[Seaside] Swazoo as reverse proxy?

[Jimmie Houchin]

Giovanni Corriga wrote:
> Janko Mivšek ha scritto:
>>
>> Boris Popov wrote:
>>> Don't get me wrong, but aren't you setting yourself on the path of
>>> having to re-implement much of Apache and Co?
>>
>> Not everything, just most needed stuff, for us Smalltalkers, that is :)

Besides that, everybody re-implements themselves all the time. Did not
Apache redo much of what it did when going from 1 to 2? Are they not
continuing to do so as they seek to improve themselves?

As Apache and any other tool continue to develop, adding features,
removing cruft, rewriting things better, they to overtime have rewritten
much of what was, is and will be. :)

I believe that many such things if they were in Smalltalk would
ultimately be much more maintainable and hopefully capable.

If Apache, et al., were all written in Smalltalk, bug fixing, security
auditing and fixing of security problems, etc. would be much easier.

Most of us are here because we believe that Smalltalk is a superior
language and environment to model and develop simple and complex
applications in. If that is not so, then why are we here?

The world of software is a moving target. Apache is not standing still,
nor is Apache alone in the world of web servers. Nor has development of
other servers ceased because we have a quality web server in Apache.

So why should we not continue to improve the tools that we have control
over, can fix bugs in, etc.? Does anyone here wish to audit Apache for
bugs or security problems? No. Does Apache have bugs and security
problems? Quite possibly. Software isn't perfect.

> Isn't that a little too NIHish? ;)

I don't think so. There are advantages to having things implemented in
the language or environment you use. It isn't so much that Apache wasn't
written by our community but rather isn't natively usable by our natural
tools and environments. There is tremendous benefit and synergy for
staying in the Smalltalk environment and tool chain. Swazoo provides for
the Smalltalk developer capabilities that Apache does not.

I am not a professional programmer. I have limited time to study, learn,
use the software tools at my disposal. I am greatly advantaged to be
able to stay in Smalltalk. Everything I learn is applicable to anything
else I do. Not so with learning, Python, Django, Plone, Apache, wsgi,
PostgreSQL, subversion, Squid, Varnish, Memcache, and on and on. Just to
mention some other available options.

We have the option of learning from others successes and failures.

Swazoo doesn't need to be Apache. It doesn't need to interface with any
other languages. There are many Apache features that are not relevant
when web serving is kept in the Smalltalk context. But within that
context we can be reasonably competitive with most anything that Apache
and ???? have to offer.

Swazoo would have the advantages of being smaller and simpler in
implementation to Apache, et al., while offering similar feature to
users of Smalltalk. Thereby providing us with a solution that is better
for auditing and securing.

Then there is the oft heard argument even here in the Seaside list,
premature optimization. I will argue that it is often premature
optimization to go with Apache.

What does Apache buy us? Performance, security.
Performance, we'll grant you. But if that is the sole reason, then you
may be optimizing prematurely.
Security. Apache should be reasonable secure. But are you saying Swazoo
is not?

Apache is a very complex piece of software. Security is not a guarantee
just because you use Apache.
http://httpd.apache.org/security_report.html links to several pages with
security vulnerabilities in Apache.

Even Apache 1.3 still has things being discovered.
 Update Released: 19th January 2008
 Affects: 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32,
1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19,
1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2,
1.3.1, 1.3.0

And this is on a piece of software very old and reasonably locked down.

I have great respect for Apache and would not rule out using it. But
neither do I believe that its use is expected, anticipated or required
justs because it exists and is a common default web server.

Enough ranting and rambling.

Smalltalk enables people in ways that other software does not. The more
we can remain within our enabling technology and accomplish the things
we seek to do the better. When we have to step out in order to be
enabled then fine. If not, then why?

I just believe that with Smalltalk we can often do better than what
currently exists. If we have someone willing and able, then we ought to
cheer them on. It improves and enhances our ecosphere, not diminishes
it. Nor does it diminish the accomplishments of Apache or any other such
software NIH. (NIH could be read in this context, Not Implemented Here)

Whew!

Jimmie