<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<p>You can use Seaside REST on the server and any JS client
framework to consume that services.<br>
But i think this architecture is much expensive that generating
all code on the server side.</p>
<p>regards,<br>
bruno<br>
</p>
<div class="moz-cite-prefix">On 09/04/2020 18:40, Jerry Kott wrote:<br>
</div>
<blockquote type="cite"
cite="mid:5A4848A4-0A00-47B4-BD77-2800F71B4CB8@image-ware.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div class="">I concur. Seaside is a great framework, and those
who build and maintain it deserve our thanks.</div>
<div class=""><br class="">
</div>
<div class="">However, I think the question was not whether it
works, but what’s the current development status and whether
it’s going anywhere. Without diminishing the effort of those why
try to keep it current, I think it’s important to understand
both the strength and the weaknesses.</div>
<div class=""><br class="">
</div>
<div class="">Seaside is a fantastic framework to dynamically
generate HTML that is in sync with the application state -
continuations etc. The semantic that closely resembles HTML is
great. That said, I think that like Smalltalk in general,
Seaside’s destiny is to be a niche framework with a limited use
mostly in tightly controlled internal environments like the one
Bob describes.</div>
<div class=""><br class="">
</div>
<div class="">‘It just works’ for a fairly narrow range of
scenarios. It’s fine for an internal web application (with some
limitations) but I wouldn’t use it for anything that requires a
large-volume, security sensitive web app available publicly over
the Internet. Here are my reasons, and to be clear - this is not
intended as a criticism of those who dedicate their time and
skill to keep it running:</div>
<div class=""><br class="">
</div>
<div class="">Seaside security is fairly poor. It doesn’t offer
any protection against CSRF attacks or session hijacking. The
built-in basic authentication only supports MD5-hashed password
which has not been considered secure since 2004. Using other
authentication mechanisms is non-trivial and can lead to
deploying catastrophically insecure application (don’t ask me
how I know).</div>
<div class=""><br class="">
</div>
<div class="">Seaside use of third-party JS libraries gives you
two options: use a Seaside library that wraps the original JS,
or use JS directly. The first option emits JS code that is
several years behind (current Seaside jQuery is from 2017?), in
most cases with known vulnerablities that are fairly easily
exploitable. The second option robs the developer of all the
nice application state integration capabilities. Both options
lead to incredibly ugly JS code on the client side. Now - some
people think that’s not a problem. I disagree - in a modern web
application you need to be able to develop and debug at least
partially in the web browser, and your JS readability will
directly affect both your productivity and the quality of your
code.</div>
<div class=""><br class="">
</div>
<div class="">Last but not least, handling of volume has been
issue. I don’t have experience with a deployed Seaside app on
Pharo, but I know that on VW you quickly reach a point where
your app performance suffers even with a couple hundred users.
With GS, you need a multitude of Gems to handle even relatively
modest load. I think this would be probably the worst weakness -
today’s web apps are built for tens of thousands of concurrent
users, and even with the use of a load balancer, this would be a
limiting factor for anyone considering the deployment of a
globally reachable web app.</div>
<div class=""><br class="">
</div>
<div class="">Would I consider Seaside for a low-volume, tightly
controlled internal web app? Absolutely. I would even use it for
a publicly accessible web app in a geographically limited market
and no sensitive data. But despite my admiration for the work
that has been done, I would advise anyone against using it for
anything ’serious’ on the open internet.</div>
<div class=""><br class="">
</div>
<div class="">In that sense, I think Seaide is ‘done’ and not
going anywhere. It can be maintained and incrementally improved
for sure, but I don’t expect any new features that would make it
feasible for a large scale app delivered to the masses.</div>
<div class=""> </div>
<div class="">
<div class=""><b class="">Jerry Kott</b></div>
<div style="font-size: 9px;" class="">This message has been
digitally signed. </div>
<div style="font-size: 9px;" class="">PGP Fingerprint:</div>
<div style="font-size: 9px;" class="">A9181736DD2F1B6CC7CF9E51AC8514F48C0979A5</div>
<div class=""><br class="">
</div>
<br class="Apple-interchange-newline">
</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">On 09-04-2020, at 8:30 AM, Bob Nemec <<a
href="mailto:bobn@rogers.com" class=""
moz-do-not-send="true">bobn@rogers.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">
<div class="ydp3c01838ayahoo-style-wrap"
style="font-family:lucida console,
sans-serif;font-size:13px;">
<div dir="ltr" data-setdir="false" class="">FWIW: we are
continuing to run and build a large (600+ users)
enterprise 100% Smalltalk Seaside application running
on GemStone. I don't post on this list mostly because
I don't have issues with Seaside. It just works.
GemTalk has been excellent in supporting our GS
specific Seaside issues (which would be of little
interest here). </div>
<div dir="ltr" data-setdir="false" class=""><br class="">
</div>
<div dir="ltr" data-setdir="false" class="">Much thanks
to those that build and maintain Seaside. <br class="">
<br class="">
</div>
<div dir="ltr" data-setdir="false" class="">Bob Nemec</div>
<div dir="ltr" data-setdir="false" class="">KORE / HTS</div>
<div dir="ltr" data-setdir="false" class=""><br class="">
</div>
<div class=""><br class="">
</div>
</div>
<div id="yahoo_quoted_6701779557" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica,
Arial, sans-serif;font-size:13px;color:#26282a;"
class="">
<div class=""> On Friday, March 27, 2020, 12:34:52
a.m. EDT, John Pfersich <<a
href="mailto:jpfersich@gmail.com" class=""
moz-do-not-send="true">jpfersich@gmail.com</a>>
wrote: </div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div id="yiv4043843184" class="">
<div class="">Besides, Discord ain’t the greatest
app for security-minded people. Can’t make a
connection using my VPN without major headache.
And Cox does monitor my traffic. Half a VPN is
better than none.<br class="" clear="none">
<br class="" clear="none">
<div dir="ltr" class=""><span
style="font-size:13pt;" class="">/————————————————————/</span>
<div class=""><span style="font-size:13pt;"
class="">For encrypted mail use <a
href="mailto:jgpfersich@protonmail.com"
class="" moz-do-not-send="true">jgpfersich@protonmail.com</a></span>
<div class="">Get a free account at <a
href="http://ProtonMail.com" class=""
moz-do-not-send="true">ProtonMail.com</a></div>
<div class="">Web: <a
href="https://objectnets.net" class=""
moz-do-not-send="true">https://objectnets.net</a>
and <a href="https://objectnets.org"
class="" moz-do-not-send="true">https://objectnets.org</a></div>
</div>
<div class=""><a href="https://datascilv.com"
class="" moz-do-not-send="true">https://datascilv.com</a>
<a href="https://datascilv.org" class=""
moz-do-not-send="true">https://datascilv.org</a></div>
<div class=""><br class="" clear="none">
</div>
</div>
<div dir="ltr" class="">
<div class="yiv4043843184yqt0608629156"
id="yiv4043843184yqtfd63970"><br class=""
clear="none">
<blockquote type="cite" class="">On Mar 26,
2020, at 10:55, BrunoBB <<a
href="mailto:smalltalk@adinet.com.uy"
class="" moz-do-not-send="true">smalltalk@adinet.com.uy</a>>
wrote:<br class="" clear="none">
<br class="" clear="none">
</blockquote>
</div>
</div>
<div class="yiv4043843184yqt0608629156"
id="yiv4043843184yqtfd21372">
<blockquote type="cite" class="">
<div dir="ltr" class=""><span class="">I
prefer the mailing list to instant
messaging, since it leaves a log</span><br
class="" clear="none">
<span class="">in some archive and works
as rudimentary knowledge base that even
so,</span><br class="" clear="none">
<span class="">saved many of us several
times.</span><br class="" clear="none">
<span class="">***************************************************************</span><br
class="" clear="none">
<span class=""></span><br class=""
clear="none">
<span class="">Totally Agree !!!</span><br
class="" clear="none">
<span class=""></span><br class=""
clear="none">
<span class=""></span><br class=""
clear="none">
<span class=""></span><br class=""
clear="none">
<span class="">--</span><br class=""
clear="none">
<span class="">Sent from: <a
href="http://forum.world.st/Seaside-General-f86180.html"
class="" moz-do-not-send="true">http://forum.world.st/Seaside-General-f86180.html</a></span><br
class="" clear="none">
<span class="">_______________________________________________</span><br
class="" clear="none">
<span class="">seaside mailing list</span><br
class="" clear="none">
<span class=""><a
href="mailto:seaside@lists.squeakfoundation.org"
class="" moz-do-not-send="true">seaside@lists.squeakfoundation.org</a></span><br
class="" clear="none">
<span class=""><a
href="http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside"
class="" moz-do-not-send="true">http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside</a></span><br
class="" clear="none">
</div>
</blockquote>
</div>
</div>
</div>
<div class="yqt0608629156" id="yqtfd25054">_______________________________________________<br
class="" clear="none">
seaside mailing list<br class="" clear="none">
<a shape="rect"
ymailto="mailto:seaside@lists.squeakfoundation.org"
href="mailto:seaside@lists.squeakfoundation.org"
class="" moz-do-not-send="true">seaside@lists.squeakfoundation.org</a><br
class="" clear="none">
<a shape="rect"
href="http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside"
target="_blank" class="" moz-do-not-send="true">http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside</a><br
class="" clear="none">
</div>
</div>
</div>
</div>
</div>
_______________________________________________<br class="">
seaside mailing list<br class="">
<a href="mailto:seaside@lists.squeakfoundation.org" class=""
moz-do-not-send="true">seaside@lists.squeakfoundation.org</a><br
class="">
<a class="moz-txt-link-freetext" href="http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside">http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
seaside mailing list
<a class="moz-txt-link-abbreviated" href="mailto:seaside@lists.squeakfoundation.org">seaside@lists.squeakfoundation.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside">http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside</a>
</pre>
</blockquote>
</body>
</html>