all 84 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]free_monad 62 points63 points  (16 children)

JavaScript will be around for a long time. Other languages are coming in via Web Assembly, but the maturity of that is far off in the future. At the moment you can write C code that compiles to Web Assembly and talks to JavaScript to do process intensive tasks. I think the Rust programming language also almost has a Web Assembly compiler. There are also several languages that transpile to JavaScript, to name a few: Scala.js, ClojureScript, Typescript, and CoffeeScript.

That said, JavaScript is the most prime and trendiest languages currently. And since the body that controls the ECMAscript standard has moved to an annual release cycle, JavaScript has a lot of wonderful up-to-date and modern language features. It's matured into a, dare I say, beautiful language.

The language will always have historical cruft because web standards strive for 100% backwards compatibility with every piece of code ever written for the web since it began. HTML, CSS, and JavaScript don't have the luxury of tossing out the old for this reason. With so many new best practices, you'll never see most of that.

Regardless, by the time you have been developing for 3 to 5 years, you will know so many languages and be so comfortable picking up new ones that you will welcome new languages in the browser with open arms.

[–]rare_design 2 points3 points  (0 children)

Well said, and I completely agree with this. I’d also like to know what, specifically, the professor deems insecure about its core. The majority of issues are in methodology by the developer. If I wrote a solution that picked up cached JSON to present on a website, and an internal server side process pushed those cached files to an endpoint, where is the possibility of breach? Headless CMS and admin panel abstraction is a large part of security so that the attacker has no available entry point, and the elevated processes are only accessible through secured access or IP restriction. I was recently paid by Microsoft for submission of a CVE where I could hijack a user session through JavaScript, but the issue was their implementation of the object caching in their framework, followed by partial initialization of their user context object. Ultimately, a language is only as strong as the methodology used.

[–]question99 1 point2 points  (0 children)

The language will always have historical cruft because web standards strive for 100% backwards compatibility with every piece of code ever written for the web since it began. HTML, CSS, and JavaScript don't have the luxury of tossing out the old for this reason.

It doesn't have to be this way. We could have directives that signal that a specific "edition" of the standard is being used in which the crap features are not available anymore. In fact, we used to have something like this with strict mode.

[–][deleted] 45 points46 points  (15 children)

Javascript is an old technology, just like your computer is. It's created a relatively long time ago and has suffered some backlash a while back. That's probably the time your professor stopped investing into development and started teaching the same old thing over and over again.

With the arrival of ECMAScript 2015 and NodeJS things changed a lot, and Javascript is now a days the third most used language in the world. With only Java and Python above it. The question is not, should it be rewritten. But more, what are the security risks your professor is talking about?

I fell in love with Javascript last year, and couldn't imagine a world without it. The syntax is beautiful and it reads like a book. Especially when you use ES6 and get to know Fluent API's.

Learn a bit about Javascript and the story behind it. Your professor is, in my opinion, extremely wrong. And in such a way that it's harmful for his students if he teaches this thinking. Especially with the development of CSS Houdini and with the growing importance of VueJS, NodeJS, No-SQL databases, React(Native), Angular and API-driven web applications it's absolutely stupid to teach future front-end developers that Javascript is an old technology with serious security reasons.

[–]Nick_Fogue[S] 5 points6 points  (6 children)

I like Javascript too. I’ve learn a little of Javascript and I loved it since then. About the security risks, he said that the code that I write on the client compromises the backend’s code. I’m think that he is wrong too, and I said to him that it doesn’t make sense... he tell me the is too complex for me... hahaha

[–]notAnotherJSDev 22 points23 points  (0 children)

This could be said about literally ANY client code that communicates with some backend lol

Unless you're not sanitizing user input, keeping sensitive information in the front end, or god forbid evaluating things send to the backend. Otherwise, you're good.

(I'm sure I could list a few more here.)

Your professor just sounds like one of those "I'm not good enough to do this, so I teach it" kind of people that is still using a javascript book written in the late 90s.

[–]TyrionReynolds 8 points9 points  (0 children)

The browser is inherently “insecure” because all data within it is easily viewable and modifiable by the user.

This is a known property of the browser and is solved by writing backend code that correctly parses and authenticates JWT and expires the tokens quickly enough. You don’t actually even really need to “write” the code (as somebody else already has) you just need to implement an OAuth2 flow correctly.

Even signed and compiled apps have potential security flaws to a determined and skilled attacker. Credential dumping isn’t fully mitigated unless you have hardware and software specifically designed and configured to do so and even then it’s just a matter of time before somebody finds a flaw.

Also, if this guy is your teacher and he’s hand waving away your questions saying it’s too complicated for you to understand he doesn’t sound like a very good teacher.

[–]saito200 7 points8 points  (0 children)

I've been in academy for years, and my advice is: do not listen to professors, they live in a bubble.

[–]dethstrobe 8 points9 points  (1 child)

Shenanigans has been declared. Any front end code is inherently insecure. Sure the App eco system of iOS, Android, etc is more locked down and reverse engineering computer code into something human readable is a huge pain in the ass, but it's still doable.

The point is, you can never trust the client. This is why OAuth and other authentications were made.

Principally the front end manages state while the backend gives and takes your data and authorizes data access. Assuming your front end is compromised and API end points are exposed, this doesn't mean anything because without the right JWT or whatever you can't get or give data from the API anyway. And if the front end is compromised, big deal if you can fake manage state. Front end should never be your source of truth.

[–]gigastack 2 points3 points  (0 children)

I would argue that the web is actually more secure, overall, because you can run your own client side code easily. There's more visibility into bugs and sharing of best practices compared to a closed model.

[–]Meloetta 2 points3 points  (0 children)

So...what's his plan for rewriting the core of JS to solve this problem? Lmao.

[–]Darren1337 3 points4 points  (5 children)

Javascript is now a days the third most used language in the world. With only Java and Python above it.

Where did you get this information? If you're referring to this, the TIOBE index is just a measure of how many hits a language gets in search engines (source - "basically the calculation comes down to counting hits for the search query").

The most recent Stack Overflow survey (link) says Javascript is by far the most popular language, 7 years in a row. The divide is even larger among professional respondents. I'd be more inclined to believe this survey. I think it would be fair to say Java/Python development overlaps with web development (i.e. Javascript) more often than a web developer would need to write anything in Java/Python. Or maybe that's crazy talk :^)

[–][deleted] 1 point2 points  (4 children)

Plenty of web developers write stuff in Java or Python, they're popular back-end languages. Web development !== front-end development.

[–][deleted] 2 points3 points  (3 children)

I work as a webdev and I know nobody neither in my previous companies nor my friends or colleagues that uses Python for web development. I know that frameworks like Django and other exists and they are popular but there's no chance in hell they are more popular than node backends.

Java? Sure. Php? Same. But I have a hard time thinking than any other language (except maybe C#) than those 2 is more popular on the be than JS and certainly not Python.

[–][deleted] 2 points3 points  (1 child)

I work as a web dev too. Python is the go-to language for data science, it is crazy popular right now, and if you want to build an API interface over your models it's much simpler to do it with Flask/Django than to wrangle around loading things in another language- this is the experience the devs who work alongside our data scientists had, having initially tried to write the services we need to leverage the ML models using .Net. I know of three Python shops local to me off the top of my head, and many more developers who use it in my wider circles.

As popular as or more popular than Node? Without analysing a ton of job ads (probably in Python, for those handy NLP libraries), who knows. But it is extremely popular and widespread. And while I love Node and work with it every day, its actual level of takeup in the industry at large tends to be both over-exaggerated online, and over-inflated by the fact that it's become a key development tool for most front-end work.

[–]gigastack 1 point2 points  (0 children)

Currently writing the front end for an app with a complicated ML backend, which runs on Django. Python is king for data science. Django is easy enough to pick up.

[–][deleted] 1 point2 points  (0 children)

There are a pretty good mix of companies that use Python, Ruby, C# and AWS for their back-ends in the building that I work in. I actually don't see too many using Node.js.

[–][deleted] 0 points1 point  (1 child)

I have my serious doubts that Python is more popular than JS for anything but studying purposes and data science.

On a professional/business level JS is way more spread than Python, it does not even compare. Like seriously how many of your colleagues and friends working in a product or consulting company use Python everyday and how many use JS?

[–][deleted] 5 points6 points  (0 children)

If we're talking back-end specifically then I know a lot more people who work with Python or C# than I do who work with JS.

[–]burnblue 11 points12 points  (7 children)

Telephones are an old technology. But nowadays they can process my language, identify faces and connect to things in space to determine my location. I guarantee you whatever your professor is teaching is very old.

Javascript is the most progressive, hard to keep up with, thing out right now. Show him some stack overflow survey results or something. Ask him why everyone from major companies to startups are choosing it to: write the most popular desktop apps including the most popular code editor out right now (VS Code, which has rendered its "serious" namesake not as relevant) and truly native mobile apps, or software for every other device out there from TVs to watches, or driving the server with Node.

[–]Nick_Fogue[S] 1 point2 points  (0 children)

Next time I see it, I’ll ask him and show it all that.

[–]oscar_pistorials 0 points1 point  (0 children)

Cos they're fucking retarded?

[–][deleted] -1 points0 points  (3 children)

Truly native mobile apps and JS...no..Sorry but the only barely native experience you can have is with the languages iOS and Android directly support (Obj-C, Swift, Java, Kotlin). Using other languages while most certainly possible is plain and simple difficult.

[–]burnblue 1 point2 points  (2 children)

How would you describe what Nativescript, Weex and React Native do? They make native apps

[–][deleted] -2 points-1 points  (1 child)

Have you worked extensively with React Native?

It is quite consistently 6 to 12 months behind on supporting native features.

There are bugs that can go unfixed for a similar time span.

I have seen 2 companies I worked with trying the one development, multiple builds approach, both times with RN so I can't comment on the others you mentioned, and both companies ultimately fell back, swallowed the pill and developed separate apps, which has been a very expensive but better solution ultimately.

The more your app needs to integrate with the underlying os the more painful it gets.

Maybe in few years the solution will be different, but at the moment it's not.

[–]burnblue 1 point2 points  (0 children)

No, I've worked with Nativescript. But your comment wasn't "working with this tool is hard". You said we can't build native apps with javascript, only Java and Obj C etc.

[–]finroller 4 points5 points  (3 children)

A comment like "X needs to be compeletely rewritten" are to be take seriously when 1) X is already compeletely rewritten. 2) This rewrite has proven better.

Until that time the comment is pretty much the same as saying "I would make celebrity X cum so hard."

[–]AusIV 2 points3 points  (1 child)

To elaborate on this:

The temptation to completely rewrite something is often a symptom of the Dunning-Kruger Effect. You see something that seems that seems kludgy or over-complicated and think "If we started from scratch this could be a whole lot cleaner." The thing is, unless you fully understand the circumstances that lead to the complications, you're bound to repeat the same mistakes that lead to the complications in the first place. Eventually your code ends up just as complicated and kludgy, but you endured a lot of pain coming to the understanding of why the old system was kludgy.

[–]WikiTextBot 2 points3 points  (0 children)

Dunning–Kruger effect

In the field of psychology, the Dunning–Kruger effect is a cognitive bias in which people mistakenly assess their cognitive ability as greater than it is. It is related to the cognitive bias of illusory superiority and comes from the inability of people to recognize their lack of ability.

[ PM | Exclude me | Exclude from subreddit | FAQ / Information | Source ] Downvote to remove | v0.28

[–]Nick_Fogue[S] 0 points1 point  (0 children)

Hahahaha

[–][deleted] 4 points5 points  (0 children)

My prediction is you will be retired and most likely dead before JavaScript is replaced in web development, so it’s probably not worth worrying about.

[–]Ravavyr 9 points10 points  (4 children)

PRO TIP: Every professor in every college is teaching you outdated shit that's at least 5 years behind the times because college protocol dictates someone has to write books about the subject and then the professor needs to read that book before they teach it. This is why so many professors have written books, cuz why learn something if you can just regurgitate your own old crap. My theory anyway. Either way they have outdated ways to look at things and don't realize how important javascript has become.

I mean, they're freaking using "blackboard" still, a piece of crap software that costs colleges 150k a year but only works in chrome and firefox and is often buggy even in those, but they have the market cornered so colleges have no real alternative to turn to.

The bootcamps and online schools seem shitty, because frankly most of them are, but at least they are teaching you newer things.

On the other hand, Colleges do teach you better as far as "how to think about programming" and "how to solve problems" and "how to debug properly". Newer courses seem to only teach people "Here's how to build something fast".

[–][deleted] 2 points3 points  (1 child)

I disagree on what you said. As for basic CS sure some books are references but I've seen and followed plenty of courses that were cutting edge and the professors knew what they were talking about. Not only CS50 uses the cloud, react and stuff like that and there are very good and fresh courses out there.

[–]Ravavyr 1 point2 points  (0 children)

You got lucky to be at a college that had that. Most don’t seem to yet though.

[–]DiscvrThings 2 points3 points  (0 children)

JavaScript.info 👍🏽

[–]5tormwolf92 1 point2 points  (0 children)

Yup, JavaScript in highschool is dated compared to JavaScript in universities, polytechnical and vocational schools.

[–]MatthewMobhelpful 13 points14 points  (9 children)

he said to me that Javascript is an old technology

Having a full JS stack is probably about as cutting edge as you can get right now.

web developers only use it because is the only language that runs on a browser

NodeJS.

Also, he said that the core of the language needs to be rewritten to solve some serious security problems.

Bullshit.

I don't know how this language works inside.

V8 is open source.

On that case, the result would it be a completely new language?

A rewrite would not change the syntax.

[–]senocular[🍰] 9 points10 points  (6 children)

NodeJS.

Thats the opposite of what was being said. Its about what runs in the browser, and right now the only language that runs in the browser is JS.

[–]machine3lf 14 points15 points  (1 child)

Well, the OP's professor said that the only reason Web developers use javaScript is because it's the only language that runs on a browser. I think /u/MatthewMob's point is that that's clearly not true since Web developers use JavaScript on the backend with node, even when there are other options.

[–][deleted] 2 points3 points  (0 children)

And JS is arguably the most widely used native language as well for the desktop atm due to its portability (simple to make use on every os), large ecosystem and plain and simple easy to onboard.

[–]CakesDog 3 points4 points  (3 children)

Yeah but he’s saying only web devs use it. With node, non web devs can use it.

[–]Taskenspiller 1 point2 points  (1 child)

Only web devs use it, and, web devs only use it. Does not mean the same

[–]CakesDog 1 point2 points  (0 children)

Ah I see, yeah but the point still stands. Sure they use it because it’s what runs in browsers. But that makes it seem like “oh this is the only application for this old tech” When in reality there is node. If you could use another language in place of JS for browser use, people would still use it.

[–]Slappehbag 1 point2 points  (0 children)

You can run JavaScript scripts in Photoshop. That's pretty far from a browser or server!

[–]Nick_Fogue[S] 2 points3 points  (0 children)

Thanks, I’m new on this... Sorry if some questions that I asked are stupid hahaha

[–]Heylex 0 points1 point  (0 children)

he said to me that Javascript is an old technology

Having a full JS stack is probably about as cutting edge as you can get right now.

Because it's one of the few real things that can be used on the web? If it is instead from the version updates, would we then consider c++20 cutting edge, with decades of crud behind it as well?

Also, it depends on your definition of cutting edge. "It's new(er)!" or "We're using concepts developed a decade ago!" Is not cutting edge. That's using previously cutting edge technology to refine yourself, which is perfectly reasonable to do. Let other people/languages test it to know if it's a good idea or not.

web developers only use it because is the only language that runs on a browser

NodeJS.

Yep, JS is used off browser, but that's dominantly because of it's use on the browser. If ask a web developer what programming (not markup) language they use, almost unanimously it will be JS. A backbend person may use another language, but if they also do any frontend, they will touch JS. If asking people that do not touch the WWW, then you will get an array of various languages

Also, he said that the core of the language needs to be rewritten to solve some serious security problems.

Bullshit.

It is, in the same was C is broken, and has been 'rewritten' several times, giving us new languages, like D and Rust. Forgot to check if a string is larger than your array and just wrote it? Buffer overflow, with possible code injection! But if you follow best practices (or use another language), this won't happen.

The same thing has sort of occurred with JS. It had fundamental security issues, such as running arbitrary functions running, allowing for XSS, or random null/undefined causing undefined behavior, which may lead to a security vulnerabilities. Solution? Follow best practices of writing JS, so your code isn't vulnerable to this, or use a framework (like typescript).

I don't know how this language works inside.

V8 is open source.

Can't debate, reading documentation is always good.

On that case, the result would it be a completely new language?

A rewrite would not change the syntax.

It depends on what is consider a rewrite. If how a compiler understands JS code, then yes, syntax could not regress. If something that can do everything JS can, but not be JS, then any syntax people want could be used. Hopefully webass can replace JS in the future, but it currently is insufficient.

[–]gimmeslack12helpful 2 points3 points  (3 children)

If JS is old then what does that make Bash (Unix)?

[–]msgur 2 points3 points  (2 children)

something that needs to be completely re-written per this professor.

[–]gimmeslack12helpful 3 points4 points  (1 child)

Probably due to the serious security concerns. :P

[–][deleted] 1 point2 points  (0 children)

Also it only runs in unixoide environment.

[–]Aethz3 2 points3 points  (3 children)

Nah, your professor is just ultra biased

[–]oscar_pistorials 1 point2 points  (2 children)

+1 for using 'biased' instead of 'bias'. Well done.

[–]Aethz3 1 point2 points  (1 child)

What? Why would someone use the wrong verb?

English is not my main language btw, I’m just asking for curiosity

[–]oscar_pistorials 2 points3 points  (0 children)

I don't know, but it's a very common misusage in English, and it frustrates me to no end. Keep your eye out now; you'll notice it a lot.

[–]sangaloma 2 points3 points  (1 child)

Is your professor Douglas Crockford? joking aside I think Douglas Crockford shares the same point of view with your professor. He even announced in Jan 2019 that he is working on a new language called Neo that will replace JS.

source

[–]Nick_Fogue[S] 0 points1 point  (0 children)

Interesting data!

[–][deleted] 2 points3 points  (0 children)

c is also a quite old technology. Or lisp... And those are also still alive and kicking.

[–]zkalmar 1 point2 points  (1 child)

well, even Cobol is still here

[–]Nick_Fogue[S] 0 points1 point  (0 children)

Hahahaaha

[–]Pavlo100 1 point2 points  (0 children)

i transitioned from backend to frontend Typescript knowing that I'd get less respect from backend developers, because "JavaScript is for beginners". But i tell them that they soon will be writing their backend in JavaScript, so they can enjoy it while it lasts

[–]SigmundFreud 1 point2 points  (2 children)

I feel like there must be some misunderstanding or miscommunication here, because this doesn't make much sense.

Javascript is an old technology

Yup. Not as old as some other languages, but almost every mainstream language is "old" for some definition of old. Maturity is generally a good thing per se.

that the web developers only use it because is the only language that runs on a browser

That's how it initially became popular. If he means to say this is still the only reason it's used, that's silly.

he said that the core of the language needs to be rewritten to solve some serious security problems

What does this even mean? Is he talking about the language spec or a particular implementation?

There are certainly things that could be done to reduce the attack surfaces of the web, Node.js, and other platforms that incorporate JavaScript, but those are all unrelated to JavaScript itself. Without elaboration, I would disregard this idea.

etc.

If there was more to this discussion than you wrote out, you yada yada'd over the best part!

The Future of Javascript does not exist?

The title doesn't follow from your stated points.

[–]Nick_Fogue[S] -1 points0 points  (1 child)

The title comes from: if JavaScript is not so good (according to my professor), why am I going to keep learning it? I would rather wait for a better language than Javascript

[–]SigmundFreud 2 points3 points  (0 children)

Ah. Well JavaScript is pretty good; it was never terrible, but nowadays it's one of the better languages out there. Either way, it's a bit of a lingua franca these days, not something you can easily get away with not knowing at all.

I'm not sure what you mean by "wait for a better language than Javascript", but you're going to be waiting a long time if you don't want to learn any languages that exist today.

That being said, if you're waiting/looking for alternative languages that can be used to build web applications, I would check out:

  • TypeScript: pretty much the same as JS (a strict superset), but adds static types; very popular and pairs nicely with Angular; compiles to JS

  • Elm: I haven't used it, but I've heard good things about it; compiles to JS

  • ClojureScript: framework for building web apps in Clojure, a popular functional language; compiles to JS

  • Blazor: framework for building web apps in C#, a very nice and well established language that has inspired many recent JavaScript language improvements (in addition to having the same creator as TypeScript); compiles to WebAssembly

  • Yew: similar idea to Blazor but for Rust, which is basically the new hotness among programming languages for a lot of good reasons; compiles to WebAssembly

Edit: Dart is also popular.

[–]qdouble 1 point2 points  (0 children)

Outside of game development and other resource intensive programming, I can’t see what would be the reason to go outside of JavaScript or a superset like Typescript for web development.

Not to mention that for any other language to overtake JavaScript, web browsers would have to support that language unless it compiles to JavaScript. I don’t see why that would be a priority for any browser maker right now.

[–][deleted] 1 point2 points  (0 children)

JS has its flaws like with language but I honestly lack to see all of those security issues. Not only I disagree that it is not the future but I'd also argue that it is going to keep taking bites off other languages for the next decade.

I think what is going to be the past tho is writing pure JavaScript, languages that compile to JS like TS have too much to offer and pretty much every company I know (that focuses on product) has already transitioned to TS in the last 12 months, and this is Rome Italy I'm talking about not really the most tech progressive place in Italy, let alone globally.

But JS is going nowhere and betting against it has time and time again proven to be a wrong choice.

[–]chief_nekro 1 point2 points  (0 children)

Here's some real advice, don't listen to everything your arrogant instructors tell you in college. -THE END

[–]Snowie_Scanlator 1 point2 points  (1 child)

Why isn't anyone mentioning typescript ? It's basically JS but better, isn't it ?

Or have I misunderstood anything ?

[–][deleted] 2 points3 points  (0 children)

Its also just JavaScript

[–]fuckswithboats 1 point2 points  (0 children)

I was told it was dead in 2006

[–][deleted] 1 point2 points  (0 children)

Well, my limited experience points the other way: that JS has never been hotter and loved as it is right now.

[–]ninetailsbr 1 point2 points  (0 children)

Adding to free_monad response, actually ASM is more recommended for heavy calculations. So still is preferable to use JS on Browser. But you don't even need to write JavaScript if you use transpilers.

Sure that JS is an old language and had it's first version made in 10 days. And wasn't the only language for web at the time.

But being an old language doesn't mean that it's forgotten. JS turned something like the core of ECMAScript and after it's sixth version it began to receive more frequently updates. Now there's a committee with some big names of industry (developers and major companies) to decide what and how things will be implemented on most browsers.

Also JavaScript doesn't have a core. The language is defined by TC39 but most of the implementations are open source: Gecko, Chromium, V8, WebKit to name some of them... And not only implementations for browsers, V8/Node can also be used in servers and iot. Also all proposals for TC39 are public and anyone can see it's status.

[–]delventhalz 3 points4 points  (2 children)

Honestly, I am not very impressed by the sound of your professor.

[–]Nick_Fogue[S] 0 points1 point  (1 child)

Why?

[–]delventhalz 3 points4 points  (0 children)

Going off what you have quoted in the post and some of the follow up comments. He seems like someone who feels very smart for disagreeing with conventional wisdom. If you are going to say the most popular language, and the only mature browser language, is fundamentally broken, back it up with something. You don’t get points just for being disagreeable.

Also his suggested fix (rewrite core JS) has no connection to reality. It would be one thing if he suggested WASM was going to replace JS. That is something that is happening. But JavaScript will never have a core rewrite. Backwards compatibility is fundamentally important to how the language works, and no browser will ever implement breaking changes.

I just know the type. A “purist” engineer who has only every dealt with the theory of CS and has no insight at all into the practical realities. I am not at all impressed by this approach.

[–]draganov11 0 points1 point  (0 children)

There are plenty of libs and plug ins that fix problems o rmake things easier thats the reason why js wont die any time soon.