So I started learning Java and there are lots of boilerplate code. To use some Date functions there is a requirement to import it first before you can use it lol. In PHP and JS no need to import anything so less code.

  • 3
    I mean... Python gets rid of javascript's silly braces. Even less code! Although I'd say java vs javascript have very different focuses. Javascript was built for the web, you're likely to be interacting with dates, networking, etc. It makes sense for these things to be first class features of the language. Java wasn't built to run in a browser. It has a different focus.

    PHP is not considered a very secure language. Is banned at some companies, eg Amazon.
  • 5
    I agree that java has a ton of boilerplate...but importing things sounds all right to me.
  • 2
    @atheist you got a source for that last statement?

    Also, just to be clear: no need for importing stuff like Date libs in PHP is definitely not related to security, but more likely due to it also being built for the web, just like JS.
  • 0
    If you're going to use lots of common functionalities like date and something else then you need to import all of those in your Java file?

    I wonder why all big companies like Java + Spring boot if Java is not built for the web? Because they don't like open source like PHP? I'm only studying Java because in work they require me to but personally I'd study something like Python or Go. Much higher salary opportunities than Java.

    Though I miss coding in PHP. What's the tech stack of Amazon?
  • 6
    Commenting because I'm pretty sure this thread will end up a dumpster fire and I want to be notified of it.
  • 2
    @atheist and yet they have an SDK in php... yep not fully banned then.

    I'm sure there's no reason for its use inside Amazon, and internal applications wouldn't be using it, but saying it's banned when they clearly support it at a customer level is the wrong statement, someone has to know php to be able to write and maintain and sdk, even if it's generated code.

    Also 📌
    Prepares for world war 749374838.637
  • 1
    @100110111 I worked at amazon a couple of years ago, so first hand. Another reference:

  • 1
    To be clear, it wasn't impossible to use PHP, but you had to get infosec permission and were more likely to face scrutiny.
  • 0
    Use of PHP was described as "banned" internally.
  • 3
    I wouldn't want to be quoted on this, but some of it was about the quality of libraries, all external libraries had to have some level of review for security problems before they were used. PHP was considered a language which it was easier to make insecure code in or more likely to be written by less experienced engineers therefore more likely to contain security problems. This is my memory, it's not perfect, I might be wrong.
  • 0
    "Some level of review" was likely at least partially automated (amazon has automated tools to detect bugs for example). There are internal mirrors for all code packages. This was in part to ensure a 100% reproducible build system (if you're Interested read up a bit about "Brazil").

    Brazil discussion: https://gist.github.com/terabyte/...
  • 1
    @atheist from what I’ve heard from my contacts within Amazon, there may be more to it. The next is hearsay, so intrepret accordinfgly: while the reasoning given by InfoSec for the PHP avoidance policy is certainly valid (it is a hazard in the hands of inexperienced devs, can’t deny that), issuing it was more a result of office politics within InfoSec - a personal vendetta against PHP, if you will - than anything else. Again, this is hearsay. But let’s face it, you could use the same arguments to ban JS, Python and probably many more languages and tools…
  • 1
    @atheist yes, I am familiar with Brazil :D
  • 1
    @100110111 you may be right, I didn't look into it that closely. I don't know PHP, so doesn't have much of an effect on me.
  • 3
    Quick bullshit test:
    Did they also ban C, C++, Perl, Shell scripts and JavaScript?

    Yes: Okay, they actually did it for security.

    No: They just picked a random language with bad reputation to "do something" about security.
  • 2
    @Oktokolo as I say, I didn't look into it that much. The concerns (as I understood them based on what I read) were not in relation to what internal engineers wrote, instead what was in the libraries we would use as part of our job. As has been mentioned, this may not be accurate.
  • 2
    You have packages in every language, if you told me everything is global in php i would have thought youre joking lol
  • 2
    You mean PHP and JS 10 years ago?

    Take a look at ReactJS, TypeScript, and PHP frameworks like Symfony and Laravel and use a proper linter and IDE, and it will have much more in common with Java development that you think. Still less verbose though!

    I used to do some Java coding some years ago, and it required a load of boilerplate code for reading a file or converting and formatting a date, so we used Groovy and server-side JavaScript (not node, but Rhino) to be able to describe the business logic with less overhead, and JSP, ISML, and freemarker for the presentation layer.

    I would not want to use any of it again, if I can choose PHP with Symfony and Twig instead!
  • 1
    PHP has evolved a lot and only bad developers makes it look bad. Even with the best programming language but when a bad developers code it then it will have an issue in security, best practices, etc.

    Every language has is pros and cons. You wouldn't use PHP if it will be the best for the use case scenario? So Java is not my preference because of lots of boilerplate codes you need to remember, type or auto complete.
  • 2
    Btw if your opinion on java is "much boilerplate" i advise you to use java that is not from 2006, because its almost on par with scala nowadays
Add Comment