-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Emulate NodeJS, supporting its API and modules for advanced server-like features #3
Comments
What are that advanced features that require NodeJs? And why not support PHP? This would directly support "advanced features from PHP servers". And also Python and other programming languages. But this would be not secure. Even if users authorize this, they still don't know what code will run. And you can already do most of the things just with JavaScript and ZeroFrame API. If those features are to just use the syntax of other programs (NodeJs, PHP, Python, C) with some additional third-party packages, it would be better to compile them with Emscripten to WebAssemby which can be used in websites. And if you would need some other features, it would be better and safer to use WebAssemby System Interface which would allow the running program in any language on any computer, but with restricted access to the computer. |
Most server-wide usage relies on NodeJS, and it is growing over PHP. But, yes, I agree about it isnt secure, so is better improve the ZeroFrame API. |
But PHP has improved a lot, and it is still widely used. If we really want to support running additional languages, it would be better to use something that supports multiple (like WebAssembly). But it is better to improve ZeroFrame API.
Do you have any specific suggestions and features to improve in ZeroFrame API? |
Not only for ZeroFrame. Things servers haves:
|
There are others I cant remember |
Ok, these are really some missing features. I think that best way to support other languages would be to use WebAssembly (WASM) or WebAssemby System Interface (WASI). With that, you would be able to run every language that can compiles to WASM in portable and secure way. With WASI, you would even be able to interact with system resources (like files) in secure way. Unfortunantly, WASI is still in proces of developing so some things are currently not implemented. But in (near?) future, it could be best way to do those things. There is Python library for executing WebAssembly binaries. This would probably be best way to do this. |
This plugin is called BackgroundProcessing because it allows running things in the background without having to have a browser open. It allows for lots of very useful things, but most users don't need it right now. Also, it actually does go through the code to restrict things. |
You can run WebAssembly in the background with Python library.
I saw that. But if NodeJs would just be started as another command (which this blog post does) it would not be restricted. |
Sure, if this allowed running separate commands - but afaik it doesn't - you can't import anything you want - BackgroundProcessing only allows a whitelist of things you can import. |
BackgroundProcessing was created as a plugin aimed at security. Its point is to whitelist as much as possible to make sure site owner can't break anything except his site.
Mostly, NodeJs runtime. Also modules support (i.e. require)
Because a. this plugin works by compiling Python code into safe Python code, and b. the advanced features of PHP are mostly connected to client-server architecture, while we use P2P.
If you read the code, you would notice that Python is actually the only supported language for now. Other languages would be supported by transpiling them (and their runtime) to Python.
That's why BackgroundProcessing exists - it sandboxes the code.
You can't do anything in background from browser JavaScript.
This is a good idea, but afaik wasi is not ready yet. Also we want the ZeroFrame API to be easy to use, which is easy to do in Python but difficult to do if ZeroFrame has to be implemented via syscalls.
ZeroFrame is a small piece that glues UiWebsocket and the script together. So there's nothing to improve in this glue. Can you give an example of what you're talking about so that I could understand it?
...what? First, this is not something that servers do, it's what cgi scripts do. Second, the ZeroNet way is to do such stuff in client. And, personally, I don't see any problems with this.
a. What is realtime clock at all? b. That's definitely not something that servers support themselves, c. Don't you have access to date and time from JavaScript?
This is a problem, but it is a problem of ZeroNet core, not its everything-in-browser architecture.
Thank god someone witn decent knowledge came to this issue.
Currently, background scripts are compiled directly into python bytecode. WebAssembly would be a lot slower. |
With it, ZeroNet zites can have the most advanced features from PHP servers, but with NodeJS/distributed way
And users can authorize it or not
The text was updated successfully, but these errors were encountered: