[Seaside] Seaside done?

Smalltalk smalltalk at adinet.com.uy
Fri Apr 10 01:33:33 UTC 2020 

Hi,

You can use Seaside REST on the server and any JS client framework to 
consume that services.
But i think this architecture is much expensive that generating all code 
on the server side.

regards,
bruno

On 09/04/2020 18:40, Jerry Kott wrote:
> I concur. Seaside is a great framework, and those who build and 
> maintain it deserve our thanks.
>
> However, I think the question was not whether it works, but what’s the 
> current development status and whether it’s going anywhere. Without 
> diminishing the effort of those why try to keep it current, I think 
> it’s important to understand both the strength and the weaknesses.
>
> Seaside is a fantastic framework to dynamically generate HTML that is 
> in sync with the application state - continuations etc. The semantic 
> that closely resembles HTML is great. That said, I think that like 
> Smalltalk in general, Seaside’s destiny is to be a niche framework 
> with a limited use mostly in tightly controlled internal environments 
> like the one Bob describes.
>
> ‘It just works’ for a fairly narrow range of scenarios. It’s fine for 
> an internal web application (with some limitations) but I wouldn’t use 
> it for anything that requires a large-volume, security sensitive web 
> app available publicly over the Internet. Here are my reasons, and to 
> be clear - this is not intended as a criticism of those who dedicate 
> their time and skill to keep it running:
>
> Seaside security is fairly poor. It doesn’t offer any protection 
> against CSRF attacks or session hijacking. The built-in basic 
> authentication only supports MD5-hashed password which has not been 
> considered secure since 2004. Using other authentication mechanisms is 
> non-trivial and can lead to deploying catastrophically insecure 
> application (don’t ask me how I know).
>
> Seaside use of third-party JS libraries gives you two options: use a 
> Seaside library that wraps the original JS, or use JS directly. The 
> first option emits JS code that is several years behind (current 
> Seaside jQuery is from 2017?), in most cases with known vulnerablities 
> that are fairly easily exploitable. The second option robs the 
> developer of all the nice application state integration capabilities. 
> Both options lead to incredibly ugly JS code on the client side. Now - 
> some people think that’s not a problem. I disagree - in a modern web 
> application you need to be able to develop and debug at least 
> partially in the web browser, and your JS readability will directly 
> affect both your productivity and the quality of your code.
>
> Last but not least, handling of volume has been issue. I don’t have 
> experience with a deployed Seaside app on Pharo, but I know that on VW 
> you quickly reach a point where your app performance suffers even with 
> a couple hundred users. With GS, you need a multitude of Gems to 
> handle even relatively modest load. I think this would be probably the 
> worst weakness - today’s web apps are built for tens of thousands of 
> concurrent users, and even with the use of a load balancer, this would 
> be a limiting factor for anyone considering the deployment of a 
> globally reachable web app.
>
> Would I consider Seaside for a low-volume, tightly controlled internal 
> web app? Absolutely. I would even use it for a publicly accessible web 
> app in a geographically limited market and no sensitive data. But 
> despite my admiration for the work that has been done, I would advise 
> anyone against using it for anything ’serious’ on the open internet.
>
> In that sense, I think Seaide is ‘done’ and not going anywhere. It can 
> be maintained and incrementally improved for sure, but I don’t expect 
> any new features that would make it feasible for a large scale app 
> delivered to the masses.
> *Jerry Kott*
> This message has been digitally signed.
> PGP Fingerprint:
> A9181736DD2F1B6CC7CF9E51AC8514F48C0979A5
>
>
>
>> On 09-04-2020, at 8:30 AM, Bob Nemec <bobn at rogers.com 
>> <mailto:bobn at rogers.com>> wrote:
>>
>> FWIW: we are continuing to run and build a large (600+ users) 
>> enterprise 100% Smalltalk Seaside application running on GemStone. I 
>> don't post on this list mostly because I don't have issues with 
>> Seaside. It just works. GemTalk has been excellent in supporting our 
>> GS specific Seaside issues (which would be of little interest here).
>>
>> Much thanks to those that build and maintain Seaside.
>>
>> Bob Nemec
>> KORE / HTS
>>
>>
>> On Friday, March 27, 2020, 12:34:52 a.m. EDT, John Pfersich 
>> <jpfersich at gmail.com <mailto:jpfersich at gmail.com>> wrote:
>>
>>
>> Besides, Discord ain’t the greatest app for security-minded people. 
>> Can’t make a connection using my VPN without major headache. And Cox 
>> does monitor my traffic. Half a VPN is better than none.
>>
>> /————————————————————/
>> For encrypted mail use jgpfersich at protonmail.com 
>> <mailto:jgpfersich at protonmail.com>
>> Get a free account at ProtonMail.com <http://ProtonMail.com>
>> Web: https://objectnets.net and https://objectnets.org
>> https://datascilv.com https://datascilv.org
>>
>>
>>> On Mar 26, 2020, at 10:55, BrunoBB <smalltalk at adinet.com.uy 
>>> <mailto:smalltalk at adinet.com.uy>> wrote:
>>>
>>> I prefer the mailing list to instant messaging, since it leaves a log
>>> in some archive and works as rudimentary knowledge base that even so,
>>> saved many of us several times.
>>> ***************************************************************
>>>
>>> Totally Agree !!!
>>>
>>>
>>>
>>> --
>>> Sent from: http://forum.world.st/Seaside-General-f86180.html
>>> _______________________________________________
>>> seaside mailing list
>>> seaside at lists.squeakfoundation.org 
>>> <mailto:seaside at lists.squeakfoundation.org>
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>> _______________________________________________
>> seaside mailing list
>> seaside at lists.squeakfoundation.org 
>> <mailto:seaside at lists.squeakfoundation.org>
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>> _______________________________________________
>> seaside mailing list
>> seaside at lists.squeakfoundation.org 
>> <mailto:seaside at lists.squeakfoundation.org>
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
>
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/seaside/attachments/20200409/88f4726c/attachment.html>

More information about the seaside mailing list