Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Emulate NodeJS, supporting its API and modules for advanced server-like features #3

Open
danimesq opened this issue Nov 3, 2018 · 10 comments
Open

Emulate NodeJS, supporting its API and modules for advanced server-like features #3

danimesq opened this issue Nov 3, 2018 · 10 comments
Assignees
@purplesyringa
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@danimesq
Copy link

danimesq commented Nov 3, 2018

With it, ZeroNet zites can have the most advanced features from PHP servers, but with NodeJS/distributed way
And users can authorize it or not
@danimesq danimesq mentioned this issue Nov 3, 2018
Closed
@purplesyringa purplesyringa self-assigned this Nov 3, 2018
@purplesyringa purplesyringa added enhancement New feature or request help wanted Extra attention is needed labels Nov 3, 2018
@filips123
Copy link

filips123 commented May 13, 2019
edited

What are that advanced features that require NodeJs?

And why not support PHP? This would directly support "advanced features from PHP servers".

And also Python and other programming languages.

But this would be not secure. Even if users authorize this, they still don't know what code will run.

And you can already do most of the things just with JavaScript and ZeroFrame API.

If those features are to just use the syntax of other programs (NodeJs, PHP, Python, C) with some additional third-party packages, it would be better to compile them with Emscripten to WebAssemby which can be used in websites.

And if you would need some other features, it would be better and safer to use WebAssemby System Interface which would allow the running program in any language on any computer, but with restricted access to the computer.

@danimesq
Copy link
Author

Most server-wide usage relies on NodeJS, and it is growing over PHP. But, yes, I agree about it isnt secure, so is better improve the ZeroFrame API.

@filips123
Copy link

Most server-wide usage relies on NodeJS, and it is growing over PHP.

But PHP has improved a lot, and it is still widely used. If we really want to support running additional languages, it would be better to use something that supports multiple (like WebAssembly). But it is better to improve ZeroFrame API.

I agree about it isnt secure, so is better improve the ZeroFrame API.

Do you have any specific suggestions and features to improve in ZeroFrame API?

@danimesq
Copy link
Author

Not only for ZeroFrame.

Things servers haves:

  • Generation of images
  • Real Time Clock, like used on Windows
  • Live media streamming (already supported by Dat)

@danimesq
Copy link
Author

There are others I cant remember

@filips123
Copy link

Ok, these are really some missing features.

I think that best way to support other languages would be to use WebAssembly (WASM) or WebAssemby System Interface (WASI).

With that, you would be able to run every language that can compiles to WASM in portable and secure way. With WASI, you would even be able to interact with system resources (like files) in secure way. Unfortunantly, WASI is still in proces of developing so some things are currently not implemented. But in (near?) future, it could be best way to do those things.

There is Python library for executing WebAssembly binaries. This would probably be best way to do this.

@krixano
Copy link

krixano commented May 13, 2019

This plugin is called BackgroundProcessing because it allows running things in the background without having to have a browser open. It allows for lots of very useful things, but most users don't need it right now. Also, it actually does go through the code to restrict things.

@filips123
Copy link

This plugin is called BackgroundProcessing

You can run WebAssembly in the background with Python library.

Also, it actually does go through the code to restrict things.

I saw that. But if NodeJs would just be started as another command (which this blog post does) it would not be restricted.

@krixano
Copy link

krixano commented May 14, 2019
edited

But if NodeJs would just be started as another command (which this blog post does) it would not be restricted.

Sure, if this allowed running separate commands - but afaik it doesn't - you can't import anything you want - BackgroundProcessing only allows a whitelist of things you can import.

@purplesyringa
Copy link
Collaborator

BackgroundProcessing was created as a plugin aimed at security. Its point is to whitelist as much as possible to make sure site owner can't break anything except his site.

What are that advanced features that require NodeJs?

Mostly, NodeJs runtime. Also modules support (i.e. require)

And why not support PHP? This would directly support "advanced features from PHP servers".

Because a. this plugin works by compiling Python code into safe Python code, and b. the advanced features of PHP are mostly connected to client-server architecture, while we use P2P.

And also Python and other programming languages.

If you read the code, you would notice that Python is actually the only supported language for now. Other languages would be supported by transpiling them (and their runtime) to Python.

But this would be not secure. Even if users authorize this, they still don't know what code will run.

That's why BackgroundProcessing exists - it sandboxes the code.

And you can already do most of the things just with JavaScript and ZeroFrame API

You can't do anything in background from browser JavaScript.

And if you would need some other features, it would be better and safer to use WebAssemby System Interface which would allow the running program in any language on any computer, but with restricted access to the computer.

This is a good idea, but afaik wasi is not ready yet. Also we want the ZeroFrame API to be easy to use, which is easy to do in Python but difficult to do if ZeroFrame has to be implemented via syscalls.

But PHP has improved a lot, and it is still widely used. If we really want to support running additional languages, it would be better to use something that supports multiple (like WebAssembly). But it is better to improve ZeroFrame API.

ZeroFrame is a small piece that glues UiWebsocket and the script together. So there's nothing to improve in this glue. Can you give an example of what you're talking about so that I could understand it?

Generation of images

...what? First, this is not something that servers do, it's what cgi scripts do. Second, the ZeroNet way is to do such stuff in client. And, personally, I don't see any problems with this.

Real Time Clock, like used on Windows

a. What is realtime clock at all? b. That's definitely not something that servers support themselves, c. Don't you have access to date and time from JavaScript?

Live media streamming

This is a problem, but it is a problem of ZeroNet core, not its everything-in-browser architecture.

This plugin is called BackgroundProcessing because it allows running things in the background without having to have a browser open. It allows for lots of very useful things, but most users don't need it right now. Also, it actually does go through the code to restrict things.

Thank god someone witn decent knowledge came to this issue.

You can run WebAssembly in the background with Python library

Currently, background scripts are compiled directly into python bytecode. WebAssembly would be a lot slower.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@purplesyringa purplesyringa

Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@krixano @danimesq @purplesyringa @filips123