Java Applets are Good Examples of Bad Web Design
The way I see it, there are three basic types of experienced individuals involved in web development: the developer, the web developer, and the web designer.
Granted, we’ve all seen (or been stalked by) individuals that don’t fit into any of the three categories; members of this fourth group are the people that give the web a bad name. These self-proclaimed web designers are recent acquirers of any basic graphics editing software who sell their services for $100 to their Aunt Sally, offering to create her a website on her beloved dog Fluffy. Unfortunately, Aunt Sally thinks that the “website” is terrific and plants the seeds of further web çráp in the mind of the non-designer. I mean, who in their right mind creates a website with dark blue lettering on a black background?! These inexperienced people are as far from being web designers as I am from being a Playboy bunny.
Web designers are the graphic guys, the really creative ones that create visually stunning layouts. Unfortunately, they often have no concept of usability or user interface design even though they really should. On the other hand, professional developers are the programmers, the guys that live and breathe C++, C#, or Java. They, too, have no concept of usability or user interface design, although it is questionable whether they should understand it because they are hopefully kept a long, long way from the implementation of the user interface. Web developers are the marriage of the two, people who have the visual acuity as well as the experience to know what can and can not be done, sometimes even what should and should not be done. Really experienced web developers understand the missing piece that complete the successful web development pie: usability and user interface design.
Which finally leads me to the discuss of applets. Applets are bad. Repeat the previous sentence 10 times, hopefully out loud in a crowded room of web designers and developers. Applets create confusion for users. Applets are slow to load. Applets are usually frivolous and unnecessary. Don’t use an applet just because you can! Applets are bad. Applets are bad. Applets are bad. Say it another 10 times just to make sure it sticks.
“[One of the] Ten New Mistakes of Web Design: [Using] applets where plain or Dynamic HTML would have done the trick.” — Jakob Nielsen (THE authority on web design)
“Java applets: They take forever to download and contribute nothing in the way of actual content. Sometimes they offer the added bonus of crashing your browser or providing a mouse hole for “malicious content” (i.e., viruses).” — Information Today
“Applets are usually inaccessible and sometimes unsupported [by browsers]. Always provide alternatives.” — Microsoft Usability Research Department
“Java applets are bad news, and have always been bad news. They were a hack that awkwardly solved a temporary problem with Web client dynamics, a problem that has since been more elegantly solved by DHTML scripting.” — JavaWorld
“If you can avoid using Java Applets, do so.” — J.P. Thiel (Computer Security Analyst)
“All applets from all sources, whether signed or not, can read and write files in /usr/tmp.” — Attacks from Outside the Operating System, Prentice Hall
“Ensure that pages are usable without support for applets.” — Irish National Disability Authority
“Web Site Guidelines: Provide alternatives to all controls and applets.” — Microsoft Developers Network, Cabrillo College, Purdue University, University of Illinois, University of Bath, Arkansas State University, Clemson University, University of Wisconsin, University of Melbourne, Indiana University, Tennessee Technological University, Illinois Center for Instructional Technology Accessibility
“Ensure that pages are usable when applet [support] is turned off.” — W3C, Swinburne University, University of Arkansas, Southern Illinois University, University of Washington, Lancaster University, Arkansas Office of Information Technology, Illinois Center for Instructional Technology Accessibility, Royal National Institute of the Blind, California Polytechnic State University, Frostburg State University, Humboldt State University, State University of New York, NSW Government Chief Information Office
“You should consider removing all applets from your websites.” — IBM Accessibility Center
“Avoid using applets.” — University of California, Berkeley
“Applets introduce usability and deployment issues.” — Apple Computer Developer Connection
Developers often use applets just because they can or, worse, because they don’t know how to do it another way. Don’t fall into the uneducated and unprofessional trap of using applets when some well-thought-out DHTML will do. Spread the word. Yes, I wrote this because I have recently had fruitless discussions and arguments with a roomful of various-level developers and junior management. Being new to the company, my extensive experience is somewhat disregarded when my recommendations conflict with the current path of “development”…
[To those who care, this is blog entry #400 -- Another monumental milestone!]
ROFL! Buy a better flat-panel monitor and stop whinging!
Careful. Your accent is showing.
Why don’t they remove this useless feature of this fantastic language: Java.
I agree 100% with you, and the others you listed, regarding the use of applets.
I agree on some issues, but not all! Explain me just one thing. Imagine that you want to give the user total privacy like generating a random number which is know only by him, how do you perform this (are out there alternatives, if there are tell where)? Don’t tell me that u do it with servlets or jsps!!! I want total privacy…you can’t get that with jsp or servlets because they work over the host server so there is chances of someone see the information like a server administrator.
You’re not painting enough of a picture for me to understand your hypothetical scenario. All I have so far is that you want to generate a random number. You can securely use anything from JavaScript (client-side) to JSPs (server-side) to do that.
I’m not a webdesigner
Ok, let’s see this scenario. I’m using a voting system, to protect the voter privacy on every stages i can’t use javascript and jsp’s or servlets for every thing. And why? Because i’ve to let the user cipher is vote to protect all information including from the servers that process the vote(is more complicated than this, but let not complicate things). To perform this i’ve to give the jar to the voter, i think that i’m not wrong when i say that is unthinkable to do this with javascript. And why not use jsp’s or servlets? Because as i writed before information could get caught by the system administrator(example)…i’m not talking about passing it, for that you use ssl. Why the applet? Because with applets i can delivery the jars on the voter and he can perform all with total privacy. Maybe this is a special case…but special cases exist. If i could do it some other way, you can be certain that i would, because as you say applets are SLOW and they can give serious problems on runtime that can be very or almost impossible to debug.
Sorry, but that scenario makes absolutely no sense. You want the user to vote on something, but then for some reason encrypt the vote to prevent the server that is intended to process the vote from actually reading the vote — all so that the system administrator is prevented from intercepting and reading the vote? Like he can’t take a look at the database or view the flat files?
Second, transmitting the data via SSL will not prevent prying eyes from reading the vote. My company produces an appliance that reads all network packets, reconstitutes them into their original format, and extracts data out of any file format — encrypted or not, and either sent in the clear or via SSL. And, there are hundreds of hacking utilities out there that will record packets for later, off-line processing.
And what the heck is the voter supposed to do with the JAR file?!
On a election (a real one) a vote can not be read until the election ends. Voter privacy has to be preserved. Only the voter should know is choice. To preserve all of this you have to use blind signatures and ciphers, so that anyone or anything including the services that process the vote shouldn’t be able to read the vote information. The vote is decrypted when election ends and counted, for this the election comission uses the private key in their possession generated at the time of the election creation.
What has database and flat files to do with this??? Even if the votes were saved on a database or flat files without the private key to decrypt them what could you read?!?!
And then without applets how could you give the voter the necessary privacy? Would you do it using jsp or servlets? For what i know jsp’s or servlets work over a server, so it was the server encrypting the votes then why encrypt them if the vote information was already knew by the server?!?!? Where is the privacy?
The JAR file contains the necessary classes to perform blind signatures and ciphers. This jar is delivered whith the applet on the client(voter).
How can you decrypt something encrypted with an asymetric cipher using keys size of 2048? How many years would you take it?
Here ssl is only used to passed the encrypted vote strengthening security.
The scenario only makes senses if you know what voting systems are. Voting systems are not page counters or only counters. I’m talking about real voting systems to real elections and not what you see in some web pages that ask you to vote on a blue color or white color.
OK, gotcha. Now I have a much better picture of what you’re trying to do. Under the required assumption that the voting machines are set up, pre-configured, pre-loaded, and controlled entirely by the appropriate voting authority and this is not an application designed to allow voters to cast their votes from home on their personal computer, then, yes, this is a very good example of a legitimate use of applets.
Granted, you could do the same thing with Flash, but you’d lose the advantage of a common code base.