[erlang-questions] Two beautiful programs - or web programming made easy

Masklinn masklinn@REDACTED
Sat Feb 12 15:29:09 CET 2011


On 2011-02-12, at 14:03 , Joe Armstrong wrote:
> As I see it the web is predominantly built with one concurrency pattern.
> 
> A client (web browser) can do an RPC to a server
> 
> We can't (easily)
> 
> do an RPC from the server to the client
> send an asynchronous message from server to client
> send an asynchronous message from the client to the server
This is incorrect. HTTP does not support "push" messaging (from a server to a client), but the main (and default) communication mechanism in Javascript is asynchronous (and event-driven). Unless you have a very different definition of "asynchronous message" than the one I'm used to.

In fact, synchronous RPC-type calls are definitely frowned upon as they create terrible use experience (due to in-browser javascript being a purely single-threaded event loop).

> Turning web sockets off for security reasons is stupid.
> 
> The solution is to sandbox the thing that receives the messages
> or if unsandboxed strongly authenticate the messages.
I don't follow you here. You're saying it's OK to release broken standards (even though they're fixable) and asserting that every implementor should go through the process of creating his own broken sandbox which will fail to be correctly secured?


More information about the erlang-questions mailing list