Or, how a non-developer can make sense of the terminology we sometimes spout… It all starts from a simple question:
Is .NET a programming language?
No, .NET isn’t a programming language, it’s a framework.
Framework! Like Ruby on Rails!
Yes like Ruby on Rails. A framework is a load of bits of code that someone has packaged up to help developers create applications. Ruby on Rails, .NET, Django and Cake PHP are all examples of frameworks.
So frameworks are libraries?
Not really. A library tends to be focused on a particular piece of functionality – for example you might have a libraries that lets your code talk to Twitter.. In the world of Ruby, libraries are often packaged up into gems – little bundles of functionality which you can add to your app. In fact that’s a good way of looking at a library – just a bolt-on of focused functionality.
Right. So what was a programming language again?
The programming language is where it all starts. A programming language, like C#, Ruby, PHP or Python, is used to write libraries and frameworks. The language, the libraries and the frameworks combine to allow you to write an application.
You need a lot of stuff to get started then…
Well really the programming language is the bare minimum – you could write an application using just those bare essentials. But bolt on a framework like Ruby on Rails and you get things like easier ways to access the database or do localisation, and add a library to speak to Facebook and Foursquare. This enables your application to get up and running much more quickly because you don’t have to write all of that code again. You’re standing on the shoulders of giants; you’re not reinventing the wheel.
But what about security? How do you know all of these frameworks and libraries are safe to use?
Two reasons. Firstly, many libraries and frameworks, such as Ruby on Rails and the vast majority of Ruby gems are open source. This means you can look at the code yourself and check that it’s not malicious. Additionally, hundreds of other eyes are looking at that same code – in the case on Ruby on Rails some of the world’s best coders will have had a hand in developing the framework. Secondly, in the case of frameworks such as .NET, a multi-billion dollar organisation will have developed a rigorous Q&A process with automated testing and security auditing to make sure it lives up to its billing. If Microsoft can rely on .NET to run its business, chances are you can too. And recently even Microsoft has begun open-sourcing its code, so you can review it by eye if you want – all 1 bajillion lines of it.
Surely there’s no way to be sure unless I’ve written it myself though?
Possibly, but chances are you’re more likely to fall into the same holes as other developers – for example creating a web framework which falls prey to XSS vulnerabilities or other such security issues. A peer-reviewed third party framework will have been there and done that, with thousands of developers and users checking it for security problems every single day. Like I said – standing on the shoulders of giants.
Ok. I’m getting it. Language > Library/Framework > Application. So what’s a platform?
Oh God. Well a platform is at the top end of the scale. You build applications on a platform, but a platform itself will likely have been built using a framework. Sometimes platforms are applications as well – applications which provide developer APIs for example. A good example is Facebook – technically it’s a vast application, but it also provides lots of ways for developers to build on top of it and interact with the Facebook application and its users.
Excellent. So this new language we’re writing with Facebook on top of the C# library – when will that be ready?
You mus- Ahem. Well now you know so much, you can write it yourself. Get back to me when it’s done, there’s a good manager.