[erlang-questions] Two beautiful programs - or web programming made easy
Tue Feb 15 03:38:00 CET 2011
2011/2/14 Frédéric Trottier-Hébert <fred.hebert@REDACTED>
> On 2011-02-14, at 18:38 PM, Ryan Zezeski wrote:
> 2011/2/14 Frédéric Trottier-Hébert <fred.hebert@REDACTED>
>> This has *nothing* to do with encryption, and everything to do with not
>> understanding the potential threats of the web correctly. It is an
>> application-level issue, much like XSS is. And it's pretty damn important.
> Except when it isn't.
> You make a very impressive summarization of web security problems, but
> there are many apps where these problems go away because they simply, don't,
> matter. For example, how about building a new interface to the appmon
> application using this with Raphael or Protovis? Do I really need to worry
> about all this crap? I'd argue, no. If I'm using appmon it's behind a
> firewall and I trust the user to be competent. Just like 'rm -f 'in unix.
> Plus, who gives a sh*t (pardon my French) about a hijacked session when
> someone else just cracked your gateway because of default passwords. My
> point being, there are so many doors, and this focuses on one. Getting it
> right is very hard, and thus very costly, and that's why I think the first
> thing to ask is "Does this even need to be secure?" Given enough time,
> anything can be had.
> I won't argue with this. You're right on this. Again I'll repeat myself by
> saying that as a general (and generic) pattern, the eval() in Joe's code
> worries me. Individual cases can be tested and proven safe on an individual
> basis without too much trouble.
> If nothing else Joe has stumbled upon a way to rapidly produce nice-looking
> and feature rich GUIs in Erlang, and yet it seems everyone has somehow
> missed this point and focused on security and support and whatnot. I'm glad
> there are Joe's in the world, otherwise it would be a pretty boring place.
> Don't let perfect get in the way of good enough. As Joe said, life is too
> [expletive deleted] short.
> There is nothing wrong with what Joe is doing. There is nothing wrong with
> general and we shouldn't reinvent the wheel all the time because we might be
> coming from a different domain or we don't have the same experience as real
> web developers have.
> You only have to look into what people are doing with node.js. Just look
> at this example:
> These guys are doing session sharing over the browser (including mouse
> movement and everything).
> You can also look at the nodeknockout as a whole:
> http://nodeknockout.com/teams (some links are now dead). These include
> multiplayer browser games, chat systems, drawing applications, charts, etc.
> Dreamers and innovators are at work on the web already, they're just not
> necessarily doing it with Erlang.
> They are doing that kind of explorative nice-looking innovation we all find
> awesome (even if they likely don't do it 100% safe either).
> I'm sorry if I sounded patronising or just bossy around this discussion,
> it's just that there are fantastic ideas to be inspired from in what is done
> by these programmers all the time. They usually do it cleaner, safer and
> smarter. At least on the client side.
> If people can learn from Erlang when it comes to heavily concurrent and
> fault-tolerant applications, Erlang programmers can certainly learn from
> other domains when the developers working there are more specialised at what
> they do than we could be as a community in here.
> Fred Hébert
Thanks for the links, very cool stuff.
I think reinventing the wheel is a good thing. The thing is, it's not
really reinventing, but rather constant refinement. I mean, lets take the
literal wheel, you know the rubber tires found on cars. They've been around
for a long time, and you would think everything that can be said or done
with a wheel has already been done, yet tires improve every year to get
maximal traction in the dry while maintaining grip in the wet. While Joe's
discovery, on the whole, is not revolutionary, it is a twist on common
practice. At least, in the small world of Erlang GUIs.
I think your point about learning from others is _spot_ on, and I honestly
think that's just what has happened here. Joe took a look at websockets, a
look at Erlang's msg passing, and went "What happens when I put the two
together?" Bam! New way to think about interfacing Erlang with the
At least, that's what I see, and I think it's pretty cool. I look forward
to seeing what comes out of this. I only hope that I may, for once,
contribute something myself, rather than just talk about it :)
More information about the erlang-questions