[Seaside] Seaside done?
Smalltalk
smalltalk at adinet.com.uy
Fri Apr 10 01:33:33 UTC 2020
Hi,
You can use Seaside REST on the server and any JS client framework to
consume that services.
But i think this architecture is much expensive that generating all code
on the server side.
regards,
bruno
On 09/04/2020 18:40, Jerry Kott wrote:
> I concur. Seaside is a great framework, and those who build and
> maintain it deserve our thanks.
>
> However, I think the question was not whether it works, but what’s the
> current development status and whether it’s going anywhere. Without
> diminishing the effort of those why try to keep it current, I think
> it’s important to understand both the strength and the weaknesses.
>
> Seaside is a fantastic framework to dynamically generate HTML that is
> in sync with the application state - continuations etc. The semantic
> that closely resembles HTML is great. That said, I think that like
> Smalltalk in general, Seaside’s destiny is to be a niche framework
> with a limited use mostly in tightly controlled internal environments
> like the one Bob describes.
>
> ‘It just works’ for a fairly narrow range of scenarios. It’s fine for
> an internal web application (with some limitations) but I wouldn’t use
> it for anything that requires a large-volume, security sensitive web
> app available publicly over the Internet. Here are my reasons, and to
> be clear - this is not intended as a criticism of those who dedicate
> their time and skill to keep it running:
>
> Seaside security is fairly poor. It doesn’t offer any protection
> against CSRF attacks or session hijacking. The built-in basic
> authentication only supports MD5-hashed password which has not been
> considered secure since 2004. Using other authentication mechanisms is
> non-trivial and can lead to deploying catastrophically insecure
> application (don’t ask me how I know).
>
> Seaside use of third-party JS libraries gives you two options: use a
> Seaside library that wraps the original JS, or use JS directly. The
> first option emits JS code that is several years behind (current
> Seaside jQuery is from 2017?), in most cases with known vulnerablities
> that are fairly easily exploitable. The second option robs the
> developer of all the nice application state integration capabilities.
> Both options lead to incredibly ugly JS code on the client side. Now -
> some people think that’s not a problem. I disagree - in a modern web
> application you need to be able to develop and debug at least
> partially in the web browser, and your JS readability will directly
> affect both your productivity and the quality of your code.
>
> Last but not least, handling of volume has been issue. I don’t have
> experience with a deployed Seaside app on Pharo, but I know that on VW
> you quickly reach a point where your app performance suffers even with
> a couple hundred users. With GS, you need a multitude of Gems to
> handle even relatively modest load. I think this would be probably the
> worst weakness - today’s web apps are built for tens of thousands of
> concurrent users, and even with the use of a load balancer, this would
> be a limiting factor for anyone considering the deployment of a
> globally reachable web app.
>
> Would I consider Seaside for a low-volume, tightly controlled internal
> web app? Absolutely. I would even use it for a publicly accessible web
> app in a geographically limited market and no sensitive data. But
> despite my admiration for the work that has been done, I would advise
> anyone against using it for anything ’serious’ on the open internet.
>
> In that sense, I think Seaide is ‘done’ and not going anywhere. It can
> be maintained and incrementally improved for sure, but I don’t expect
> any new features that would make it feasible for a large scale app
> delivered to the masses.
> *Jerry Kott*
> This message has been digitally signed.
> PGP Fingerprint:
> A9181736DD2F1B6CC7CF9E51AC8514F48C0979A5
>
>
>
>> On 09-04-2020, at 8:30 AM, Bob Nemec <bobn at rogers.com
>> <mailto:bobn at rogers.com>> wrote:
>>
>> FWIW: we are continuing to run and build a large (600+ users)
>> enterprise 100% Smalltalk Seaside application running on GemStone. I
>> don't post on this list mostly because I don't have issues with
>> Seaside. It just works. GemTalk has been excellent in supporting our
>> GS specific Seaside issues (which would be of little interest here).
>>
>> Much thanks to those that build and maintain Seaside.
>>
>> Bob Nemec
>> KORE / HTS
>>
>>
>> On Friday, March 27, 2020, 12:34:52 a.m. EDT, John Pfersich
>> <jpfersich at gmail.com <mailto:jpfersich at gmail.com>> wrote:
>>
>>
>> Besides, Discord ain’t the greatest app for security-minded people.
>> Can’t make a connection using my VPN without major headache. And Cox
>> does monitor my traffic. Half a VPN is better than none.
>>
>> /————————————————————/
>> For encrypted mail use jgpfersich at protonmail.com
>> <mailto:jgpfersich at protonmail.com>
>> Get a free account at ProtonMail.com <http://ProtonMail.com>
>> Web: https://objectnets.net and https://objectnets.org
>> https://datascilv.com https://datascilv.org
>>
>>
>>> On Mar 26, 2020, at 10:55, BrunoBB <smalltalk at adinet.com.uy
>>> <mailto:smalltalk at adinet.com.uy>> wrote:
>>>
>>> I prefer the mailing list to instant messaging, since it leaves a log
>>> in some archive and works as rudimentary knowledge base that even so,
>>> saved many of us several times.
>>> ***************************************************************
>>>
>>> Totally Agree !!!
>>>
>>>
>>>
>>> --
>>> Sent from: http://forum.world.st/Seaside-General-f86180.html
>>> _______________________________________________
>>> seaside mailing list
>>> seaside at lists.squeakfoundation.org
>>> <mailto:seaside at lists.squeakfoundation.org>
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>> _______________________________________________
>> seaside mailing list
>> seaside at lists.squeakfoundation.org
>> <mailto:seaside at lists.squeakfoundation.org>
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>> _______________________________________________
>> seaside mailing list
>> seaside at lists.squeakfoundation.org
>> <mailto:seaside at lists.squeakfoundation.org>
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
>
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/seaside/attachments/20200409/88f4726c/attachment.html>
More information about the seaside
mailing list