Python or Java for scalable web applications

[u0206397]

Would you choose Python (with Django) or Java (with Spring?) for building a web application?

At the enterprise level, scalability, security, performance and a clean code base are important for an extensible software. Are Python and Java pretty evenly matched and the choice of language/platform is not a big deal after all?

Also, would a Python or Java web application be easier, cheaper or more compatible to deploy on cloud infrastructure in case a user decides to deploy it on IaaS/PaaS like Amazon Web Service, Google Cloud Platform or Microsoft Azure?

Thoughts and comments are welcome.

Remark: Decides to exclude Microsoft ASP.NET as I want it to be as platform independent as possible, not locked in to Windows ecosystem.

 

[davidktw]

Would you choose Python (with Django) or Java (with Spring?) for building a web application?

At the enterprise level, scalability, security, performance and a clean code base are important for an extensible software. Are Python and Java pretty evenly matched and the choice of language/platform is not a big deal after all?

Also, would a Python or Java web application be easier, cheaper or more compatible to deploy on cloud infrastructure in case a user decides to deploy it on IaaS/PaaS like Amazon Web Service, Google Cloud Platform or Microsoft Azure?

Thoughts and comments are welcome.

Remark: Decides to exclude Microsoft ASP.NET as I want it to be as platform independent as possible, not locked in to Windows ecosystem.

You burn this question inside a crucible, at the end it will only be one thing left - COMPETENCY.

In today modern web landscape, you have large scale web applications designed with Python, .NET, Java, Ruby, Node.JS, ABAP, PHP. So all these languages and maybe a couple more not listed are feasible candidates. Adding on that nowadays Enterprises learnt about all these new languages from online marketing and word of mouth among engineers, they are more open to try out new approach on how to develop softwares.

Scalability is not relevant at programming level. If you are a good software architect, you can use shell script (via CGI) and still create highly scalable web application. Give you a zero overhead multithreading/event-driven programming language, and nothing stop you from creating bottlenecks which doesn't scale.

Security is really not in its entirety a programming language issue. It is largely to do with developers competency to recognise security issues with each programming languages on how you sanitise your inputs and the processing of data, and how to output them properly, along with proper management of credentials and data, good level of isolation, protection, prevention techniques and practices. Use Java and you still get hacked. Good understanding of the intricacies of C/C++ and you know how to practice defensive coding practices to prevent buffer overflow or some other kind of arcane hacking techniques. The programming language and framework can only do so much, but it can't prevent you from coding a rogue application intentionally and unintentionally.

Performance again is developers' onus. Make a wrong choice in your framework, your components/libraries, your architecture, your data structure, your algorithm and your performance will be further away. Java may be faster in a lot of areas than Python, but you can still create tons of bottlenecks in it because you have chosen wrongly in areas above. It is faster, not light years ahead, hence deficiencies in some areas can be made up in other higher level areas. The same applies between Java and C/C++.

Then we need to consider your workforce. Are you considering forming your team from scratch or from a readily available workforce ? Personally my forte are in Java, PHP, Perl, JS@Client, Unix Shell and utilties. Secondary are Node.JS, C/C++, Python. If you were to give me a task, I would be proficient and productive using my forte areas. The same applies for developers in their own domain may it be Node.JS, Python, Ruby and so forth. That is where cost comes in. You make your team, even if they are experienced, going into a new domain or new set of tools, there are always learning curves and time and effort spent into adventuring new tools, new libraries, new frameworks, new techniques and approaches in solving the same set of problems. All these are going to cost that need to be taken into account.

Generally most IaaS cloud are language agnostic. The cost between the languages are really not the most significant costs around, because the real heavy weight costs are in your development and operations. Infra costs while significant is normally not the highest. If you infra is costing you a lot, you would want to look at whether the right approach is used to solve the problem. If the solution is done correctly, it might just use 10 servers, instead of 20 today. That's why good architecture and good understanding of the problem and domain is usually the most crucial cost components as oppose to use a bubblesort or mergesort at deeper level.

Just from my perspective, Java has a strong language design than Python. After all, python is a rather old programming langauge. OOP is not the first line of thought when Python was built. Java was designed with OOP in mind. Hence when it comes to encapsulation and objective design, Java is a clear winner. Python didn't really get much focus until recent years where there is focus on data analytics and AI. Libraries like numpy, scipy and more python integration into this particular field brought attention to it. Otherwise it would have been .NET, Java and perhaps Node.JS. Node.JS was brought in when there is a focus on event-driven approach, which ain't strong areas in .Net and Java, but I think nowadays the game is pretty much levelled. But still those days made a lot of developers competent in these other non-mainstream languages which make the competency stays and flourish. Across the major cloud providers, I would say PHP, Python, Ruby, Java, .NET, Node.JS are safe choices.

 

[cwchong]

Just a remark about you excluding .net due to not wanting to lock in to ms environment; that is not true

In ur own words u listed ms azure

...

 

[davidktw]

Just a remark about you excluding .net due to not wanting to lock in to ms environment; that is not true

In ur own words u listed ms azure

...

Do you mean running .NET app inside a Windows server running in M$ Azure? I think TS was referring to not locked in into Windows, not that it can’t be Windows. TS might also consider Java running in Windows, that might be his intention.

In any case, these days it is either Unices or Windows. Not like the mainstream have other options. If we narrow it down further for web arena, either Linux or Windows. Most these days(politically incorrect) wouldn’t go into Mac, BSD, HP UX, IBM AIX, Opensolaris or other such Unices without some niche environment

 

[cwchong]

Do you mean running .NET app inside a Windows server running in M$ Azure? I think TS was referring to not locked in into Windows, not that it can’t be Windows. TS might also consider Java running in Windows, that might be his intention.

In any case, these days it is either Unices or Windows. Not like the mainstream have other options. If we narrow it down further for web arena, either Linux or Windows. Most these days(politically incorrect) wouldn’t go into Mac, BSD, HP UX, IBM AIX, Opensolaris or other such Unices without some niche environment

U can run .net web apps in azure directly, also in aws

 

[davidktw]

U can run .net web apps in azure directly, also in aws

In Windows Server ? TS is referring to Windows ecosystem.

 

[cwchong]

In Windows Server ? TS is referring to Windows ecosystem.

From developer pov it is agnostic; u dun actually click on anything to spin up an iis, although thats what is probably happening in the background

Not sure how elastic beanstalk does it tho

 

[davidktw]

From developer pov it is agnostic; u dun actually click on anything to spin up an iis, although thats what is probably happening in the background

Not sure how elastic beanstalk does it tho

If you need to run it inside the IIS, how is it platform agnostic? You still need to pay for the license isn’t it? In any case, agnostic is not how easy or apparent that it is using technology X, it is does it depend on technology X

 

[u0206397]

Just a remark about you excluding .net due to not wanting to lock in to ms environment; that is not true

In ur own words u listed ms azure

...

Azure is the umbrella term, marketing term, brand name for all the Microsoft's cloud computing services. It includes IaaS, and you can even spin up your own Linux instances, use Dockers containers, and other open source technologies like Ubuntu, Node.js, PHP etc.

But of course, it likes to promote and push its own technology stack first i.e. Visual Studio, .NET, IIS, Windows, MS SQL Server etc. for application development. And if you're a Microsoft's shop with most/all of your applications on MS technologies, deploying them to the Azure cloud (even directly from the Visual Studio IDE) would be less painful.

For other cloud providers, you have to do more manual work, use some scripts to deploy and jump through more hoops. But they should still work.

Just to clarify, if PaaS is used, all bets are off and lock-in is real. Their technology stack and APIs tend to be proprietary and unique, and shifting a host/cloud provider would need code porting or redevelopment at the minimum. Good luck trying to shift an app between AWS Elastic Beanstalk, Google App Engine and Azure App Service, Cloud Services.

Spoiler

 

[u0206397]

Sometimes the choice of language may lead to a very different outcome. Just saying.

[IRON] How We Went from 30 Servers to 2: Go

 

[davidktw]

Sometimes the choice of language may lead to a very different outcome. Just saying.

[IRON] How We Went from 30 Servers to 2: Go

If you are plainly measuring your cost as such, where is your starting point? If I tell you, they can even squeeze more out if they use C, will you choose C?

These stories are basically rewrite of the engine after you know the direction and behaviour of your project or product. But before you even get to the point where you can make such progression, you need to be somewhere. Otherwise even if you will to start with C, you still screw up at some places having you are in the mist to getting your solution right, not just getting your solution fast.

 

[BlackCube]

You burn this question inside a crucible, at the end it will only be one thing left - COMPETENCY.

In today modern web landscape, you have large scale web applications designed with Python, .NET, Java, Ruby, Node.JS, ABAP, PHP. So all these languages and maybe a couple more not listed are feasible candidates. Adding on that nowadays Enterprises learnt about all these new languages from online marketing and word of mouth among engineers, they are more open to try out new approach on how to develop softwares.

Scalability is not relevant at programming level. If you are a good software architect, you can use shell script (via CGI) and still create highly scalable web application. Give you a zero overhead multithreading/event-driven programming language, and nothing stop you from creating bottlenecks which doesn't scale.

Security is really not in its entirety a programming language issue. It is largely to do with developers competency to recognise security issues with each programming languages on how you sanitise your inputs and the processing of data, and how to output them properly, along with proper management of credentials and data, good level of isolation, protection, prevention techniques and practices. Use Java and you still get hacked. Good understanding of the intricacies of C/C++ and you know how to practice defensive coding practices to prevent buffer overflow or some other kind of arcane hacking techniques. The programming language and framework can only do so much, but it can't prevent you from coding a rogue application intentionally and unintentionally.

Performance again is developers' onus. Make a wrong choice in your framework, your components/libraries, your architecture, your data structure, your algorithm and your performance will be further away. Java may be faster in a lot of areas than Python, but you can still create tons of bottlenecks in it because you have chosen wrongly in areas above. It is faster, not light years ahead, hence deficiencies in some areas can be made up in other higher level areas. The same applies between Java and C/C++.

Then we need to consider your workforce. Are you considering forming your team from scratch or from a readily available workforce ? Personally my forte are in Java, PHP, Perl, JS@Client, Unix Shell and utilties. Secondary are Node.JS, C/C++, Python. If you were to give me a task, I would be proficient and productive using my forte areas. The same applies for developers in their own domain may it be Node.JS, Python, Ruby and so forth. That is where cost comes in. You make your team, even if they are experienced, going into a new domain or new set of tools, there are always learning curves and time and effort spent into adventuring new tools, new libraries, new frameworks, new techniques and approaches in solving the same set of problems. All these are going to cost that need to be taken into account.

Generally most IaaS cloud are language agnostic. The cost between the languages are really not the most significant costs around, because the real heavy weight costs are in your development and operations. Infra costs while significant is normally not the highest. If you infra is costing you a lot, you would want to look at whether the right approach is used to solve the problem. If the solution is done correctly, it might just use 10 servers, instead of 20 today. That's why good architecture and good understanding of the problem and domain is usually the most crucial cost components as oppose to use a bubblesort or mergesort at deeper level.

Just from my perspective, Java has a strong language design than Python. After all, python is a rather old programming langauge. OOP is not the first line of thought when Python was built. Java was designed with OOP in mind. Hence when it comes to encapsulation and objective design, Java is a clear winner. Python didn't really get much focus until recent years where there is focus on data analytics and AI. Libraries like numpy, scipy and more python integration into this particular field brought attention to it. Otherwise it would have been .NET, Java and perhaps Node.JS. Node.JS was brought in when there is a focus on event-driven approach, which ain't strong areas in .Net and Java, but I think nowadays the game is pretty much levelled. But still those days made a lot of developers competent in these other non-mainstream languages which make the competency stays and flourish. Across the major cloud providers, I would say PHP, Python, Ruby, Java, .NET, Node.JS are safe choices.

I think the bold is the key.

 

[chenaz]

U come here to ask for help and I assume that u are not familiar with technology.

Building a enterprise level product is not about language you use. Is about how strong your teams are and testing tools you use to find all the possible exploits.

Most importantly , is about finding the right man doing the right job. Don’t get yourself stuck with unable to find a suitable candidate for your project . Most young developer are familiar and either have or .net or php or java. I don’t think you wanna ended up unable to find a replacement when that person quits and new one have a hard time in learning .

I am in my 30s+ and I don’t even consider python as learning language or even that in my job hunting

Getting a python developer I don’t think is recommended . Support is very little as well.


.Net core is open source and can run on any platform. You may consider this as well.

U need not to be lock down to iis or anything.

.Netcore app is running perfectly on my MAC machine during my testing .

 

[chenaz]

Ultimately, you also need to see what kind and complex of the system you want to build .