, …). Depending on the service, you can then set the rights again granularly for each individual user.

  • A dedicated email address for accounts

    However, many smaller services only provide easy access. If this is the only way, you should set up a mailing list that you can use for this. This way you can at least ensure that several people receive notifications. Moreover, you can reset your password in case of doubt.

  • Password management

    For easy access, it is usually necessary to store the passwords somewhere and make them available to others. It is obvious that this should not necessarily be done on a freely accessible wiki page.

    There are now a number of tools that start here. KeePass is certainly a very simple solution that can be established quickly. But if you want to have different user groups that are only allowed to see certain passwords, Vaultier would be worth considering. Of course, it is important that there is a person in charge who maintains the tool regularly. Therefore, no one has to or can pass on the passwords by Slack or email.

  • Offboarding process

    If one of the loyal employees really leaves the company, there should be a process to deactivate which accounts and how and where passwords might have to be changed. If the employees introduce a new service, they also have to update the process or inform the responsible person to do so. Changing passwords is the most time-consuming part of this process. However, this is unavoidable if you want to make sure that the former employee really has no more possibility to access company accounts.

  • Bonus level: Deactivate services completely

    The older and bigger the company is, the more services have accumulated in the meantime. Many of them are not necessarily free of charge, but the prices are rather negligible. Nevertheless, 20, 30 Dollars a month is a lot of money if you do not use the service. Therefore, one should evaluate the list with the services regularly. Doing that it will save you money and at the same time to purify the offboarding of course.

It needs the ultimate password tool

Of course, the optimum would be a tool that automatically takes over the above-mentioned tasks. This would have integrated the most common services and the password administration would be done automatically. Included would be changing of passwords, although the user should not see them. Additionally, an assignment to teams would also be part of it. Unfortunately, I have not found such a service yet, but one should not give up hope.

Der Beitrag Password management and documentation in startups erschien zuerst auf Jörn's space.


Are meta-data the new drugs?

Sitting is the new smoking. So they say. Because sitting too much and not enough exercise is unhealthy. Say the data. And nobody smokes anymore today, almost nobody. Except for a few incorrigible ones and those who now have these new-fangled vaporizers. And yes, the comparison is a little misleading, because you cannot always choose the sitting position. After all, not every office offers standing desks for working. However, it is said that data is the new gold. And the many services we use...

Sitting is the new smoking. So they say. Because sitting too much and not enough exercise is unhealthy. Say the data. And nobody smokes anymore today, almost nobody. Except for a few incorrigible ones and those who now have these new-fangled vaporizers. And yes, the comparison is a little misleading, because you cannot always choose the sitting position. After all, not every office offers standing desks for working.

However, it is said that data is the new gold. And the many services we use today without paying for them are not actually free. We pay with our data. And in fact, we are not the customers, but the product. The customers are the advertisers who use our data for advertising purposes. Or other companies that who knows what to do with our data. The funny thing is: We are somewhere subconsciously aware of that. And actually, it doesn’t really matter, because these services have been a great success and earn a lot of money with their business model.

This is not even about the data that we enter directly. At least as interesting are the meta-data, i.e. those that are collected almost incidentally and often not comprehensibly for us. That, for example, the new mobility service providers such as car sharing companies, bicycle rental companies and Uber movement profiles create, seems clear to everyone, even if the meaning behind it is not open to everyone. But even that hardly upsets anyone.

The data scandals should come as no surprise

Only sometimes some reports startle us. Like recently, for example, the “scandal” surrounding Cambridge Analytica. Or the study by the University of Nuremberg, which could only create online profiles of strangers based on the online status of WhatsApp available to everyone. Sure, you might say that this is a nice game, but who cares? For example, health insurance companies that see that you do not get enough sleep and then increase your fees. Or the next employer who is wondering whether he should really hire the applicant if he is online all night and therefore perhaps not as efficient during the day.

This is where the dilemma begins for the individual: What is the consequence? Switch to a better messenger, like Signal or Threema? Where you are all alone because your circle of friends dismisses you as a “nerd” or a “tin foil hat”? Or refrain completely from being excluded from current communication with the result? In addition, you would have to shut down the entire smartphone, because Android and iOS already send a lot of metadata to their creators by default. VPNs don’t even help, because the data is collected on the device itself. And even with a “dumb-phone” the mobile phone provider gets enough connection and movement data, which certainly allow some interesting conclusions. So right back into the cave, communication by smoke signal and say goodbye to modern life with all its amenities? Probably no alternative either.

Can there be a solution?

Of course, I have to be careful with my data and ask myself with every app: Why does it need this authorization? Does a flashlight app really need to access my location? But sometimes this is exactly what I want.

And so, sitting is not the new smoking for me, but the whole use of social media / messenger / internet stuff. Although I know I am revealing a lot of data with it, I do it anyway because it is fun and has a benefit for me. Exactly this logic must have smokers also (as a non-smoker for me difficult to understand): Although I know that smoking is harmful to my health, I consciously choose it because I enjoy it, enjoy it and want to have the effect. The only difference is that I think smoking is easier to quit.

Der Beitrag Are meta-data the new drugs? erschien zuerst auf Jörn's space.


Why everybody should use a VPN nowadays

When networks became established in the companies, there was soon a desire to connect to the internal network from outside. The main reason was that you could access its resources in this way. For example, field staff wanted to access files stored on the internal file server. Of course, it would have been a possible way to make the server accessible from outside. It is obvious, however, that this might not be the optimal solution from a safety point of view (not that this has not been done...

When networks became established in the companies, there was soon a desire to connect to the internal network from outside. The main reason was that you could access its resources in this way. For example, field staff wanted to access files stored on the internal file server. Of course, it would have been a possible way to make the server accessible from outside. It is obvious, however, that this might not be the optimal solution from a safety point of view (not that this has not been done anyway and probably is still being done). It is better to connect to the internal network from the outside and then become a part of it. VPNs (Virtual Private Networks) were introduced for this purpose. The employee then logs on to an externally accessible server with a specific protocol and then can work on it as if he were directly connected to the local network. To ensure that this connection via the VPN is also secure against interception, it is encrypted. This protects company secrets.

Reasons for a VPN in a private environment

Over time, VPNs have become more and more common. Like in universities, for example, so that students can connect to the university network. VPNs are also being used more and more frequently in the private sector. It is no longer necessarily a matter of logging into another network, but of accessing the Internet from somewhere else and masking where you actually come from. There are actually three main reasons for this:

  1. Unblocking geoblocking
    This is surely the reason most people in these parts are familiar with VPNs. Usually, it is then a matter of getting content from other countries that is not available in your own country for licensing reasons. Certain content of Netflix and YouTube is usually limited to certain countries. This also applies to the media libraries of major television and radio stations and, above all, to sports streaming. If you now connect to a VPN and a server in the respective country, the content provider will assume that the user comes from this country and offers the content to him.
    Of course, this approach has now also been recognized by Netflix and Co. and under pressure from right holders, they also try to take action against it. It is a cat-and-mouse game, where some providers have specialized in the meantime.
  2. Access blocked content
    This use case is quite similar to the previous one. However, this is about accessing content blocked by the government or Internet providers. This applies above all to countries in which Facebook, Twitter or even Wikipedia are blocked, for example. Here, too, the user accesses a server through the VPN in another country, where these contents are not blocked. Such countries are for example Turkey, Russia or of course China. The latter is a particularly good example of how governments are well aware of this loophole and the “Great Firewall” cannot be tricked with this. In other countries, where private Internet providers in particular are forced to filter content, VPNs are less rigorous and technical hurdles are significantly lower. But even this is becoming more and more a game of cat-and-mouse.
  3. Privacy
    That should be the reason why everyone would actually use a VPN. And that is probably the rarest reason why people actually use VPNs. The advantage is obvious: The user connects to the server of the VPN provider. Even with a data retention you only see in the log files that you are using this VPN, but not what is being done about it. On the other hand, in the log files of the web server, for example, you will only see that the VPN server has accessed the website, but not where the actual user comes from. Only the VPN provider knows its IP address. This is also one of the reasons why VPNs are viewed with suspicion by some governments and banned directly by others. Because then it is no longer possible to trace who accessed what and when, and data retention, for example, is running into the void.
    But the reason does not even have to be that you really have something to hide. If you connect to a public Wi-Fi connection, you never know exactly whether you can really trust the provider and whether he has really secured the Wi-Fi. For example, some safety deficiencies have been identified in the Wi-Fi network on Deutsche Bahn trains, which make additional security worthwhile.

Limits of a VPN

What a VPN cannot do is prevent tracking while browsing. If the advertising industry wants to track someone, this is usually done through cookies. These are also set and stored when using a VPN. If you want to prevent this, you have to use certain browser techniques like the anonymous mode or special plugins. And even then, devices can still be reliably identified by fingerprinting. This technique uses various parameters (device manufacturer, device type, browser resolution, language, etc.) and enables more or less unambiguous identification.

Not every VPN is secure

Now the question is which VPN to use. The answer is much more difficult than expected, because on the one hand it depends on the specific use case, but on the other hand not necessarily first and foremost on features or speed. Instead, you should pay attention to the price. More specifically, that the VPN costs money at all. Because the question a user should ask himself is, with what the VPN provider earns money at all. Because the VPN infrastructure costs money and since this is usually still to be earned, you also need a source of income. If the money does not come from the users, it is very likely that the users’ data will be turned into money. This means that the provider logs everything the user does and later sells it to other companies. And because it has to store the data somewhere, even government agencies can access it, which makes it dangerous to use in certain countries. Therefore, a VPN should cost money and also have a “no-logging policy”. Only then should you consider criteria such as which countries are offered or additional features. Generally speaking, it is not possible to rely on the relevant comparison portals, since it is here only about which provider pays the most to the portal (keyword affiliate).

Are VPNs evil?

A note on the ethical side: VPNs can of course also be used to do illegal things. Be it Bittorrent, terrorism or anything else, with a VPN, criminals can hide easily. But this applies to almost everything that can be found in this area, be it encrypted messaging, file encryption or other techniques that protect privacy. All this can always be used for evil. I think it is not acceptable to ban these technologies for everyone because they abuse some of them. But this discussion is taking place at several levels.

Der Beitrag Why everybody should use a VPN nowadays erschien zuerst auf Jörn's space.


Too many passwords spoil the security

The average German internet user has 15 different accounts. Some of them he created because he wanted to, others he was forced to create more or less. And every single one of them is normally protected by a password. Of course, the user is lazy and therefore he is using every time the same password. At least since the major security breaches at Yahoo, LinkedIn and Tumblr you see what are the consequences. The leaked email-password combinations were used to try them at others services on a large...

The average German internet user has 15 different accounts. Some of them he created because he wanted to, others he was forced to create more or less. And every single one of them is normally protected by a password. Of course, the user is lazy and therefore he is using every time the same password. At least since the major security breaches at Yahoo, LinkedIn and Tumblr you see what are the consequences. The leaked email-password combinations were used to try them at others services on a large scale and with an astonished high hit ratio accounts could be compromised.

Obviously, the question is how can this be prevented best. Additionally, there are two basic conditions that do not make this easier. For one thing, more and more services insist that the password of the users has to follow specific rules (special characters, numbers, minimum length, …).  For another thing, the user should never use the same password at multiple services. Both conditions are very reasonable advices. But can you really expect from the user to remember 20 different and very complex passwords?

You can of course write down all passwords on a sheet of paper. This might be good enough to get by as long as you are not pinning this paper direct on the computer. But you will have difficulties if you are out and about. Especially if you are not using your own computer like in an internet café.

2FA as supplement to passwords

A quite good addition to the common password authentication is the two-factor-authentication. With this one another, as independent as possible factor will be introduced, for example an SMS that is send to your mobile with a one-off code. This method is not completely secure especially if you use the same mobile for entering the code that also received it. But it is sufficient for the above described scenario. The catch is that this is not implemented particularly by smaller providers. While Microsoft, Google or Facebook integrated respective mechanisms for their user base for example Ebay has no such thing. At the same time, you do not have to take the SMS that causes costs on your end.  The time-based one-time password algorithm is not causing recurring costs and for the most common programming languages there are corresponding libraries.

The users cannot be made responsible alone but again the providers have to act. Beside of security actions like 2Fa they have to take care that there is a limitation in the login procedure. Furthermore, it is a matter of course that stored passwords in the system are hashed (From personal experience I know systems were the passwords are stored in plaintext or only hardly encrypted.). And maybe the providers have to be forced to introduce 2FA (or similar measurements). To force the user to use more and more complex passwords cannot be the right way on the long run. Security has to be convenient and sometimes you have to make compromises to make it easy to use. Otherwise the user will look into workarounds with which they remove their security.

Der Beitrag Too many passwords spoil the security erschien zuerst auf Jörn's space.


Programming language – the new Babylon

The German industry information service Heise.de proclaims the most popular programming language in 2016. The winner is: Java. While this was less surprising for ingrained Java developers, especially younger developers will be skeptical about this result. Programming languages were always the subject of religious discussions (You can see that in the comments of the article). But it seems to me that recently these discussions intensified significantly because of the popularity of new languages....

The German industry information service Heise.de proclaims the most popular programming language in 2016. The winner is: Java. While this was less surprising for ingrained Java developers, especially younger developers will be skeptical about this result. Programming languages were always the subject of religious discussions (You can see that in the comments of the article). But it seems to me that recently these discussions intensified significantly because of the popularity of new languages.

If you look back 15 years, there were basically only two languages (at least in web development): Java and PHP. While PHP was used mainly by frontend developers which tend to put SQL statements in the HTML templates Java developers transformed every little project into a mammoth task. Some audacious Microsoft enthusiasts relied on ASP and JavaScript was only used for smaller snippets within the browser clients. Just with the rise of Rails that could be used to build prototypes of complete websites within hours Ruby could be established. With its lightweight approach the language fast got more famous besides the pure frontend development.

As mentioned before in the last five years more and more programming languages have come into the market that were not used only in a niche. Golang, Erland, Elixir or Scala have built a steady fan base. And especially when more applications are transformed from a monolith to an architecture with autonomous service every of this service could be theoretically build in another language. Still an exception are the mobile apps because here the languages (Java and Objective-C resp. Swift) are set by the platforms.

Which programming language you should use?

But what does that mean for the prospective developer, which language he should learn first? And which language should you consider for your startup or the refactoring of the legacy application? There is no easy and universal answer for both questions. This depends on the requirements and the goals you want to achieve. But there are some hints you can get.

For the apprentice learning a programming language that is lightweight and its structures are quite flexible is easier. Ruby and JavaScript are simpler in this regard then Java or C++. But in my opinion especially for beginners it is better to pick up a language with more structure that could be applied to other languages. For example, the problem with PHP is not that it is a bad language per se but it makes it easy to develop in a bad way. You can also develop in an unstructured way in Java but it is much harder. If you later switch from Java to Ruby you can adopt some of the basics and methodologies that helps you to keep the overview. This is similar to learning driving. Of course, a compact car is easier to oversee and more practically in some situations (for example if you are looking for a parking space). But if you learned on a big estate car or an SUV you can adapt the driving of a compact car more easily than the other way round.

Besides of that at least knowing a more common language will increase the chances to find a job. Due to the fact that there are still a lot of legacy projects in C, Java or Python (and new projects will using these anyway, see next paragraph) you can start with that and maybe introduce a new one later on by yourself.

Make an educated guess at new projects

And what about the startup? Here the choose of the programming language could be a fundamental part of the success. It is not about the language itself but more because of the ecosystem of the language. Normally two to three developers are working in an average startup at the beginning. Every single one of them is very important for the company and in case he will leave he has to be replaced as fast as possible. If you then introduced a very exotic language it could be even harder to find a suitable successor. In the worst case a third-party agency has built the first version of the application and made the decision for a more unknown language. Later on, you have to pick up that by your own and find experts to overtake the development work.

Additionally, you should take care that the number of used programming languages is as low as possible. The possibility that your frontend developers could also work in the backend area (and vice versa) could be very valuable especially in a small team. If every backend service is developed in its own niche language it will be much harder for new developers to catch up and get the overview.

JavaScript is some kind of special in this regard. Started as a pure frontend / browser centric programming language it more and more conquers also the backend with the help of Node.JS. Due to that fact experienced full stack developers can work both in the frontend and in the backend. But be careful, not every frontend developer can build backend services (and that applies even more for backend developers in the frontend).

Another thing you should have in mind are the availability of connectors for databases, services and other tools. There is an implementation for nearly every programming language. But sometimes this is the side project of a single developer that was updated seven months ago. It might be a good idea to look out for an active developer community. Otherwise you might not get any support in case of updates or bugs.

The “best” programming language doesn’t exist

Also in the future discussions about the “right” programming language will be driven by ideologies and prejudices. But besides that, especially in small organizations you should be careful not to follow every trend because the new programming language is so hip. It might be boring to choose the traditional language but your risk will be lower. Particularly if single developer demand to use the bight new and shiny XYZ-lang because it is so much better than the other ones you should only consider to do that if you have thought about that day when these people will not be around anymore.

Der Beitrag Programming language – the new Babylon erschien zuerst auf Jörn's space.


Link to Category: Internet Blogs

Or if you prefer use one of our linkware images? Click here

Social Bookmarks


Available Upgrade

If you are the owner of Jörn's space, or someone who enjoys this blog why not upgrade it to a Featured Listing or Permanent Listing?


Blogging Fusion is ranked as one of the oldest and strongest directories online!